HOLONA
Beta · Q3 2026 Apply for beta
Legal · HOLONA Inc.

Privacy policy

Effective June 13, 2026 · contact@holona.io
Plain-English summary. Today, we collect the email address and seller-fit answers you submit in the beta application form. When the beta opens in Q3 2026, we will also collect account details and the Amazon seller data you explicitly authorize through Amazon's official APIs. We never sell your data, never use it to train any LLM, never let one seller's data touch another's, and never send marketing email. You can ask us to show, correct, delete, or export your data at any time.

1 · Overview

This policy explains what HOLONA Inc., a Delaware C-corporation ("HOLONA", "we", "us") collects, why, and what we do — and refuse to do — with it. It covers holona.io and the HOLONA service.

HOLONA is in closed beta, opening Q3 2026. Until then, this site accepts beta applications from Amazon sellers. The sections below describe both what applies today and what will apply once the service is live, so you can read this once and not be surprised later.

2 · Information we collect

Today — beta application only

The beta application asks for your work email and a short seller profile: brand or company, marketplaces, main category, GMV range, ad-spend range, team size, current tool stack, biggest operating bottleneck, automation posture, and the beta outcome you want. There are no advertising trackers on this site, no fingerprinting, and no profiling. If we ever add analytics, it will be cookie-free.

When the service is live

  • Account information — name, email, and billing details.
  • Amazon seller data — accessed only through the official SP-API and Ads API, only after you authorize the connection via OAuth. This covers advertising, inventory, listing, pricing, and review data. The permission scope is per seller; we cannot read anything you have not granted.
  • Product usage and log data — how the product is used, plus operational and audit logs.

3 · How we use information

Your beta application data has one use: evaluating fit for closed beta access and contacting you about that application. That is the whole list of uses.

Once the service is live, we use data to operate it — running the analysis you see in the product, executing the actions you approve, billing your account, keeping audit logs, and securing the system. We do not use it for anything beyond delivering the service you signed up for.

4 · What we never do

  • We never sell, rent, or share your personal information — including email lists. Not to advertisers, not to data brokers, not to anyone.
  • We never use customer data to train any LLM — not our own models, not anyone else's.
  • We never cross tenants. Each seller's data lives inside its own permission scope. No customer's data is ever visible to, or aggregated with, another's.
  • We never send marketing email. Beta applicants only receive messages about beta access and fit.

5 · Retention schedule

We keep data only as long as it is useful for the purpose you gave it to us for.

Data typeRetentionNote
Beta application dataUntil beta launch, or your deletion request — whichever comes firstUsed to evaluate fit and contact applicants
Marketplace PII (e.g. buyer details in order data)Auto-purged at 30 daysEnforced automatically, not by manual cleanup
Non-PII operational data18 months or lessNeeded for trend analysis within the product
Audit logs12 months or morePostgres, then S3 cold storage

6 · Sharing and subprocessors

We share data with a small set of subprocessors, each for a single function:

  • AWS — hosting and infrastructure.
  • Form provider — receives beta application submissions.
  • Payment processor — will be added at launch, for billing only.

Beyond that, we disclose data only when legally compelled — and where the law allows it, we will notify you before we do.

7 · Security

  • At rest — AES-256 encryption, with keys managed in AWS KMS and rotated annually.
  • In transit — TLS 1.2 or higher, enforced for every service-to-service connection, not just the browser edge.
  • Residency — all data is stored in the US on AWS.

A fuller technical description is on the data protection page.

8 · Your rights

You can ask us to access, correct, delete, or export your data — exports come as JSON and CSV. Email contact@holona.io and we will respond within 30 days.

These rights track what the GDPR and CCPA require, and we extend them to every user regardless of where you live. We do not claim any certification we have not earned — this is simply how the product is built.

9 · International transfers and data residency

HOLONA processes data in the United States. If you use the service from outside the US, your data is transferred to and stored on US infrastructure, under the protections described in section 7.

10 · Children

HOLONA is a business tool. It is not directed at children under 16, and we do not knowingly collect their information. If you believe a child has given us data, email us and we will delete it.

11 · Changes to this policy

When we make a material change, we note it on this page and update the effective date at the top. We will not quietly weaken any of the commitments in section 4.

12 · Contact

Questions, requests, or concerns: contact@holona.io.

HOLONA Inc. is a Delaware C-corporation, and this policy is governed by the laws of the State of Delaware.