Privacy Policy & Terms of Use

Shelfmark, Inc Privacy Policy for Shelfmark Visual Inspection Platform

Please note that the Privacy Policy was last revised on June 6, 2025

  1. General

    Shelfmark, Inc ("we", "us", or "our") provides automated visual inspection of line-based manufactured products using computer vision and our platform-as-a-service. We are committed to protecting your privacy and complying with applicable data protection laws, in addition to compliance with the California Consumer Privacy Act (CCPA). This Privacy Policy applies to the Shelfmark web-based platform for Visual Inspection and its services ("Service"). By using the Service, you agree with Shelfmark's collection, use, and sharing of your personal information in accordance with the terms of this Privacy Policy. Please be aware that Shelfmark is always testing and improving our product and features. Some features discussed in this Privacy Policy may not be available to all users or in all jurisdictions

  2. Information We Collect

    When you use the Service, Shelfmark may collect the following personal information about you only when you provide it to us

    1. Account Information

      To use Shelfmark's platform, you or your company must provide your email address and name. We do not collect any sensitive personal data. We do not sell or share this data with or to any third parties. We also collect photos or videos of your manufactured products, uploaded by cameras for processing purposes. We do not sell this data to any third parties

    2. Activity Data & IP Addresses

      When you use the Service, we may generate data about your use of the Service, which may include your browser and device data, log data, and IP address

    3. Cookies

      We use cookies and similar technologies to improve the functionality and performance of our web application. This policy explains what cookies we use and how you can manage your choices


    Types of Cookies We Use

    • Strictly Necessary Cookies (no consent required). By default, we use cookies to store user session tokens and user time zone. These cookies are essential to: Keep you logged in; Maintain session security; Enable basic features like form submissions and page navigation. Without these cookies, the application will not function properly

    • Analytics Cookies (consent required in the EU). We use a third-party provider called Microsoft Clarity to collect anonymized scroll depth data, including: Pages viewed and time spent; Clicks, scroll depth, and mouse movements; User session IDs. This helps us improve the usability and design of our application. These cookies do not collect personal information like your name or email, photo images, or passwords. You can learn more here: https://privacy.microsoft.com/en-us/privacystatement.


    Managing Your Cookie Preferences

    You will be asked to acknowledge this Privacy Policy at first login. You may manage cookies via your browser or operating system

  3. Why We Collect Your Data

    We process your personal data for the following purposes:

    • To provide access to and operate the Shelfmark platform
    • To communicate with you (e.g., account-related notices such as updates or scheduled downtime)
    • To process uploaded photos or videos for the service's intended purpose
    • To ensure system integrity and improve user experience

    We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects

  4. How We Process Your Information

    Shelfmark may process your personal information according to the following legal bases: to provide products or services you request, to promote Shelfmark's legitimate interests, to comply with legal obligations, and with your consent. In particular, Shelfmark may process and share your personal information in the following ways:

    1. Providing and improving the Service

      By creating an account with Shelfmark, you acknowledge and agree that we may send you essential service-related communications. These may include notifications regarding software version updates, scheduled maintenance, security alerts, or other information necessary for the performance of our services. These communications are sent under the lawful basis of contractual necessity. As they are integral to the operation and maintenance of your account, you cannot opt out of these messages without closing your account

      SMS Communications: If you contact Customer Support, you may opt in for SMS or email communications or both. We collect your phone number or email address when you voluntarily provide them to us for the purpose of providing assistance by contacting Customer Support. Text messaging charges may be applied by your carrier. Users may opt out of SMS or email communications at any time by replying "UNSUBSCRIBE". Shelfmark does not engage in SMS marketing campaigns

      • Third Parties that help provide the Messaging Service: We will not share your opt-in to exchange SMS messages with a third party for purposes unrelated to supporting you in the use of our service. We may share your personal data with third parties that help us provide the messaging service, including but not limited to platform providers, phone companies, or other vendors who assist us in the delivery of text messages. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

      We collect images uploaded by users for the purpose of detecting specific defects or patterns. These images may include metadata such as timestamps and file names. The uploaded images are processed using AI models to detect specific features or objects. We use this data solely to provide the requested service and do not use it for training or improving our models unless users give explicit consent. Images are processed in real time and are not stored permanently on our servers. Temporary data is automatically archived after 30 days of upload. After 180 days of archival, data is permanently deleted. In the case that a customer requests data retrieval from the archives, the 180-day period resets. Only strictly necessary data is shared with third parties except in order to provide the service

      We store and process this data, which may be construed as personal information, using secure cloud infrastructure provided by Microsoft Azure. Azure is a trusted cloud service provider that offers enterprise-grade data protection measures and complies with leading security standards, including ISO 27001, SOC 2, and GDPR.


      We use Azure to host and store:

      • Customer account information
      • Collected photographic files
      • System logs and analytics

      All data stored in Azure is encrypted at rest and in transit, and access is restricted through role-based controls and authentication protocols. Microsoft acts as our subprocessor for these purposes and does not access or use your data except as needed to provide the hosting services.

      We retain full control over your personal information and have implemented additional safeguards to ensure compliance with the California Consumer Privacy Act (CCPA) and other applicable laws.

      You can learn more about Microsoft's privacy and security commitments at: https://www.microsoft.com/trust-center.

    2. Model training and improvement

      To provide our services, we process data supplied by our customers-such as images or videos-which may contain incidental personal information (e.g., faces) or which may be construed by some customers as personal information. This processing supports our AI systems, including annotation and labeling of data to train or improve computer vision models.

      We use third-party services to support this function, including:

      1. Labelbox: Labelbox is a secure third-party data labeling and management platform. We use it to:
        • Annotate customer-provided content for model training and validation
        • Track annotation progress and quality assurance
      2. Third-Party Labeling Vendors: We may also engage trusted third-party labeling teams, who access only the data necessary to complete labeling tasks assigned within the Labelbox environment. These parties are:
        • Contractually bound as service providers
        • Required to follow strict confidentiality and data protection obligations
        • Restricted from using or disclosing the data for any other purpose

      All subprocessors, including Labelbox and external labeling teams, are vetted and subject to data processing agreements consistent with the California Consumer Privacy Act (CCPA) and other applicable laws.

      Data is retained only for as long as necessary to fulfill the labeling and model development purpose, unless otherwise required by contract or law. We do not sell this data. We only share data with subprocessors who act as service providers, solely for the purpose of delivering our services under contract. To the extent that any photographic files, which are generally not considered to be personal information, are shared with Labelbox, Inc. or other subprocessors, such parties are engaged as "Service Providers" as defined by the California Consumer Privacy Act (CCPA), and shall not:

      • Retain, use, or disclose personal information for any purpose other than to perform the Services specified in the Agreement or as otherwise permitted by law
      • Sell or share personal information
      • Combine personal information received from the Controller with other data unless explicitly allowed

    3. Complying with law and preventing harmful activities

      Shelfmark may process and share personal information if necessary to comply with legal requests, such as subpoenas or court orders. Shelfmark may share personal information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity, to assist law enforcement, or to prevent imminent harm. This may include sharing information with other companies, lawyers, agents, or government agencies

    4. Marketing communications

      We do not send marketing emails without your explicit consent

  5. Your Data Subject Rights

    You also have the following rights in relation to the personal information we hold about you, in addition to any other rights required by applicable law

    • Know what personal information we have collected about you
    • Access a copy of the personal information that we hold about you
    • Know what personal information about you we have shared with third parties
    • Not be discriminated against for exercising your data subject rights
    • Request that we delete any personal information we have collected from you
    • Request that we correct any inaccurate personal information about you
    • Request your data in a portable format
    • Withdraw any consent you previously gave us to process your personal information
    • Delete your Shelfmark account by requesting via your Company Account Administrator

    You may update or correct your Account Information on your Settings page. You may request to access or erase your personal information or make other privacy-related requests by emailing help@shelfmark.com.

    Please note that these rights are not absolute and Shelfmark may refuse requests to exercise data subject rights if there is a legitimate reason, such as if we cannot authenticate your identity, if the request could violate the rights of a third party or applicable law, or if the request could interfere with a Shelfmark service or prevent us from delivering a service you requested

  6. Data Retention

    Shelfmark will generally retain your personal information until your account is deleted. However, we may retain certain information longer if necessary to provide our Service, defend our legitimate interests or those of third parties, comply with legal requirements, resolve or defend ourselves in disputes, investigate misuse or disruption of the Service, or perform agreements. We may also retain anonymous data indefinitely.

    In general,

    • Email and name are stored as long as your account is active or as needed to provide the service
    • Photos or videos are stored temporarily and are automatically deleted after that period unless otherwise specified

  7. Data Sharing

    We do not sell your data or share it with third parties for advertising purposes. We may share data only with trusted service providers who process it on our behalf and under strict data protection agreements

  8. Do Not Track

    The Service is not designed to respond to "do not track" signals sent by some browsers

  9. Privacy Policy Updates

    We may update our Privacy Policy to reflect changes to our information practices. If we do this and the changes are material, we will post a notice that we have made changes to this Privacy Policy on the Platform for at least seven (7) days before the changes are made, and we will indicate the date these terms were last revised at the bottom of the Privacy Policy. Any revisions to this Privacy Policy will become effective at the end of that seven (7) day period

  10. Data Transfer

    Shelfmark is based in the United States and processes data in the United States, which may not provide equivalent levels of data protection as your home jurisdiction. Shelfmark may transfer the data of users outside the United States to the United States

  11. Data Security

    We implement industry-standard technical and organizational measures to protect your personal data, including encryption and access controls. In the case of a breach of data, users will be notified within 72 hours

  12. Contact Us

    If you have questions or wish to exercise your rights, please contact us at

    If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority

This privacy policy was updated: 6/6/2025