Replenish Privacy Policy

What data we collect

When you install Replenish, we access and store the following data from your Shopify store:

• Shop information — your store domain, name, and plan type.
• Products and variants — titles, SKUs, barcodes, prices, and cost prices.
• Inventory levels — stock quantities across your locations.
• Order line items — variant IDs and quantities sold, used to calculate sales velocity. We do not store customer names, emails, addresses, or any customer personal information.
• Locations — warehouse and store location names.

Why we collect this data

All data is collected solely to provide inventory forecasting and reorder recommendation services:

• Sales history drives demand forecasting and stockout predictions.
• Inventory levels are used to calculate days of stock and reorder points.
• Product and variant data is used to identify and display your catalog within the app.
• Location data enables multi-location inventory tracking.

How we store and protect your data

• Shopify access tokens are encrypted at rest in our database.
• All data is stored in Neon Postgres with strict multi-tenant isolation. Your data is never accessible to other merchants.
• All connections use TLS encryption in transit.
• Our application runs on Railway with HTTPS enforced on all endpoints.

Third-party services

Replenish uses the following third-party services to operate:

• Shopify API — to sync your store data and manage billing.
• Railway — application hosting.
• Neon — database hosting (serverless Postgres).
• Resend — transactional email delivery for alert digests.

We do not share your data with any other third parties.

Data sales

We do not sell, rent, or trade your merchant data to any third party, under any circumstances.

Customer personal information

Replenish does not store customer personal information. We process order line items (variant ID and quantity) to calculate sales velocity, but we do not retain customer names, email addresses, shipping addresses, or payment information.

GDPR compliance

Replenish fully implements Shopify's mandatory GDPR webhooks:

• Customer data request — we report that we do not store customer personal data.
• Customer data erasure — handled automatically since we do not store customer personal data.
• Shop data erasure — all shop data is permanently deleted from our systems.

Data retention

When you uninstall Replenish, all of your shop data is automatically deleted from our systems within 30 days. This includes all products, inventory levels, sales history, forecasts, alerts, and settings associated with your store.

Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or by email. Continued use of Replenish after changes constitutes acceptance of the updated policy.

Contact us

If you have questions about this privacy policy or how we handle your data, contact us at info@codequal.dev.

Replenish is operated by CodeQual.