Security

Infrastructure

• Production services run in reputable cloud regions with hardened network controls.
• Data is encrypted in transit using TLS and at rest using industry-standard encryption.
• Backups are taken regularly and tested for recoverability.

Application

• Authentication uses hashed passwords (bcrypt-family) and supports email verification.
• Role-based access control restricts what each authorised user can see and do inside the dashboard.
• Session and CSRF protections are enforced across all dashboard interactions.
• Dependencies are kept current through regular updates and vulnerability scanning.

Privacy by design

• The analytics pipeline is designed around aggregated visitor signals — counts, occupancy, mood/age trends — rather than individual identification.
• We do not store identifiable images of individual visitors.
• For full detail on what we collect and why, see the Privacy Policy.

Operational controls

• Production access is restricted to a small number of authorised engineers.
• Secrets are rotated and managed via secure storage; they are never embedded in source code.
• Logs and metrics are monitored for anomalies and failed sign-in attempts.
• Email is sent through a vetted transactional provider and is limited to account- and service-related messages, as described in our Privacy Policy and Terms of Service.

Reporting a vulnerability

If you believe you have found a security issue affecting Unlock Retail, please email support@unlockretail.com with the details. We aim to acknowledge reports promptly and will work in good faith with researchers acting in good faith.