// Trust & Security Report

    Pixel Labs, LLC (Helium 10) logo

    Pixel Labs, LLC (Helium 10)

    Cloud-based e-commerce analytics and seller tools for Amazon, Walmart, and TikTok Shop. Includes product research, keyword research, listing optimization, advertising management, operations, and analytics modules. Serves 4.5M+ brands globally with both individual and enterprise pricing tiers.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Since May 25, 2018, all processing of Personal Information of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679). ... If you are a resident of the EEA and believe that we have Personal Information about you ... please contact us at [email protected] with the subject line "GDPR Data."

    Verify on helium10.com
    > Show 8 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    no public evidence found

    source: helium10.com
    SOC 2 Type 2
    NOT CONFIRMED

    no public evidence found

    source: helium10.com
    ISO 27001
    NOT CONFIRMED

    no public evidence found

    source: helium10.com
    ISO 27701
    NOT CONFIRMED

    no public evidence found

    source: helium10.com
    HIPAA
    NOT CONFIRMED

    not applicable - Helium 10 is an e-commerce analytics platform, not a healthcare provider or business associate

    source: helium10.com
    PCI DSS
    NOT CONFIRMED

    no public evidence found; platform handles payment tokens but vendor does not publicly claim PCI DSS certification

    source: helium10.com
    FedRAMP
    NOT CONFIRMED

    no public evidence found

    source: helium10.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    no public evidence found

    source: helium10.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    not specified

    Platform uses AI/ML for analyzing product listings, reviews, and sales metrics. Data sources include Amazon API, user-generated data, and third-party providers. No explicit statement found regarding training models on customer data or opt-out mechanisms. Privacy policy does state they use aggregated, anonymous data for service improvement without prior written consent.

    // Security controls

    Two-Factor Authentication

    Available for all users (free and paid). Supports SMS, email, or authentication apps. Automatic 2FA enforced on suspicious login attempts from different countries.

    helium10.com

    Encryption in Transit

    No public evidence of a specific encryption-in-transit standard. Neither the privacy policy nor the terms document TLS versions or Perfect Forward Secrecy; the terms reference only 'commercially reasonable administrative, physical, and technical safeguards.'

    helium10.com

    Encryption at Rest

    No explicit encryption-at-rest claim found. Terms reference 'commercially reasonable administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of Your Customer Data' without technical detail.

    helium10.com

    Support Access Control

    Support staff may access customer accounts for troubleshooting when requested. Helium 10 states they do not look at customer data directly unless requested for support; internal logging uses random identifiers (UUIDs) to avoid exposing keyword/product data to team members.

    kb.helium10.com

    Security Incident Response

    Company maintains security incident management policies and commits to promptly notify customers of unauthorized access or disclosure of customer data to the extent permitted by law.

    helium10.com

    Data Access Limitation

    Service providers and third parties given access only as reasonably necessary to provide contracted services.

    helium10.com

    // Products & data scope

    Helium 10 Platform (Core)E-commerce Analytics & Seller Tools

    data: Amazon seller data, Walmart seller data, TikTok Shop seller data, payment tokens, user-generated research, product listings, advertising spend, sales metrics

    Available in free, Platinum, Diamond, and custom enterprise tiers. Serves 4.5M+ sellers globally. Processes 2B+ data points daily. Integrates with Amazon, Walmart, and TikTok Shop seller accounts.

    Helium 10 AI-Powered ToolsAI-Enhanced Analytics

    data: Product research data, keyword data, listing content, competitor analysis, advertising performance metrics

    Uses AI/ML for insights but training data sources and customer data usage policies not explicitly disclosed. May train models on aggregated data.

    Helium 10 EnterpriseEnterprise Seller Management

    data: Multi-client catalog management, team collaboration, agency account access

    Available for agencies and brands managing multiple seller accounts. Enterprise Terms & Conditions apply.

    // What to watch

    • NO TRUST CENTER: Vendor lacks dedicated security or trust center documentation despite 4.5M+ user base and enterprise offering
    • NO SOC 2/ISO 27001: No public evidence of industry-standard security certifications. Concerning for an enterprise SaaS platform handling payment tokens and seller business data.
    • AI TRAINING OPAQUE: Platform uses AI/ML extensively but does not clearly disclose whether customer data is used for training, and no opt-out mechanism found. Privacy policy allows use of aggregated data for 'improvement of services' without explicit prior consent.
    • NO PUBLIC DPA: No Data Processing Agreement published; customers may need to request separately for GDPR compliance.
    • DATA RESIDENCY NOT DISCLOSED: No information provided about where customer data is stored geographically, which matters for compliance and data residency requirements.
    • SECURITY CLAIMS VAGUE: Terms refer to 'commercially reasonable' safeguards without technical detail or audit evidence.
    • PAYMENT DATA HANDLING: Platform connects to payment tokens/credentials for advertising and refund automation but no explicit PCI DSS or payment security standard claims.
    • IDENTITY: Privacy policy states the operating entity is 'Pixel Labs, LLC dba Helium10.' Helium 10 was acquired by Assembly in 2020 and now sits within Pacvue (Assembly's e-commerce platform). No 'Helium 10 Inc.' legal entity was found on the vendor domain.

    // At a glance

    Pricing model

    Freemium (free tier available) with subscription tiers (Platinum, Diamond, Custom Enterprise). Monthly or annual billing options.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Pixel Labs, LLC (Helium 10)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    helium10.com

    > Browse all vendor trust reports