ReplenOS Privacy Policy
Last updated: April 8, 2026
This Privacy Policy describes how ReplenOS by Strum AI ("we", "us", or "our") collects, uses, and shares information when you install or use the ReplenOS app (the "App") in connection with your Shopify-supported store.
If you have questions, contact us at privacy@strum-ai.com.
What information do you collect through Shopify's APIs?
When you install the App, we are automatically able to access certain types of information from your Shopify account via Shopify's APIs. This includes:
- Store Information: Your shop name, domain, physical address, and email address.
- Product and Inventory Data: Details about your products, including titles, descriptions, SKU numbers, inventory levels, and historical stock movements.
- Order History: Information about your store's orders, including order dates, items purchased, quantities, and transaction values.
What information do you collect directly from the merchant?
We collect the following information directly from you:
- Contact Details: We collect your name and business email address to communicate regarding app updates, support requests, and billing.
- Usage Logs: We generate automated logs relating to your use of the App, such as the features you access, time spent on specific dashboards, and any errors encountered. This helps us optimise our AI models and improve the user experience.
- Business Preferences: Any specific inventory targets, lead times, or supplier information you manually input into the ReplenOS application to refine your forecasting and inventory replenishment plans.
What information do you collect from merchants' customers?
We do not collect information directly from your customers on your storefront. We do not drop cookies or use tracking technologies (like pixels) on your customers' devices. Our access to customer data is limited to the information already present in your Shopify admin that is shared with us via the API to facilitate accurate demand forecasting and order automation.
How do you use the information you collect?
We use the information we collect solely to provide and improve the App's services, including:
- AI-Powered Forecasting: Analysing historical sales and inventory data to predict future demand.
- Inventory Planning: Identifying potential stockouts or overstock situations.
- Order Automation: Generating purchase orders based on your specific replenishment needs.
- Communication: Sending you alerts regarding inventory levels or responding to your support inquiries.
We do not sell your data to third parties, nor do we use it for advertising or marketing purposes outside of the functionality of the App.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom (UK), we are required to inform you of the legal bases on which we process your personal information:
- Performance of a Contract — We process your store data because it is necessary to deliver the App's services under our agreement with you.
- Legitimate Interests — We process usage logs and diagnostic data to improve, secure, and optimise the App, where this does not override your privacy rights.
- Legal Obligations — We may process or retain certain information where required to comply with applicable law (e.g., tax or audit obligations).
If you have questions about the legal basis for any specific processing activity, contact us at privacy@strum-ai.com.
For how long do you store or retain the data that you collect?
We retain your data for as long as you have the App installed on your store. If you uninstall the App, we will delete your data in accordance with Shopify's mandatory webhooks, except where we are required by law to retain certain information (e.g., for tax or audit purposes).
Are you established in Europe?
ReplenOS by Strum AI is established in the United States. We store and process all data on secure servers located in the United States. If you are located in the European Economic Area (EEA), please note that your data will be transferred outside of Europe. We comply with Shopify's requirements for data protection to ensure your information remains secure.
Data Storage and Security
All data is stored on encrypted infrastructure hosted in the United States. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to store data within our systems is restricted to authenticated internal services.
Third-Party Services
ReplenOS uses a limited set of third-party services to operate:
| Service | Purpose | Data shared |
|---|---|---|
| AWS | Cloud infrastructure and database hosting | Store data (encrypted in transit and at rest) |
| Shopify | App distribution, billing, and API access | App usage events |
| GitHub | Source code hosting and version control | No merchant or customer data |
| Microsoft | Transactional email delivery | Your email address |
Cookies
ReplenOS uses session cookies solely to authenticate and maintain your logged-in session within the App. We do not use tracking, advertising, or analytics cookies.
Mandatory Webhooks and Shopify Compliance
ReplenOS complies with Shopify's mandatory webhooks regarding data privacy:
- Customer Data Request: We will provide the data we hold on a customer upon a valid request from the merchant.
- Customer Data Erasure: We will delete or redact personal data for a specific customer upon request from the merchant via Shopify.
- Shop Data Erasure: Upon uninstalling the App, we will automatically delete all data we have collected from your store in accordance with Shopify's mandatory webhooks.
Your Rights
You have the right to:
- Access — Request a copy of the data we hold about your store.
- Correction — Request correction of inaccurate data.
- Deletion — Request deletion of your data by uninstalling ReplenOS from your Shopify admin. Your data will be permanently deleted in accordance with Shopify's data erasure process.
- Portability — Request an export of your store's data in a machine-readable format.
To exercise any of these rights, email privacy@strum-ai.com. We will action your request within 30 days.
Children's Privacy
ReplenOS is a business-to-business application and is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will notify you via email or an in-app notice at least 14 days before the change takes effect.
How can merchants contact you with questions?
Strum AI, Inc. 15790 Redmond Way, #1023 Redmond, WA 98052
Privacy enquiries: privacy@strum-ai.com General support: support@strum-ai.com
Email us at privacy@strum-ai.com and we'll respond within 2 business days.