Privacy Policy

Last updated: March 1, 2026

1. Introduction

ReplenishRadar, Inc. ("ReplenishRadar," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website or use our inventory management and demand forecasting service (the "Service").

This policy applies to Account Data (information you provide when creating and managing your account) where ReplenishRadar acts as the data controller. It does not govern Customer Data (your inventory, order, and product data imported from Shopify, Amazon, or other integrations), which is processed on your behalf under our Terms of Service. You control what Customer Data enters the Service and how it is used.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Information You Provide Directly

  • Account Information: Email address, name (if provided), and password (hashed) when you register
  • Billing Information: Payment details processed directly and securely by Stripe; we receive only a billing reference token and never store card numbers
  • Organization Details: Business name and settings you configure in your account
  • Communications: Messages you send us through support tickets, email, or feedback forms
  • Integration Credentials: OAuth tokens for Shopify and Amazon Seller Central, stored encrypted; we use these solely to sync your inventory data

Platform Data (Imported via API)

When you connect your platforms, we import and process:

  • Shopify: Product names, SKUs, inventory levels, order history
  • Amazon FBA: Product names, ASINs, SKUs, FBA inventory quantities, order data

This data is accessed under your authorization. We read inventory and order data to generate forecasts, alerts, and reporting. We may also perform the following write operations on your explicit instruction: updating inventory quantities in Shopify, and creating inbound shipment plans to Amazon FBA. We do not make unsolicited changes to your inventory or orders. We do not access or store your end-customers' personal information from these platforms.

Automatically Collected Information

  • Log Data: IP address, browser type and version, pages visited, timestamps, referring URLs, and error logs
  • Device Information: Operating system, screen resolution, and device type
  • Usage Data: Features accessed, actions taken, and session duration within the Service
  • Cookies and Similar Technologies: Session identifiers and preference data (see Section 10)

Inferences

We may derive insights from the above (for example, usage patterns that help us understand which features are most valuable) to improve the Service. We do not create inferences about your end-customers.

3. Legal Basis for Processing

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection laws, we process your personal information on the following legal grounds:

  • Contractual Necessity: Processing required to provide the Service you have subscribed to, including account management, billing, inventory sync, and alert delivery
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, ensuring security, and sending service-related communications, provided these interests are not overridden by your rights
  • Consent: Where you have given explicit consent, such as for marketing emails; you may withdraw consent at any time without affecting the lawfulness of prior processing
  • Legal Obligation: Where processing is necessary to comply with applicable law, a court order, or regulatory requirement

4. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your access
  • Provide the Service, including inventory sync, demand forecasting, stockout alerts, and purchase order recommendations
  • Process payments and manage your subscription through Stripe
  • Send transactional emails (account confirmation, alerts, invoice receipts, support responses)
  • Send service announcements and product updates (you may opt out of non-essential communications)
  • Monitor and analyze usage to improve the Service and develop new features
  • Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
  • Maintain the security and integrity of the Service
  • Comply with applicable legal obligations and enforce our Terms of Service
  • Respond to your inquiries and provide customer support

We do not use your data for advertising purposes, and we do not sell your personal information to third parties.

5. Automated Processing and Profiling

The Service uses automated algorithms to analyze your historical inventory and order data in order to generate demand forecasts, stockout risk scores, and purchase order recommendations. These outputs are based on statistical modeling of your own data and are provided as decision-support tools. You retain full control over all purchasing and inventory decisions.

No automated decisions with legal or similarly significant effects are made about you as an individual based on this processing. If you have questions about how a specific forecast or recommendation was generated, contact us at privacy@replenishradar.com.

6. Data Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

Service Providers

We engage trusted third-party companies to help us operate the Service. These providers access data only as necessary to perform their functions and are contractually prohibited from using it for any other purpose:

  • Supabase: Database hosting and authentication (United States)
  • Render: Backend application hosting (United States)
  • Stripe: Payment processing (United States)
  • Resend: Transactional email delivery
  • Sentry: Application error monitoring and performance tracking (United States); error reports may include technical context such as request metadata and anonymized stack traces
  • Amazon Web Services: Message queuing (SQS) for Amazon SP-API integration

Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or governmental regulation, or where we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; or (d) protect the personal safety of users of the Service or the public.

Business Transfers

If ReplenishRadar is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share information for any other purpose with your explicit prior consent.

7. International Data Transfers

ReplenishRadar is based in the United States. If you access the Service from outside the United States, including from the European Economic Area, United Kingdom, or Switzerland, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

The United States and other countries may not provide the same level of data protection as your home country. When we transfer personal information from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

If you would like more information about the safeguards we use for international transfers, or to request a copy of the applicable transfer mechanism, contact us at privacy@replenishradar.com.

8. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of all data in transit using HTTPS/TLS
  • Encryption of data at rest in our database
  • OAuth tokens and credentials stored encrypted, never in plain text
  • Role-based access controls limiting who can access data internally
  • Audit logging for sensitive operations
  • Regular security reviews and dependency updates

In the event of a confirmed security breach that affects your personal information, we will notify you without undue delay and in any event within 72 hours of becoming aware, to the extent required by applicable law. Notification will be sent to your registered email address.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service and fulfill the purposes outlined in this policy. We also retain information as required to comply with legal obligations, resolve disputes, enforce agreements, and maintain business records.

Cancelled and Inactive Accounts

When your subscription ends or trial expires, your Customer Data (inventory, orders, forecasts, and settings) is retained for 12 months to allow you to reactivate your account and pick up where you left off without data loss. During this period you may export your data or request its deletion at any time by contacting privacy@replenishradar.com. After 12 months of continued inactivity, Customer Data is permanently deleted.

Explicit Account Deletion

If you explicitly request account deletion:

  • OAuth tokens and integration credentials are immediately revoked
  • Customer Data and account data are deleted within 30 days
  • Backup copies are purged within 90 days
  • Certain records (e.g., billing history, legal holds) may be retained longer as required by law

Log and Analytics Data

Server logs and anonymized usage analytics are retained for up to 12 months for security, debugging, and service improvement purposes.

10. Cookies and Tracking Technologies

What We Use

We use cookies and similar technologies to operate and improve the Service:

  • Essential Cookies: Required for authentication, session management, and basic Service functionality. These cannot be disabled without impairing the Service.
  • Functional Cookies: Remember your preferences (e.g., display settings, selected organization) to improve your experience.
  • Analytics Cookies: Help us understand how the Service is used so we can improve it. We use Sentry for error monitoring, which may collect session context as part of error reporting.

What We Do Not Use

We do not use advertising or tracking cookies, third-party behavioral advertising networks, or social media pixels. We do not track you across third-party websites.

Cookie Controls

You can control cookies through your browser settings. Blocking essential cookies will prevent you from logging in or using core features of the Service. Most browsers allow you to refuse or delete cookies; refer to your browser's help documentation for instructions.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@replenishradar.com. We will respond within 30 days (or within any shorter period required by applicable law).

  • Access: Request a copy of the personal information we hold about you. You can also export your Customer Data directly from your dashboard.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain legal exceptions (e.g., billing records required by law). You can also delete your account directly from your dashboard.
  • Data Portability: Receive your personal information in a structured, commonly used, machine-readable format.
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances (e.g., while a correction request is being resolved).
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us. You will still receive transactional and service communications.
  • Disconnect Integrations: Revoke platform access (Shopify, Amazon) at any time from your account dashboard.
  • Lodge a Complaint: If you are in the EEA or UK, you have the right to lodge a complaint with your local supervisory authority if you believe we have processed your personal information unlawfully.

We will not discriminate against you for exercising any of these rights.

12. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address); commercial information (subscription and billing history); internet or electronic network activity (usage data, log data); and inferences drawn from this information to understand service usage.

Sale or Sharing of Personal Information

We do not sell or share your personal information with third parties for cross-context behavioral advertising, as those terms are defined under California law.

Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: As noted above, we do not sell or share personal information
  • Right to Limit Use of Sensitive Information: We do not use sensitive personal information beyond what is necessary to provide the Service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Submit a California Request

Submit requests by email to privacy@replenishradar.com. We will verify your identity before processing requests and respond within 45 days (extendable by an additional 45 days with notice).

Shine the Light: California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for direct marketing.

13. Children's Privacy

The Service is intended for use by businesses and their authorized personnel. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EEA and UK, as applicable). If we become aware that we have collected personal information from a child below the applicable age without parental consent, we will take steps to delete that information promptly.

If you believe we have inadvertently collected information from a child, please contact us at privacy@replenishradar.com.

14. Third-Party Links

The Service may contain links to third-party websites, including Amazon Seller Central, Shopify, Stripe, and others. These sites have their own privacy policies and we are not responsible for their content or practices. We encourage you to review the privacy policies of any third-party sites you visit. The inclusion of a link does not imply our endorsement of the site or its privacy practices.

15. Amazon SP-API Compliance

As an Amazon Selling Partner API (SP-API) developer, we comply with all Amazon Data Protection Policy requirements. Specifically:

  • We only request and access Amazon data that is necessary for inventory management and demand forecasting
  • We never share Amazon Selling Partner data with third parties for advertising, marketing, or any purpose not required to provide the Service
  • Amazon data is processed solely on your behalf and under your authorization
  • We maintain a comprehensive incident response plan and will notify Amazon and affected selling partners of any data breach in accordance with Amazon's requirements

16. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, such as changes to the categories of data collected, how data is used, or who data is shared with, we will provide at least 14 days' advance notice via email to your registered address or via a prominent in-app notification. For minor or clarifying changes, we may update the policy without advance notice.

The updated policy will be posted at replenishradar.com/privacy with a revised "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you object to a material change, you may close your account before the change takes effect.

17. Contact Us

For privacy questions, data requests, or to exercise your rights under this policy, contact us at:

privacy@replenishradar.com
ReplenishRadar, Inc.

We aim to respond to all privacy inquiries within 30 days. For requests under GDPR, CCPA, or other applicable data protection laws, we will respond within the timeframes required by those laws.

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.