Solis is being built with security as a first-class concern, not an afterthought. Here's where we are today and what's on the roadmap before general availability.
The foundations we build every feature on top of.
All traffic between the Solis mobile app, web app, and our servers is encrypted with TLS 1.2+. No plaintext over the wire.
Databases and object storage are encrypted at rest using AES-256 via our cloud provider's managed keys.
Production access is restricted to a short list of engineers, gated by SSO with enforced two-factor authentication.
We do not sell, rent, or share your crew or job-site data with advertisers, data brokers, or any third party outside the sub-processors required to run the service.
We do not continuously track your crew. GPS is captured at the moment of check-in and check-out to verify presence, then stopped.
You can export your projects, photos, timesheets, and invoices at any time. Cancel your account and your data stays downloadable during the export window.
Work underway between here and general availability.
We are implementing the policies, evidence collection, and monitoring required for a SOC 2 audit. We have not yet completed an audit and make no claim of certification today.
Every account-level change (user added, role changed, data exported) is written to an immutable log available to the account owner.
Before general availability, we'll engage an independent firm for a full pen test and publish a summary of findings and remediations.
A public channel for security researchers to report issues with a documented response SLA.
If you believe you've discovered a security issue, reach us through the waitlist signup on our homepage. We take every report seriously and will respond within two business days.