Last Updated: 07/31/2024
Netzero Labs is committed to ensuring the security and privacy of its users when interacting with the Netzero app. This security policy outlines the measures implemented to safeguard user data and maintain the integrity of the application.
User Credentials: Netzero does not store or handle user credentials (username and password) for Tesla or Enphase accounts. These credentials are exclusively managed by the respective service providers. Netzero only receives API tokens generated by Tesla or Enphase, which are associated with limited permissions determined by the user's settings on the provider's platform.
Least Privilege: Netzero app only requests and utilizes permissions necessary for its functionality. Access to user data is strictly limited to the requirements of the application's features, ensuring the principle of least privilege.
API Tokens: User API tokens obtained from Tesla or Enphase are encrypted in transit and at rest. Encryption protocols are implemented to protect the confidentiality and integrity of API tokens during transmission and storage.
Storage: API tokens stored on user devices are using platform-specific mechanisms:
Official APIs: Netzero utilizes official APIs provided by Tesla or Enphase. These APIs adhere to industry-standard security practices and protocols.
Token Management: Users have the ability to revoke API tokens issued to Netzero at any time through the respective Tesla or Enphase platforms. Netzero does not retain the capability to access user data once API tokens are revoked.
Incident Reporting: Users are encouraged to report any security incidents or concerns related to the Netzero app promptly to security@netzero.energy.
Response Protocol: In the event of a security incident, Netzero Labs will promptly investigate, mitigate, and respond to the incident according to established incident response protocols.
Netzero is dedicated to ensuring the security and privacy of its users' data. By adhering to stringent security measures, employing encryption protocols, and maintaining compliance with relevant regulations, Netzero strives to provide a safe and reliable experience for its users.
This security policy is subject to periodic review and updates to reflect evolving security requirements and best practices.