vistawatt Data Security Disclosure
Data we Collect
vistawatt collects data about our customers - typically businesses - such as their company name, address, solar installation, solar system generation, utility credentials, utility rates, meter billing information, energy generation, and usage.
Data transmission, storage, and security
vistawatt uses industry-best practices to securely transmit, process, and store our customers’ data at all times. All data access is highly secured both physically and electronically.
Data transmission by customer and authorized partners
All data transmitted by the customer or authorized partner from their web browser to vistawatt’s servers is protected by industry-standard SSL certification with SHA 256-bit RSA encryption. This encryption standard is indicated by the “S” (which stands for “Secure”) in “HTTPS” before the vistawatt URL and, in most modern web browsers, the presence of a padlock icon prior to that.
Data transmission by electric utility and solar monitoring companies
vistawatt is a trusted Green Button (website) partner of both Pacific Gas & Electric (PG&E) and Southern California Edison (SCE). The Green Button initiative is public-private initiative with a rigorous vetting process, standardized data guidelines, and strict security protocols.
vistawatt uses the Green Button API to receive customer utility data and a similar connection process to receive solar monitoring data – both of which use the same high-level SSL certification as the data traveling from a secure web browser.
Data storage and security
All customer data is stored in the leading cloud computing facility that is highly restricted, redundantly secure, and safeguarded 24 x 7 x 365.
Electronically, customer’s data is stored in production-grade databases secured by firewalls accessible only by privileged nodes with server access only via secure SHA 256 key based credentials that meet or exceed industry standards.
Customer credentials are subject to even higher security. Credentials are never transmitted or stored in clear-text. Prior to storage in the database, credentials are immediately encrypted using Advanced Encryption Standard (AES) – the standard developed by the NSA for top-secret information. When the credentials are used, they are decrypted and kept in ephemeral (very short-term) memory and deleted immediately after use.
