Service Technology Brands Retailers Careers About Us
Resources
BlogCase StudiesVideosPress
Log In
Trust Center · Security

Security By Design.

ShelfOptix protects retailer and brand data at every layer of the platform — from the robots that capture imagery, to the analytics pipeline that processes it, to the OptixHub dashboard that surfaces insights. Security isn't an add-on. It's how we built it.

Practice Highlights

How We Protect Your Data.

Five engineering and operational practices that keep ShelfOptix data and operations protected end to end.

01

Secure Encryption

All data is encrypted in transit and at rest. TLS 1.2+ secures every connection between robots, analytics pipelines, and the OptixHub dashboard, and AES-256 protects data on every storage volume.

02

Privacy-First Architecture

The platform is engineered for data minimization. We collect only what's needed to deliver shelf intelligence, segregate client data by tenant, and never use one client's imagery or analytics to train models for another.

03

US-Based Cloud

All ShelfOptix data is hosted and processed in US-based cloud regions on enterprise-grade infrastructure with redundant availability zones, automated backups, and disaster recovery built in.

04

Strict Access Control

Role-based access control (RBAC) governs every dashboard, dataset, and admin function. Users see only what their role authorizes, all access is logged, and SSO and MFA are supported for client identity providers.

05

Automatic Face Blurring

Every image captured by a ShelfOptix robot is processed through automatic face-blurring before it ever reaches the dashboard or storage tier. We do not capture, store, or process biometric identifiers of any kind.

Operational Security

Built for Enterprise Retail.

  • Continuous monitoring. Production environments are monitored 24/7 for anomalous behavior, with alerting routed to our security team.
  • Vulnerability management. We scan our dependencies and infrastructure on an ongoing basis and patch on a defined SLA based on severity.
  • Vendor diligence. Every sub-processor that touches client data is reviewed against our security and privacy criteria before onboarding.
  • Incident response. A documented incident response plan governs detection, containment, notification, and post-incident review.
  • Secure development. Code is peer-reviewed, dependencies are pinned and audited, and changes are tested in staging environments before production deploy.
  • Backup and recovery. Critical data is backed up on a defined schedule with periodic restore testing to validate recoverability.

Need Documentation?

Customers and prospective customers can request our SOC 2 Type II report, security questionnaires, sub-processor list, and other compliance documentation through our Trust Center portal or by contacting [email protected].

Responsible Disclosure

Report a Security Issue

If you believe you've found a security vulnerability in ShelfOptix, we want to hear from you. Please contact our security team directly — we'll acknowledge receipt and partner with you on responsible disclosure.

[email protected]
Get in Touch
Start Your Journey
to Shelf Truth.

ShelfOptix™ is committed to protecting your privacy. We'll only use your personal information to administer your account and provide the products and services you requested. From time to time we would like to contact you about our products and services. You can unsubscribe at any time. See our Privacy Policy.

Your information is encrypted and never sold to third parties.

Message Sent!

Thanks for reaching out. A member of the ShelfOptix™ team will be in touch with you right away.