If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support. Additional fees may apply. If you are not yet a customer but are interested in this solution, please complete our contact form.

VTEX Shield offers additional, customizable protection layers for stores that prioritize platform resilience and the security standards guaranteed by VTEX's existing security certifications and practices.

The solution provides advanced security features, allowing you to detect potential risks and take preventive actions. This ensures your store remains protected from unexpected disruptions, keeping it operational and reliable.

When requesting VTEX Shield, you can choose from the following features:

• Security Monitor
• Web Application Firewall (WAF)
• Data Protection Plus
• Customized SSL Certificates
• Mutual Transport Layer Security (mTLS)

Security Monitor is a VTEX Admin dashboard that detects security threats related to the behavior of admin users and incorrect settings. Potential risks include outdated or compromised application keys, users or credentials with excessive permissions, and inactive users. The tool provides an overview of threats and solutions, along with the option to send email notifications to merchants for each finding.

Security Monitor is available in the VTEX Admin only for stores using VTEX Shield. For more information, check out the Security Monitor guide.

The Web Application Firewall (WAF) protects web applications by monitoring and filtering internet traffic.

This security feature plays a key role in protecting websites, online services, and web applications from attacks such as SQL injection, cross-site scripting (XSS), and other common web vulnerabilities.

Only stores with VTEX Shield that request this feature can request WAF activation. Learn more about how the Web Application Firewall (WAF) works and the types of threats it protects against.

This feature is in closed beta and is only available in some regions. If you have any questions, please contact Commercial Support.

Data Protection Plus is a data architecture that offers an additional layer of protection for personal data. In this architecture, all PII (Personally Identifiable Information) data is stored in the Profile System, a service developed specifically for processing PII following a set of rules and processes appropriate for this purpose.

Other platform modules, such as Orders and Checkout, only store anonymized data associated with a Profile System token, increasing the security of this information.

See the set of guides for the Data Protection Plus category in the Developer Portal for more details and specifications about this architecture.

By default, VTEX uses SSL certificates issued by Let’s Encrypt to ensure security and compatibility. However, some stores may require customized certificates to meet specific compliance or security requirements.

The SSL certificates page in the VTEX Admin allows you to install and manage custom certificates. This feature is available only for stores that have opted in and use VTEX Shield. For more information, see the guide Custom SSL certificates.

Mutual Transport Layer Security (mTLS) is an advanced security solution offered by VTEX Shield, which reinforces the protection of integrations between external systems and VTEX. This extra layer of protection is applicable to integration scenarios via APIs, such as headless stores or connections with ERPs and WMS.

Unlike traditional TLS, in which only the server needs to prove its identity, mTLS requires mutual authentication: both the client and the server present valid digital certificates, ensuring that both sides of the communication are trustworthy before exchanging data. Learn more at Mutual Transport Layer Security (mTLS).