Replenit

Privacy Policy

Effective Date: 01.01.2026

Last Updated: 30.12.2025

1. Introduction

Replenit Sp. z o.o. (“Replenit”, “we”, “us”, or “our”) provides an AI-powered decisioning platform for retailers and brands.

This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with:

  • Our website (https://replen.it)
  • Our platform and services
  • Business relationships with customers and partners

Depending on the context, Replenit acts as:

  • Data Controller — for website visitors and business contacts
  • Data Processor — for personal data processed on behalf of our customers within the Replenit platform

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

a) Website & Business Contact Data

  • Name, email address, company name, job title
  • Communication content (e.g. contact forms, emails)
  • Marketing preferences

b) Technical & Usage Data

  • IP address
  • Device and browser information
  • Website usage data
  • Cookies and similar tracking technologies

c) Customer Data (Processed on behalf of clients)

  • Customer identifiers (e.g. customer ID, email address, phone number)
  • Transactional data (e.g. orders, products, purchase history)
  • Behavioral data (e.g. browsing activity, interaction events)

Replenit processes this data strictly on behalf of its customers and does not determine the purposes or means of such processing.

3. Purpose of Processing

We process personal data for the following purposes:

  • Providing, operating, and improving the Replenit platform
  • Generating AI-driven decisions (e.g. replenishment, substitution, cross-sell, churn prevention)
  • Customer onboarding and technical support
  • Monitoring system performance and ensuring security
  • Analytics and product development
  • Compliance with legal and regulatory obligations

4. Legal Basis for Processing

Where Replenit acts as a Data Controller, processing is based on:

  • Performance of a contract
  • Legitimate interests (e.g. platform improvement, security)
  • Consent (where required, e.g. for marketing or cookies)
  • Legal obligations

Where Replenit acts as a Data Processor, processing is carried out in accordance with:

  • Applicable data protection laws
  • Data Processing Agreements (DPAs) with customers

5. Data Sharing and Subprocessors

Replenit may share personal data with trusted third-party service providers (“subprocessors”) solely for the purpose of delivering its services.

These may include providers of:

  • Cloud infrastructure
  • Data storage and processing
  • Analytics and monitoring
  • Communication services

A current list of subprocessors is available at: https://blog.replen.it/wp-content/uploads/2025/11/Subprocessors-2025-H2.pdf

All subprocessors are contractually required to:

  • Process data only on documented instructions
  • Implement appropriate security measures

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Replenit ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Transfers to countries with an adequacy decision
  • Other legally recognized mechanisms

7. Data Retention

Replenit retains personal data:

  • Only for as long as necessary to fulfill the purposes described in this Policy
  • In accordance with contractual obligations
  • Based on customer-defined retention policies (for data processed on behalf of clients)

Upon termination of services, data is deleted or returned in accordance with contractual agreements.

8. Data Subject Rights

Individuals may have the following rights under applicable data protection laws:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent (where applicable)

Requests can be submitted via: support@replen.it

We will respond within applicable legal timeframes.

9. Cookies and Tracking Technologies

Replenit uses cookies and similar technologies to:

  • Ensure website functionality
  • Analyze website usage
  • Improve performance

Users can control or disable cookies through their browser settings.

10. Do Not Track (CalOPPA Disclosure)

Some web browsers offer a “Do Not Track” (DNT) signal.

Due to the lack of a consistent industry standard for interpreting DNT signals, our website does not respond to DNT signals in a standardized manner. Users can manage tracking preferences through browser settings and cookie controls.

11. Security Measures

Replenit implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit and at rest
  • Access controls and role-based permissions
  • Monitoring, logging, and incident detection
  • Secure cloud infrastructure

These measures are aligned with industry best practices and information security standards.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

  • Updates will be published on this page
  • The “Last Updated” date will be revised accordingly

13. Contact Information

Replenit Sp. z o.o.

For any questions or requests regarding this Privacy Policy or data protection matters, please contact: support@replen.it