Privacy Policy
Last updated: April 2026
Welcome to our privacy notice and thank you for taking the time to read it. We hope it provides you with the information you are looking for, but if you need more, please reach out to us at support@replenagise.ai
We understand how important privacy and the security of your personal data are to you. They are important to us too. We adopt a privacy by design approach in everything we do. This means we develop our business strategies, products, services, and our platform with your privacy in mind.
This privacy notice aims to give you useful information about how we process your personal data. This privacy notice applies to you if you are:
- a visitor to our website (replenagise.ai);
- a customer who has ordered, trialled, or subscribed to our platform;
- an end-user of our platform, including team members invited by a customer;
- an employee, customer, or supplier of our customers, where their data is processed through the Linnworks integration;
- a vendor or the employee of a vendor that provides services to us; or
- an individual whose personal data has been collected by us, including for marketing or sales purposes.
We may update this privacy notice from time to time and will publish revised versions on our website. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by email.
1. Definitions
In this privacy notice, the following terms have the meanings set out below:
Platform: The Replenagise web application and all associated services, including demand forecasting, inventory replenishment, purchase order management, sales trend analysis, and reporting tools.
Personal Data: Any information relating to an identified or identifiable natural person, as defined by the UK GDPR.
Processing: Any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, and deletion.
Controller: The entity that determines the purposes and means of processing personal data. For the purposes of this notice, the controller is Replenagise LTD.
Processor: An entity that processes personal data on behalf of the controller.
Linnworks Data: Inventory, sales, stock, channel, supplier, warehouse, and purchase order data accessed via the Linnworks API on your behalf.
UK GDPR: The United Kingdom General Data Protection Regulation, as retained in UK law following Brexit, read alongside the Data Protection Act 2018.
2. Our Details and How to Contact Us
Replenagise LTD Company Number: 17123348 Registered in England and Wales
Email: support@replenagise.ai
Replenagise LTD is the data controller responsible for your personal data. If you have any questions about this privacy notice, your personal data, or wish to exercise any of your rights, please contact us using the details above.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). See Section 17 for details.
3. Are You Providing Us with Personal Data About Someone Else?
If you provide us with personal data about another person (for example, when inviting a team member to your account), you should ensure that you have their consent or another lawful basis to share their information with us. You should also make this privacy notice available to them so they understand how their data will be processed.
4. When Do We Collect Personal Data?
We collect personal data at various points, including when you:
- visit our website or landing page;
- register for an account or sign up for a free trial;
- subscribe to a paid plan and provide billing information;
- connect your Linnworks account to our platform;
- use the platform features (forecasting, replenishment, purchase orders, reporting, sales trends);
- invite team members or manage users within your account;
- contact us via our contact form, email, or support channels;
- interact with our marketing communications; or
- apply for a role with us or engage with us as a supplier or partner.
5. What Personal Data Do We Collect?
We collect and process the following categories of personal data:
Account and Identity Data: Your name, email address, company name, and password (stored in securely hashed form). If you use Google Single Sign-On (SSO), we receive your name, email, and profile identifier from Google.
Billing and Transaction Data: If you subscribe to a paid plan, your payment details are processed securely by Stripe. We do not store full card numbers. We retain records of your subscription plan, billing history, invoices, and transaction references.
Linnworks Integration Data: When you connect your Linnworks account, we access inventory levels, sales history, stock quantities, channel performance metrics, supplier details, warehouse and location data, and purchase order information via the Linnworks API. This data is processed solely to provide the replenishment, forecasting, and reporting features of the platform.
Usage and Technical Data: We automatically collect information about how you interact with the platform, including pages visited, features used, actions taken, timestamps, session duration, browser type and version, operating system, device information, and IP address.
Communication Data: When you contact us via our contact form, email, or support tickets, we collect the content of those communications along with your name, email address, and any attachments you provide.
Security Data: We collect data related to account security, including two-factor authentication (2FA) status, login history, and session tokens. This data is used to protect your account and detect unauthorised access.
Team and User Management Data: If you are an account administrator, we process data about team members you invite, including their name, email address, and assigned role or permissions.
6. Why Do We Process Personal Data and Our Lawful Bases
Under the UK GDPR, we must have a lawful basis for each processing activity. Below we explain the purposes for which we process your data and the corresponding lawful basis:
Performance of a Contract (Article 6(1)(b) UK GDPR):
- Providing and operating the platform, including inventory calculations, demand forecasting, purchase order generation, and reporting.
- Managing your account, authenticating your identity, and processing logins (including SSO).
- Processing payments, managing your subscription, and issuing invoices via Stripe.
- Syncing your Linnworks data to deliver the core platform features you have subscribed to.
- Responding to support requests and providing technical assistance.
Legitimate Interests (Article 6(1)(f) UK GDPR):
- Improving and developing the platform based on usage patterns and feature adoption.
- Ensuring the security and integrity of the platform, including fraud prevention and abuse detection.
- Analysing aggregated, anonymised usage data to understand how the platform is used.
- Communicating with you about important service updates, security alerts, or changes to your account.
- Administering and protecting our business, including troubleshooting, system maintenance, and data analysis.
We have conducted legitimate interest assessments for each of these activities and have concluded that our interests do not override your fundamental rights and freedoms.
Legal Obligation (Article 6(1)(c) UK GDPR):
- Complying with UK tax, accounting, and financial reporting requirements.
- Responding to lawful requests from regulatory authorities or law enforcement.
- Maintaining records as required by applicable laws and regulations.
Consent (Article 6(1)(a) UK GDPR):
- Sending you marketing communications about our products, features, or offers. You may withdraw your consent at any time by clicking "unsubscribe" in any marketing email or by contacting us at support@replenagise.ai
7. Profiling and Automated Decision-Making
We do not carry out any solely automated decision-making that produces legal effects or similarly significant effects on you as defined under Article 22 of the UK GDPR.
Our platform uses algorithms to calculate replenishment quantities, risk scores, demand forecasts, and purchase order suggestions. These are tools designed to assist your business decisions — they do not make decisions about you as an individual, and you retain full control over whether to act on any recommendation the platform provides.
8. Artificial Intelligence and Machine Learning
Our forecasting and replenishment features use statistical models and algorithms to analyse your sales history, seasonal patterns, and stock data. These models are used to generate demand forecasts and replenishment suggestions.
These features:
- process only your business data (sales, inventory, stock levels) — not personal data about individuals;
- do not profile individuals or make decisions about natural persons;
- are designed to assist, not replace, your commercial judgement; and
- do not involve the use of third-party AI services that would require sharing your data externally for model training.
We do not use your data to train AI or machine learning models for purposes unrelated to your use of the platform.
9. Third-Party Integrations
Linnworks API: The core integration that powers the platform. When you connect your Linnworks account, we access your data via authenticated API calls. We act as a processor of your Linnworks data, using it solely to provide the platform's features. We do not use your Linnworks data for any other purpose.
Stripe: Handles all payment processing. Stripe is an independent data controller for payment data. Please refer to Stripe's own privacy policy for details on how they process your payment information.
Google SSO: If you choose to log in via Google, we receive limited profile information (name, email, profile ID) from Google. We do not access any other Google account data.
Hosting Providers: We use third-party cloud infrastructure to host and operate the platform. All hosting providers are contractually required to process data in accordance with our instructions and applicable data protection law.
10. Cookies and Similar Technologies
We use cookies to operate the platform. Our use of cookies is limited to:
Essential Cookies: Session authentication tokens that keep you logged in. These are strictly necessary for the platform to function and do not require consent.
We do not use:
- third-party advertising or tracking cookies;
- analytics cookies that track individual users across websites;
- social media tracking pixels; or
- any cookies for behavioural profiling or targeted advertising.
If we introduce additional cookies in the future, we will update this section and, where required, obtain your consent before placing them.
11. How Is Personal Data Shared?
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients, and only to the extent necessary:
- Payment Processors: Stripe processes your payment information as an independent controller.
- Linnworks: We interact with the Linnworks API to sync your inventory and sales data, as authorised by you.
- Hosting and Infrastructure Providers: Our cloud hosting providers process data on our behalf under strict data processing agreements.
- Professional Advisers: Our lawyers, accountants, or auditors, where necessary for legal, tax, or compliance purposes.
- Law Enforcement and Regulators: Where we are required to disclose data by law, regulation, court order, or in response to a valid legal request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such change.
All third-party processors are bound by data processing agreements and are required to implement appropriate technical and organisational measures to protect your data.
12. International Data Transfers
Your data is primarily stored and processed within the United Kingdom and the European Economic Area. Where data is transferred outside the UK or EEA (for example, to infrastructure providers), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO);
- transfers to countries that have received an adequacy decision from the UK Government; or
- other lawful transfer mechanisms recognised under the UK GDPR.
You may contact us to request further details about the specific safeguards applied to any international transfer of your data.
13. How Long Do We Keep Personal Data?
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are as follows:
Account Data: Retained for the lifetime of your account plus 30 days following account closure, unless longer retention is required for legal purposes.
Billing and Transaction Data: Retained for up to 6 years after the relevant transaction to comply with UK tax, accounting, and Companies Act requirements.
Linnworks Integration Data: Inventory, sales, forecasting, and related data is deleted within 30 days of you disconnecting your Linnworks account or closing your Replenagise account.
Usage and Technical Data: Retained for up to 12 months in identifiable form. After this period, data is either deleted or anonymised for aggregate analysis.
Communication and Support Data: Retained for up to 3 years after the last interaction, unless the communication relates to a legal matter requiring longer retention.
Security Data: Login history and authentication records are retained for up to 12 months.
When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
14. What Data Privacy Rights Do You Have?
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
- Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to Erasure (Article 17): You have the right to request that we delete your personal data, subject to any legal obligations requiring us to retain it.
- Right to Restrict Processing (Article 18): You have the right to request that we limit the processing of your personal data in certain circumstances.
- Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
- Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately.
- Rights Related to Automated Decision-Making (Article 22): As noted in Section 7, we do not carry out solely automated decision-making that produces legal or similarly significant effects on you.
To exercise any of these rights, please contact us at legal@replenagise.ai. We will respond to your request within one calendar month, as required by the UK GDPR. In exceptional circumstances, we may extend this by a further two months, in which case we will inform you and explain the reason for the delay.
We will not charge a fee for processing your request unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request, providing our reasons.
15. How Is Your Personal Data Kept Secure?
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:
- Encryption of data in transit using TLS/SSL;
- Secure password hashing (passwords are never stored in plain text);
- Two-factor authentication (2FA) available for all accounts;
- Role-based access controls within the platform;
- Secure session management with token-based authentication;
- Regular security reviews and updates;
- Access controls limiting employee access to personal data on a need-to-know basis; and
- Data processing agreements with all third-party service providers.
No method of transmission over the internet or electronic storage is completely secure. Whilst we strive to protect your personal data, we cannot guarantee absolute security. If you become aware of any security breach affecting your account, please notify us immediately at support@replenagise.ai.
16. Children
The platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at legal@replenagise.ai
17. Complaints
We take all privacy concerns seriously. If you have a complaint about how we handle your personal data, please contact us first at legal@replenagise.ai and we will do our best to resolve the issue.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO) Website: https://ico.org.uk Telephone: 0303 123 1113 Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
18. Contact Us
Replenagise LTD Company Number: 17123348 Registered in England and Wales
Email: support@replenagise.ai