Security & IT Information

Product Overview

The Branch plugin is a drafting automation tool that runs as an AutoCAD plugin on Windows workstations. It automates solar construction document drafting placing strings, routing homeruns, calculating circuit lengths, and generating tags.

What the Plugin Does

• Runs locally within Autodesk AutoCAD (requires user's AutoCAD license)
• Automates solar stringing with voltage window compliance
• Routes homeruns and calculates circuit/cable lengths
• Generates tags and labels directly in AutoCAD drawings
• Imports SolarEdge Designer PDFs for CAD-ready conversion
• Stores design data in standard AutoCAD DWG files (user-controlled)

What Data Leaves the Machine

Important: Project DWG files remain on the user's machine in normal operation. The only way a DWG leaves the machine is if the user explicitly opts in via the bug-report dialog (the checkbox to attach a DWG is unchecked by default). The Solar String Design Solver receives an abstracted 2D grid representation of the panel layout, not the DWG itself, with no project metadata, no project location, and no title-block content. A live, public demonstration of the solver is at leafautomation.ai/demo and lets reviewers see exactly what the solver receives and returns; no login is required.

Ownership of Customer Data

Section 4.2 of the Branch End User License Agreement addresses this directly. As between Leaf Automation and the customer, the customer retains all right, title, and interest in the AutoCAD drawings and project data the customer uses with the plugin ("Customer Input") and in the design outputs the plugin generates from Customer Input ("Customer Output"). Leaf Automation claims no ownership of either, and uses Customer Input only to operate the plugin for the customer's benefit, to provide support, and for the limited training-data uses described in our privacy policy.

Engineer of Record

Section 3 of the EULA addresses this directly. The plugin is "intended solely for use by qualified engineering professionals" and the EULA requires that "ALL OUTPUTS MUST BE INDEPENDENTLY VERIFIED BY A LICENSED PROFESSIONAL ENGINEER BEFORE USE IN ANY PROJECT." Branch is drafting automation, not engineering. Leaf Automation does not produce stamped, permit-ready, or otherwise certified electrical designs, makes no representations as to the correctness, code-compliance, or constructibility of any output the plugin generates, and is not the Engineer of Record for any project on which Branch is used. The Licensee is solely responsible for ensuring all designs comply with applicable codes and standards (including NEC Article 690), obtaining required PE stamps and certifications, conducting on-site verification, and making all final engineering decisions. All liability for the resulting design sits with the human EOR.

Authentication & Access Control

Authentication Flow

1. User clicks login in plugin
2. System browser opens to Auth0 login page
3. User authenticates via Auth0
4. Auth0 redirects to localhost callback with authorization code
5. Plugin exchanges code for access token using PKCE code verifier
6. Access token used for API calls during session

Data Handling

Local Data Storage

Encryption

Telemetry & Analytics

The plugin collects usage telemetry to improve the product. Each event carries: a session id (per-process GUID), the plugin/OS/AutoCAD version, the Auth0-issued user id (or Windows username if not logged in), the user's email, and the filename of the currently open drawing (the full path is one-way hashed for privacy). Event-specific fields add: the command name (for command-execution events), the form name (for page-view events), or the exception type and stack trace (for error events). A complete event catalog is available on request.

Telemetry is transmitted to a Google Cloud Function in us-central1 and written to BigQuery. During the Early Access period telemetry is retained indefinitely so the team can work through the issue and feature backlog. After general availability, a 90-day rolling partition expiration will be applied.

Telemetry collection is mandatory during the Early Access trial period and is not user-configurable. The plugin source code already supports three telemetry privacy modes ("Full", "Errors", "Off"), but the runtime is fixed at "Full" during Early Access. At general availability the three modes will be exposed in the plugin settings UI:

• Full: all events sent with full diagnostic detail.
• Errors: only command-execution, exceptions, errors, and lifecycle events; page-view tracking dropped.
• Off: every event still fires (so licensed use can be confirmed for billing) but the payload is stripped to just event-type, irreversible SHA256 hash of the user id, session id, and plugin version. No drawing info, no email, no stack traces, no command names.

Network & External APIs

External Connections

All external communications use HTTPS / TLS 1.2 or higher. There are no HTTP-only endpoints. Certificate validation uses the Windows certificate store with no custom bypasses or pinning overrides.

Firewall Requirements

The plugin requires outbound HTTPS (TCP 443) access to:

• *.auth0.com
• api.leafdesign.ai
• us-central1-branch-api-466316.cloudfunctions.net
• *.run.app (Cloud Run / Cloud Functions Gen 2)
• api.github.com
• formspree.io (only required if users will submit bug reports)

No inbound ports are required. The plugin uses a transient localhost callback on port 8080 only during the OAuth login flow, bound to 127.0.0.1 only and closed immediately after the authorization code exchange.

Compliance & Security Review

Most Recent Review

A complete source-code security review was conducted in April 2026 covering all network egress, data persistence, authentication, third-party dependencies, and bug-report data flows. The review drove a hardening pass that produced this version of the security documentation.

Subprocessor Certifications

Leaf Automation does not currently hold direct certifications. We rely on certified subprocessors for sensitive infrastructure:

• Auth0 (Okta): SOC 2 Type II, ISO 27001, GDPR
• Google Cloud Platform: SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, FedRAMP, HIPAA-eligible. Hosts the Branch API gateway for all cloud-side calculation features (Solar String Design Solver, k-means, inverter placement, geocoding proxy, ASHRAE/NSRDB weather data) and the telemetry pipeline.
• Neon: SOC 2 Type II. Serverless Postgres for EULA acceptance records and license/subscription state.
• Cloudflare: SOC 2 Type II, ISO 27001. TLS termination and DDoS protection in front of api.leafdesign.ai.
• Namecheap: SOC 2 hosting. US datacenter for api.leafdesign.ai origin.
• Vercel: SOC 2 Type II, ISO 27001. Marketing website hosting.
• Formspree: SOC 2 Type II. Bug-report relay.
• Stripe: PCI DSS Level 1, SOC 1/2 Type II. Payment processing for subscription billing. Stripe is named in our EULA as the payment processor and will be the billing subprocessor at general availability. There is no live Stripe integration during the Early Access trial period.

Current Limitations (Early Access)

The following items are tracked and being addressed:

Downloads

Security Contact