Privacy Policy
Last updated: 10 June 2026
This Privacy Policy explains how Solar Sentry collects, uses, shares, and protects your information when you use the service at www.solarsentry.ca. It applies to all visitors and customers.
Note for review: Solar Sentry is currently operated by Darren Brost as a sole proprietorship. If we incorporate or register a trade name, this document will be updated to name the new entity.
1. Who we are
Solar Sentry is operated by Darren Brost, a sole proprietor based in Calgary, Alberta, Canada. For the purposes of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA), Darren Brost is the data controller.
Contact us about privacy:
- Privacy requests: privacy@solarsentry.ca
- Legal correspondence: legal@solarsentry.ca
- Mailing address: 222 Panamount Landing NW, Calgary, Alberta T3K 0H7, Canada
2. What we collect and why
2.1 Account information
| Data | Why we collect it |
|---|---|
| Email address | To create your account, sign you in, send alerts, daily summaries, and account notices. |
| Password (hashed) | To authenticate you. We store only a one-way hash (bcrypt); we never see your plaintext password. |
| IP address and login timestamps | For security audit logging (e.g., detecting unauthorized access). |
| Login session cookie | To keep you signed in across pages on the site. |
2.2 APsystems integration data
| Data | Why we collect it |
|---|---|
| APsystems App Id and App Secret | To pull status, production, and per-panel data from APsystems' OpenAPI on your behalf. These credentials are encrypted at rest using AES-256 with a key held only by Solar Sentry's infrastructure. |
| System identifiers (sid), capacity, inverter / ECU IDs | To identify your installation in APsystems' API and render your dashboard. |
| Optional latitude and longitude | To fetch local weather (sunlight, cloud cover, sunrise/sunset) so we can chart actual production against available sunlight. You can leave this blank. |
2.3 Production data
The service records what your panels report: per-minute power output, daily energy totals, status check results, and panel-level health checks. This data is the whole point of the product and is shown only to you and any account members you've added.
2.4 Payment information
When you subscribe, payment is handled by Stripe. Solar Sentry receives a customer ID, the subscription tier you chose, and the result of each payment attempt. We never see, store, or transmit your card number or CVC — that information goes directly from your browser to Stripe through their secure form.
3. Who we share data with
We share data only with the third-party services that are necessary to deliver the product. Each is listed below with what's shared and why.
| Service | What we share | Why |
|---|---|---|
| APsystems (apsystems.com) | Your App Id, App Secret, and system identifiers, on every API call we make on your behalf. | To pull the production data you signed up to monitor. |
| Amazon Web Services (Canada / US) | All Solar Sentry data is hosted on AWS (RDS Postgres for the database; ECS Fargate for the application; S3 for backups). Region: us-east-1 (Northern Virginia, USA). | Hosting and infrastructure. AWS is a sub-processor under standard data-processing terms. |
| Resend (resend.com) | Your email address and the contents of any email we send you (alerts, daily summaries, account messages). | To deliver outbound email from @solarsentry.ca. |
| Stripe (stripe.com) | Your email address, the subscription tier you chose, payment events. Card numbers go directly to Stripe, not through us. | To bill you for paid subscriptions. |
| Open-Meteo (open-meteo.com) | Your system's latitude and longitude (if set). | To fetch weather forecasts and historical sun-radiation data that we chart against your production. |
| ImprovMX (improvmx.com) | Incoming email metadata if you write to @solarsentry.ca. | To forward inbound mail to our team Gmail. |
We don't sell, rent, or otherwise transfer your personal information to anyone for advertising or marketing purposes. We don't share data with anyone else except as described here, or where required by law (subpoena, court order, etc.).
4. How we protect your data
- All connections to the site use HTTPS (TLS 1.2+).
- APsystems credentials are encrypted at rest with AES-256.
- Database backups are encrypted snapshots in AWS RDS.
- Passwords are stored as bcrypt hashes, never plaintext.
- Application code requires authentication for every page that exposes account data.
- Access to production systems is restricted to Darren Brost.
No system is perfectly secure. If we ever experience a security incident affecting your data, we'll notify affected users by email within a reasonable timeframe and (where required) report the incident to the Office of the Privacy Commissioner of Canada in accordance with PIPEDA.
5. How long we keep your data
We keep your data for as long as your account is active. If you cancel your subscription or stop using the service, we keep your data until you ask us to delete it — that way, if you decide to come back, your history is intact.
To request deletion, email privacy@solarsentry.ca from the email address on your account. We will permanently delete your personal data within 30 days, except for any records we're legally required to retain (e.g., invoices for tax purposes, which Canadian law requires us to keep for six years).
6. Your rights
You have the following rights regarding your personal information:
- Access: request a copy of the data we hold about you.
- Correction: request that we fix inaccurate or incomplete information.
- Deletion: request that we delete your data (see Section 5).
- Portability: request your data in a machine-readable format.
- Withdrawal of consent: stop the service from processing your data at any time by closing your account.
- Complaint: file a complaint with the Office of the Privacy Commissioner of Canada if you believe we've handled your data improperly.
To exercise any of these rights, email privacy@solarsentry.ca. We'll respond within 30 days.
7. Cookies and similar technologies
We use a single session cookie to keep you signed in. We don't use third-party analytics, tracking pixels, advertising cookies, or any cross-site tracking. The cookie is set when you log in and removed when you log out.
8. International transfers
Your data is stored on Amazon Web Services in the United States (us-east-1, Northern Virginia). By using the service, you acknowledge that your data is transferred to and processed in the United States. Stripe also processes your data in the United States. We do not currently use any service that processes data in jurisdictions outside Canada or the United States.
9. Children's data
Solar Sentry is not directed at children under 13, and we don't knowingly collect data from children under 13. If you believe we've inadvertently collected such data, contact us at privacy@solarsentry.ca and we'll delete it.
10. Changes to this policy
We may update this policy from time to time. We'll post the new version here and update the "Last updated" date at the top. If changes are material (e.g., we add a new third-party data processor), we'll send a notice to the email address on your account at least 14 days before the change takes effect.
11. Contact
Questions about privacy: privacy@solarsentry.ca
Legal correspondence: legal@solarsentry.ca
Mailing address: 222 Panamount Landing NW, Calgary, Alberta T3K 0H7, Canada