Edge planogram vision for food retail.

Automated shelf monitoring, privacy by design.

We partnered with a major food retail chain to develop a privacy-conscious computer vision system for automated shelf monitoring. The solution needed to process in-store imagery at scale while addressing critical considerations: GDPR compliance for any incidental capture of customer images, secure data handling for proprietary planogram data, and operational efficiency through edge processing.

The system automates planogram compliance checks, out-of-stock detection, and generates actionable tasks for store teams, all while maintaining strict data governance.

Privacy as a foundational requirement.

• Privacy-by-design architecture: Edge processing means raw images never leave the store premises. Only structured metadata (shelf positions, product counts, compliance scores) is transmitted to central systems.
• Automatic face and person blurring: Real-time detection and blurring of any individuals captured in frame before any image storage or analysis.
• Data retention controls: Raw images deleted within 24 hours after processing. Aggregated analytics retained per configurable policy. Full audit trail of data lifecycle.
• GDPR documentation: DPIA completed. Processing purposes documented. Lawful basis established under legitimate interest with balancing test.
• Signage and transparency: Template in-store signage provided explaining the system's purpose and data handling, supporting the client's transparency obligations.

Edge first, cloud optional.

• YOLOv8 with custom detection head: Fine-tuned object detection achieving 96.2% mAP on the client's product catalogue. Optimised for real-time inference on edge hardware.
• NVIDIA Jetson edge devices: On-premises inference with secure boot, encrypted model weights, and tamper detection. OTA update capability with signed firmware packages.
• AWS (EC2, S3, SageMaker): Cloud infrastructure for model training, A/B testing, and centralised analytics. VPC isolation with private endpoints. S3 encryption with customer-managed keys.
• TensorRT optimisation: Model compilation for edge deployment achieving 45 FPS inference on Jetson AGX Orin while maintaining accuracy.
• MLflow: Model versioning, experiment tracking, and deployment pipeline with full audit trail of model lineage.

%%{init: {"theme":"base","themeVariables":{"background":"#0a0b0c","primaryColor":"#a9dbe6","primaryTextColor":"#efefe8","primaryBorderColor":"#a9dbe6","lineColor":"rgba(239,239,232,.3)","secondaryColor":"#0d0f11","tertiaryColor":"#0d0f11","textColor":"#efefe8","mainBkg":"#0d0f11","secondBkg":"#0a0b0c","border1":"rgba(239,239,232,.12)","border2":"rgba(239,239,232,.06)"}}}%%
flowchart LR
  subgraph Store["In Store"]
    Cam[Cameras]
    Jetson[Jetson AGX Orin
YOLOv8 + TensorRT]
    Blur[Person Blurring]
    Jetson --> Blur
  end
  subgraph Cloud["Central Cloud (VPC)"]
    Meta[Metadata Only]
    Dash[Planogram Dashboard]
    Tasks[Task Queue]
  end
  Cam --> Jetson
  Blur --> Meta
  Meta --> Dash
  Dash --> Tasks
        

Edge security, multi-store scale.

• Privacy compliance: Edge-first architecture with on-device person detection and blurring. Raw images never leave store premises. DPIA completed with the client's data protection team.
• Edge security: Secure boot chain, encrypted model weights on device, and tamper detection via hardware attestation. OTA updates signed with a hardware-backed key.
• Operational scale: Fleet management for 420 stores with central health dashboards, anomaly detection on inference quality, and SLO-gated rollout.
• Model accuracy: Continuous retraining against freshly labelled imagery. Canary rollout per store region with automatic rollback on detection quality regression.

Automated compliance, operational wins.

• 96.2% mAP detection accuracy across the full product catalogue.
• 12 compliance scans per day per aisle, versus weekly manual spot-checks before.
• Out-of-stock incidents down 28%, with proactive replenishment tasks generated from detection outputs.
• Zero image egress: raw imagery is processed and deleted on device within 24 hours.