Infrastructure

Where Shelf runs.

A short, honest description of the infrastructure your data lives on. No vendor names inside our network; no deployment detail competitors could exploit; no SLA numbers we don't mean.

Cloud

Shelf runs on AWS. All infrastructure is provisioned and operated within a single AWS account, in a US region.

Network isolation

Production services run inside a private virtual network with multi-zone redundancy. Only the public entry point is internet-reachable — the database and all background workers live in private subnets, unreachable from the internet, communicating only over locked-down internal paths.

Encryption

All network traffic is encrypted in transit with modern TLS. Sensitive credentials like merchant access tokens are encrypted with AES-256 at the application layer before being stored. Data at rest is encrypted at the storage layer as well.

Backups

The primary datastore runs continuous automated backups with point-in-time recovery.

Monitoring

We monitor uptime and catch failures through continuous health checks. Unhealthy containers are automatically replaced by the orchestration layer.