Cybersecurity GDPR

Technical Bulletin

January 23, 2026

Subject: SolisCloud Cybersecurity and Data Protection Overview
Bulletin Type: Informative
Audience: Utilities, AHJs, Installers, Service Partners, Distributors
Products Affected: SolisCloud, the online Solis monitoring platform
Firmware Version Required: N/A
Effective Date: Immediate

Purpose and Scope

This application note provides a high-level overview of the cybersecurity and data-protection measures implemented between Solis inverters and the SolisCloud monitoring platform.

The intent of this document is to support utility, regulator, and stakeholder reviews by describing the principles and controls used to protect data, restrict unauthorized access, and ensure secure operation of cloud-connected Solis inverter systems. This document does not disclose proprietary system architecture or sensitive security details.

SolisCloud Platform Overview

SolisCloud is Ginlong Technologies’ cloud-based monitoring and management platform for Solis photovoltaic and energy storage inverters. SolisCloud enables authorized users to monitor system performance, review operational status, and manage system configuration within defined access permissions.

SolisCloud supports residential, commercial, and utility-interconnected distributed energy resources while maintaining controls designed to protect data security and system integrity.

Regulatory and Certification Framework

SolisCloud has been independently certified by TÜV Rheinland as a Protected Privacy IoT Service under certification scheme 2 PfG CH 0003. This certification framework is based on security experience and best practices and includes assessment of legal compliance (including GDPR principles), technical security verification, and management processes.

The certification applies to the SolisCloud application and corresponding service URLs and confirms alignment with recognized data-protection and cybersecurity requirements. 

Secure Communication Between SolisCloud and Inverters

• Communication between Solis inverters and the SolisCloud platform is implemented using encrypted data transmission methods designed to protect data confidentiality and integrity during transfer.
• Authentication mechanisms are used to ensure that only authorized Solis devices can establish communication with SolisCloud services. These controls are intended to prevent unauthorized access, interception, or manipulation of system data during normal operation.

Access Control and Data Protection

Access to SolisCloud is governed by account authentication and role-based permission management. User access is restricted base

on assigned roles to ensure that only authorized individuals can view or modify system information.

Personal and system data processed within SolisCloud is handled in accordance with GDPR-aligned data-protection principles, including data minimization, purpose limitation, and protection against unauthorized disclosure or misuse.

Infrastructure and Operational Security

SolisCloud services are hosted within professionally managed data-center environments that implement industry-standard physical security, network security controls, system monitoring, and logging practices.

Operational security measures include ongoing monitoring, logging, and periodic security review activities intended to maintain platform reliability and resilience.

Remote Access and Control Limitations

Solis inverters do not permit unauthorized external control or firmware modification. Remote interactions via SolisCloud are limited to authenticated and authorized channels and are intended for monitoring, configuration, and maintenance purposes consistent with system design and regulatory requirements.

Continuous Improvement

Ginlong Technologies continuously reviews and improves SolisCloud cybersecurity and data-protection practices to align with evolving regulatory requirements, industry standards, and operational best practices.

References

• TÜV Rheinland Protected Privacy IoT Service Certification (SolisCloud)
• General Data Protection Regulation (EU) 2016/679