Privacy Policy
Last updated: July 9, 2026Northrun Labs LLC ("Replenly", "we", "us") — the company behind the Replenly platform — provides a supply-chain and inventory-replenishment platform for e-commerce sellers. This policy explains what information we collect, how we use it, and the choices you have. The short version: we collect the data needed to run your replenishment planning, we use it only to provide the service to you, and we never sell it or share it with other sellers.
1. Information we collect
Account information. When you sign in with Google, we receive your name, email address, and profile picture. We use Google Sign-In for authentication and never see or store your Google password.
Connected commerce data. When you connect a sales channel (such as an Amazon Selling Partner account or a Shopify store), we retrieve, on your behalf and with your authorization, the operational data needed to provide the service: product listings and SKUs, inventory levels, orders and sales history, pricing, fees, and shipment/fulfillment information. We do not request or collect restricted personal information about your buyers (such as buyer names, shipping addresses, or tax identifiers) — Replenly's Amazon API roles deliberately exclude that data.
Data you enter. Purchase orders, suppliers, costs, freight details, settings, and comments you create in the app.
Technical data. Standard logs (IP address, browser type, timestamps) and error diagnostics used to keep the service secure and reliable.
2. How we use information
- To provide the service: forecasts, replenishment recommendations, purchase-order and shipment tracking, and reporting — for your organization only.
- To operate, secure, and improve the platform (debugging, performance, support).
- To communicate with you about the service (transactional emails such as mention notifications and account messages).
We do not sell your data, use it for advertising, share it with other Replenly customers, or use one customer's data to benefit another. Data from connected channels is used solely to provide the service to the organization that connected it, in accordance with the policies of the platforms involved (including the Amazon Data Protection Policy and Shopify's API terms).
3. Multi-tenant isolation
Replenly is a multi-tenant service. Every record is bound to your organization, and access is enforced at the application's data layer on every query: users in one organization cannot read or modify another organization's data. Integration credentials you provide are encrypted at rest, are never displayed back in full, and are never written to logs.
4. Where your data lives (subprocessors)
We use a small number of infrastructure providers to run Replenly:
- Railway — application hosting
- Supabase — database hosting (encrypted at rest, daily backups)
- Google — sign-in authentication
- Resend — transactional email delivery
- Sentry — error monitoring (error reports exclude credentials and are scrubbed of sensitive values)
These providers process data only as needed to provide their service to us, under their own data-protection commitments. Data is transmitted over encrypted connections (TLS).
5. Retention and deletion
We retain your data while your organization has an active account, because historical sales and shipment data is what the forecasting is built on. If you close your account, we will delete your organization's data within 30 days of your request, except where a legal obligation requires longer retention. Disconnecting an integration stops new data collection from that channel immediately, and you may request deletion of previously synced channel data at any time.
6. Your rights
You may request access to, correction of, export of, or deletion of your organization's data at any time by emailing [email protected]. If you are in a jurisdiction with specific data-protection rights (such as the EU/UK GDPR or a US state privacy law), we will honor requests consistent with those laws.
7. Security
We follow security practices appropriate to the data we handle: encrypted transport (TLS), encryption at rest for the database and for integration credentials, per-organization access isolation enforced in code and verified by an automated test suite, least-privilege access for personnel, and an incident-response plan. If a security incident affects your data, we will notify you without undue delay, and we will notify affected platform providers (such as Amazon) within the timeframes their policies require.
8. Cookies
Replenly uses a single, essential session cookie to keep you signed in. We do not use advertising or cross-site tracking cookies.
9. Children
Replenly is a business tool and is not directed to children under 16. We do not knowingly collect information from children.
10. Changes to this policy
If we make material changes, we will update the date above and notify active customers by email or in-app notice before the changes take effect.
11. Contact
Northrun Labs LLC · 30 N Gould St #66018, Sheridan, WY 82801, USA · [email protected]