If social media has taught us anything, it’s that we all produce data online. This extends to your solar businesses as well – and not just in your advertising, it’s also in your solar design tool.

It’s important to understand just what kind of data is being collected because that way you’ll realise how important it is to protect it and keep it safe. Just think for a second about what information you use on a day-to-day basis.

All of your customers’ information, who your suppliers are, the areas you service, are all pieces of information about your business that you wouldn’t tell someone in a conversation at the pub. So why would you leave that information unprotected?

How to keep your accounts secure

Choosing a design tool that prioritises security is a must. The best place to start is with your password and login. It goes without saying you should use a unique password every time you create one.

We understand that remembering different passwords for every service can be nearly impossible. That is why, we recommend using a Password Manager. These tools securely store all your unique passwords, so you don’t have to remember them all. They can also generate strong, randomised passwords for each of your accounts, dramatically reducing the risk of password reuse or weak credentials. Popular options include 1Password, Bitwarden and LastPass.

The next step up from that is to use Two Factor Authentication or Multi-Factor Authentication (2FA or MFA). This is where you use an ID like a username or an email address and a password, and then you get an additional code. That code could come through a text message (not recommended) or email with a unique pin number, or through an Authenticator App (recommended) like Google or Microsoft Authenticator.

API Keys

API keys are like passwords for your software systems—treat them with the same level of care. They allow your apps and integrations to communicate with each other, often with access to sensitive data or critical system functionality. If your API keys are leaked, they can be used by bad actors to impersonate your systems, access private information, or manipulate data.

Here’s how to keep them secure:

• Never share your API keys publicly. This includes in support forums, or screenshots.

• Regenerate keys regularly, especially if you suspect they may have been compromised.

• Limit scopes and permissions. Generate keys with only the permissions needed for their specific task.

• Monitor usage. Watch for unusual activity or access patterns to catch potential misuse early. And delete unused keys.

If you’re using Pylon integrations, you can revoke and regenerate your keys at any time.

Other Security Tips

• Don’t share your account credentials with anyone—even within your organisation. Each team member should have their own login so that access can be tracked and managed securely. With Pylon, you can have unlimited users in your team at no extra cost, so there’s no reason to share logins.

• Limit User Access: Ensure only necessary personnel have access to sensitive data by setting role-based permissions. Periodically remove unncessary personnel from your team.

• Keep Software Updated: Regular updates to your operating system and business tools can patch known security vulnerabilities.

• Back Up Your Data: Regular backups—stored securely—help protect your business from data loss or ransomware attacks.

• Educate Your Team: Train your staff to recognise phishing attempts and handle data responsibly. Don’t click on links sent via emails without verifying their authenticity. Look out for suspicious email addresses, grammar mistakes, or unexpected attachments. Encourage your team to report suspicious emails, and consider implementing a company policy for how to handle them.

Data sharing and privacy

One tricky step to look out for is whether or not your business tools are sharing your data with other organisations. A good example of this is social media. Your activity on Facebook is a type of data that is indirectly sold to advertisers, and that’s how you get ads. This doesn’t necessarily mean your data is being given to the advertisers, but that they have the ability to target who sees their ads.

Selling data on activity to advertisers is one of the most common ways data is shared. Everyone is aware of ads, but what’s more concerning is just how much information they have on you to make sure you’re getting an ad for something you’re actually pretty likely to buy once you’ve seen it.

Another way your data could be compromised could be through the parent company of the “free” tool you’re using. Many companies will create cheap or free side products that broaden their customer base. In a solar installation setting, this could be a solar panel or inverter manufacturer creating a solar design tool.

A common concern in this type of situation is that the data you input into your design tool may reveal information the panel manufacturing parent company finds extremely valuable. In this example, your proposal will show what materials and models of panels you’re using, as well as what profit margin you’re adding.

Choose independent tools that prioritise your interests

Pylon doesn’t have ads, we don’t sell user data to advertisers, and we aren’t owned by a manufacturer. Pylon has always been an installer-focused platform. We build features that are requested by you, retailers and installers, no third-party interests. That means we do have to charge for our premium features, but given they’ve been built with the needs of installers in mind, they’re worth paying for.

Here’s what one solar installer had to say about Pylon:

“Most important thing about it, is the guys listen. Today they released a new update which included everything we had requested them to do.”