SolisCloud Cybersecurity (GDPR)

Introduction

At Solis (Ginlong Technologies), securing your renewable energy data is as fundamental to our mission as maximizing your solar yield. As solar energy monitoring systems become more advanced, protecting user information and operational infrastructure requires world-class defense mechanisms.

To ensure the highest tier of data protection, Solis has successfully updated its data privacy and cybersecurity certification for the SolisCloud Monitoring System, SolisCloud APP, and Cloud service APIs through the premier independent testing organization, TÜV Rheinland.

• Certificate Number: CG 50732831 0001

  
  

• Evaluation Standards: Certified according to the Protected Privacy IoT Service framework (2 PfG CH 0003/10.19).

  
  

• Validity Period: Issued on June 15, 2026, and valid through June 15, 2029.

  
  

This certification confirms that SolisCloud satisfies the rigorous legal, technical, and management benchmarks required to meet European cybersecurity standards.

What is GDPR? 

For our homeowners, commercial operators, and installation partners across the United States and Canada, "GDPR" is a term that may not be a household name.

GDPR stands for the General Data Protection Regulation. Implemented by the European Union (EU), it is widely recognized as the toughest, most comprehensive data privacy and security law in the world.

Rather than simply reacting after a data breach happens, GDPR requires companies to practice "Privacy by Design."This means security and privacy features are engineered directly into the software from the very first line of code. Core principles include:

• Data Minimization: Companies can only collect the absolute minimum amount of data required to deliver the service (such as inverter performance data).

• Transparency and Control: Users have explicit ownership over their data, including the right to know exactly how it is used and the right to have it completely deleted upon request.

• Technical Safeguards: Systems must pass exhaustive technical verification, encryption reviews, and operational management assessments.

  ---

  
  

Navigating the US and Canadian Landscape

A common question we receive from our North American partners is: “Why isn't there a specific cybersecurity certificate listed for the United States or Canada?”

The answer is straightforward: A singular, comprehensive federal standard equivalent to GDPR does not yet exist in the US or Canada.

• The United States Patchwork: The US does not have one blanket federal law governing consumer data privacy or IoT cloud platform security. Instead, it relies on a shifting patchwork of state-level regulations (such as the California Consumer Privacy Act, or CCPA) and industry-specific rules. Because there is no single federal compliance certificate for solar monitoring platforms, there is no direct "US Certificate" to apply for.

• The Canadian Framework: Canada utilizes the Personal Information Protection and Electronic Documents Act (PIPEDA), along with specific provincial laws. While these enforce strict rules around data consent, they do not provide a unified, standardized third-party IoT cybersecurity certification scheme similar to the European model.

Global Protection, Regardless of Geography

Because Solis operates a unified global monitoring ecosystem, we apply our strict GDPR-compliant security controls to all SolisCloud accounts universally—including those in the US and Canada.

By building the SolisCloud infrastructure to satisfy TÜV Rheinland’s Protected Privacy IoT Service Catalogue of Requirements, our North American customers automatically benefit from premium global safeguards. Every account benefits from the exact same rigorous data isolation, legal compliance verification, and high-quality technical testing required to clear the EU's high regulatory hurdles.

At Solis, we believe that top-tier cybersecurity shouldn't depend on where you live. Your solar data remains locked down, private, and secure.