Privacy Policy

Information We Collect

We collect various types of information in connection with the Platform. The categories of information we collect include:

1.1 Account Information

When you register for an account or use our Platform, we collect:

• Name, email address, and contact information
• Company name, job title, and business address
• Username, password, and account credentials
• Billing and payment information (processed by secure third-party payment processors)

1.2 Retail Data

Through our robotic scanning and analytics services, we process:

• Product shelf images and scan data
• Product pricing information and compliance data
• On-shelf availability (OSA) metrics
• Inventory levels and phantom inventory indicators
• Planogram compliance data
• Store location and aisle mapping information
• Sales data and performance metrics provided by clients
• New item launch data and distribution metrics

1.3 Usage Information

We automatically collect information about how you interact with the Platform:

• Log data (IP address, browser type, device information, operating system)
• Access times, pages viewed, and features used
• Dashboard interactions and report generation activity
• API usage data and query patterns
• Error logs and performance data

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain session state, remember preferences, analyze usage patterns, and enhance Platform functionality. For more information, see Section 7.

How We Collect Information

We collect information through the following methods:

2.1 Direct Collection

• Information you provide when creating an account or contacting us
• Data uploaded or transmitted through the Platform
• Communications with our support team
• Survey responses and feedback

2.2 Automated Collection

• Robotic shelf-scanning equipment deployed in retail locations
• Server logs and analytics tools
• Cookies and similar tracking technologies
• API integrations with client systems

2.3 Third-Party Sources

• Data feeds from retail partners and clients
• Integration partners (e.g., Brain Corp robotic platforms)
• Business information providers for account verification

How We Use Your Information

We use the information we collect for the following purposes:

Data Sharing & Disclosure

We are committed to protecting the confidentiality of your data. We may share information only in the following circumstances:

4.1 With Your Consent

We may share information when you provide explicit consent or direct us to do so.

4.2 Service Providers

We engage trusted third-party service providers who assist in operating the Platform, subject to strict confidentiality agreements. These include:

• Cloud infrastructure providers (Google Cloud Platform)
• Data processing and analytics services
• Payment processors
• Customer support tools
• Robotic platform partners (Brain Corp)

4.3 Business Partners

With client authorization, we may share relevant analytics data with designated retail partners or stakeholders as specified in service agreements.

4.4 Legal Requirements

We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to:

• Comply with applicable laws or regulations
• Protect the rights, property, or safety of ShelfOptix, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such transfer and any choices you may have.

Data Security

We implement comprehensive security measures to protect your information and the sensitive retail data processed through our Platform.

5.1 Technical Safeguards

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) with principle of least privilege
• Authentication: Multi-factor authentication (MFA) available for all accounts
• Network Security: Firewalls, intrusion detection/prevention systems, and DDoS protection
• Monitoring: 24/7 security monitoring and automated threat detection
• Audit Logging: Comprehensive logging of all data access and system activities

5.2 Administrative Safeguards

• Background checks for employees with data access
• Regular security awareness training
• Strict confidentiality agreements for all personnel
• Documented security policies and procedures
• Incident response and breach notification procedures

5.3 Physical Safeguards

• Data hosted in SOC 2 Type II certified data centers
• Physical access controls and surveillance
• Environmental controls and redundant systems

5.4 Data Download & Export Controls

To protect sensitive retail data:

• Data export and download capabilities are controlled by user permissions
• All data exports are logged and auditable
• Bulk data downloads require administrative approval
• Watermarking and tracking may be applied to exported data

5.5 Breach Response

In the event of a data breach, we will:

• Promptly investigate and contain the incident
• Notify affected parties in accordance with applicable laws and contractual obligations
• Implement remediation measures to prevent recurrence
• Cooperate with relevant authorities as required

Data Retention

We retain information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

• Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes
• Retail Analytics Data: Retained in accordance with client service agreements, typically 24-36 months for active analytics
• Usage Logs: Retained for 12 months for security and analytics purposes
• Audit Logs: Retained for 7 years for compliance purposes

6.2 Data Deletion

Upon account termination or at your request (subject to legal and contractual obligations), we will delete or anonymize your personal information within a reasonable timeframe. Client retail data will be handled in accordance with the applicable service agreement.

Third-Party Services

7.1 Cookies and Tracking

We use the following types of cookies and tracking technologies:

• Essential Cookies: Required for Platform functionality, authentication, and security
• Analytics Cookies: Help us understand how users interact with the Platform
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.

7.2 Third-Party Integrations

The Platform may integrate with third-party services. These services have their own privacy policies, and we encourage you to review them. Third-party integrations may include:

• Cloud infrastructure services (Google Cloud Platform)
• Business intelligence tools (Looker)
• Robotic platform services (Brain Corp)
• Authentication providers

7.3 Links to Other Websites

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

Your Rights & Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

8.1 Access and Portability

You may request access to the personal information we hold about you and receive it in a portable format.

8.2 Correction

You may request that we correct inaccurate or incomplete personal information.

8.3 Deletion

You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing service requirements).

8.4 Restriction and Objection

You may request that we restrict processing of your information or object to certain processing activities.

8.5 Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

8.6 Communication Preferences

You may opt out of promotional communications by following the unsubscribe instructions in our emails or contacting us directly. Note that you may still receive transactional and service-related communications.

8.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

International Data Transfers

ShelfOptix is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We implement appropriate safeguards for international data transfers, including:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with service providers
• Compliance with applicable data protection frameworks

By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions as described in this Policy.

Children's Privacy

The Platform is designed for business use and is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

If you believe we have inadvertently collected information from a child under 16, please contact us immediately using the information in Section 13.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

11.1 Right to Know

You may request information about the categories and specific pieces of personal information we have collected, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.

11.2 Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

11.3 Right to Correct

You may request correction of inaccurate personal information.

11.4 Right to Opt-Out

You have the right to opt out of the "sale" or "sharing" of personal information. Note that ShelfOptix does not sell personal information as defined under California law.

11.5 Right to Limit Sensitive Information Use

You may limit how we use sensitive personal information, if applicable.

11.6 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

11.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

To exercise your California privacy rights, please contact us using the information in Section 13.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy
• Notify you through the Platform interface or via email
• Provide a summary of key changes where appropriate

Your continued use of the Platform after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data subject access requests or to exercise your privacy rights, please email privacy@shelfoptix.com with "Privacy Request" in the subject line.