Business Privacy Policy

Sola Studio (“Sola Studio,” “we,” “us,” or “our”) sets out this Privacy Policy (this “Policy”) regarding personal information and other information collected in connection with our business services.

1. Scope

1. This Policy applies to Sola Studio’s business services provided to corporations, corporate-equivalent organizations, sole proprietors, and other persons using our services for business purposes.
2. This Policy applies to our business services generally, including services for clients in Japan and in the EU/UK.
3. This Policy applies to information collected through our website, enquiry forms, detailed forms and application forms separately provided by us, scheduling and booking tools, email, online meetings, shared documents, cloud storage, payment-related services, and other channels used in connection with our business services.
4. Separate privacy terms may apply to personal / consumer services where applicable.

2. Information We Collect

We may collect the following categories of information in connection with our business services.

(1) Corporate and organizational information

• company name
• organization name
• office location
• country
• company URL
• business or service overview
• other organization-related information

(2) Contact and representative information

• contact person name
• title
• department
• email address
• phone number
• preferred language
• other contact-related information

(3) Enquiry and consultation information

• service of interest
• preferred way of proceeding
• preferred service format
• consultation topic
• project status
• consideration stage
• budget range
• priority or urgency
• internal review status
• preferred start timing
• preferred meeting timing/format
• NDA-related preferences
• expected monthly support volume
• supplementary notes
• other information relevant to the initial consultation

(4) Information collected through detailed forms and application forms

• publicity / case study permission status
• permitted publicity scope
• detailed information required for concept structuring, specification support, review, design support, implementation support, or ongoing support
• target URLs, target screens, target scope, out-of-scope areas
• shareable materials, background materials, known concerns
• contract, procurement, payment, VAT, invoicing, and internal approval information
• expected role for each service, preferred timing for progress updates or sharing, preferred format for sharing materials or work outputs, possible follow-up support, and other information necessary to carry out the engagement
• supplementary notes, free-text responses, uploaded files, or shared materials

(5) Contract, invoicing, and payment information

• information required for estimates, contracts, SOWs, orders, invoices, and payments
• billing information
• payment method, currency, invoicing requirements, remittance information
• records handled through Wise, Deel, or similar payment/remittance services

(6) Information collected or generated during service provision

• records of communications through email, meetings, shared documents, forms, GitHub, cloud storage, and similar channels
• review outputs, design notes, shared materials, project notes, meeting notes, and work notes
• shared URLs, screen information, files, code, screenshots, specification information, and other information necessary for the engagement

(7) Website usage and technical information

• information collected through cookies and similar technologies
• usage information collected through Google Analytics or similar analytics tools
• session-related information
• authentication-related information
• ad measurement / tracking-related information
• other technical information collected for website operation

The specific information collected may vary depending on the service used, project stage, form type, contract stage, and communication channel.

3. How We Collect Information

We may collect information through the following methods:

1. through enquiry forms and other input forms on our website
2. through detailed forms, application forms, and other forms separately provided by us
3. through scheduling and booking tools such as Google Calendar
4. through email, online meetings, shared documents, shared storage, GitHub, and similar communication channels
5. through estimates, contracts, SOWs, invoices, payment instructions, and other contract/payment-related documents
6. through Wise, Deel, or similar payment/remittance services, or through records received from them
7. through cookies, analytics tools, ad measurement tools, and similar technical means
8. through direct sharing by the Client or the Client’s representatives of files, URLs, notes, documents, and other materials

4. Purposes of Use

We may use collected information for the following purposes:

1. to receive and respond to enquiries, identify the relevant matter, and confirm the appropriate contact person
2. to assess project suitability and determine whether and how we may respond
3. to structure the initial direction of the engagement, including service type, scope approach, support model, language, and related conditions
4. to schedule and conduct meetings, provide communications and notices, and manage follow-up
5. to prepare estimates, enter into contracts, prepare and manage SOWs, process orders, invoices, payments, accounting, and tax-related matters
6. to provide reviews, design support, specification support, implementation support, ongoing support, and related services
7. to perform services based on the Client’s shared materials, background context, target URLs, target screens, specifications, and related information
8. to manage security, authentication, access control, records, dispute prevention, fraud prevention, harassment response, and similar operational needs
9. to improve service quality, internal operations, and service design
10. to manage publicity permissions, case-study permissions, and permitted publication scope
11. to comply with applicable laws, contracts, accounting/tax obligations, and other legal or operational requirements

5. Third-Party Services and External Tools

We may use the following third-party services or external tools in connection with the operation or provision of our business services:

1. Supabase: May be used as a database or application infrastructure for form submissions, basic information, project information, and related data.

2. Google services: Google Calendar, Google Meet, Google Forms, Google Docs, Google Drive, Google Sheets, and other Google services may be used for scheduling, booking, online meetings, input forms, and for creating, storing, and collaboratively editing shared materials and related documents.

3. Wise, Deel, and other payment-related services: May be used for payments, remittances, invoicing-related processing, payment record management, and other payment-related operations.

4. Resend and other email delivery / notification services: May be used for enquiry acknowledgements, form submission confirmations, payment guidance, scheduling guidance, contract-related communications, and other email delivery or notification purposes necessary for service operations.

5. GitHub: May be used where work outputs or related information are shared through GitHub, or where GitHub is needed for communications or service provision.

6. Notion, Loom, CodePen, StackBlitz, JSFiddle, and other sharing, explanation, or verification tools: May be used as needed for project explanation, verification, sharing, review, or communication.

7. Vercel and other website operation / hosting-related services: May be used for operating, displaying, delivering, analyzing, or technically managing our website or related web functions.

8. Google Analytics: May be used for website usage analysis, improvement, and internal analytics.

9. Advertising and related measurement services: Google Ads, Meta Ads, and related advertising, measurement, or tracking tools may be used where they are implemented on our website or service flow, for advertising delivery, advertising measurement, access analysis, service improvement, or related purposes.

10. Other file-sharing or cookie / consent management tools: We may use file-sharing tools or cookie / consent management tools as needed. Specific tools may be selected based on operational needs.

The handling of information by these third-party services may also be governed by the privacy policies, terms, and rules of those service providers.

6. Where Information May Be Stored or Managed

Information we collect may be stored or managed in locations such as the following:

1. Supabase: For website form submissions, basic information, project information, scheduling and booking-related information, and related records.

2. Email systems and email delivery / notification services: For email communications, notices, confirmation requests, contract-related communications, sending records, and related records.

3. Cloud storage such as Google Drive: For contracts, estimates, SOWs, invoices, receipts, meeting notes, project notes, shared materials, work outputs, and related documents created or shared before, during, or after service provision.

4. Wise, Deel, and similar payment-related services: For payment/remittance processing, invoicing/payment records, and payment-related communications.

5. GitHub and other repositories or shared environments: For code, configuration, related documentation, and other information necessary for service provision, sharing, or collaboration.

6. Website operation and hosting-related services: For information necessary to operate, display, deliver, analyze, or technically manage our website or related web functions.

7. Third-Party Disclosure and External Processing

1. We do not provide personal information to third parties except where we have consent from the relevant individual or Client, where required by law, where necessary to protect a person’s life, body, or property, or where otherwise permitted under applicable law.

2. Notwithstanding the preceding paragraph, we may entrust or share personal information and other information with external services, cloud services, payment-related services, professional advisors, subcontractors, or other third parties to the extent necessary to achieve the purposes set out in this Policy.

3. Where we allow an external service or service provider to handle personal information or other information under the preceding paragraph, we will seek to ensure appropriate handling to the extent necessary and reasonable, taking into account the nature of the service provider, the purpose of use, the scope of handling, contractual terms, and related circumstances.

4. Where a third-party service, shared environment, repository, cloud storage, chat tool, payment/remittance service, or other external service designated by the Client is used, the handling of information by that service may be governed by that service provider’s privacy policy, terms, and other applicable rules.

5. Where we use external services provided by operators outside Japan, or external services through which information may be stored or processed outside Japan, we will handle such information in accordance with the approach to international transfers and overseas processing set out in Article 11 of this Policy.

8. Sensitive and Confidential Information

1. As a general rule, we do not request the sharing of sensitive personal information, highly confidential information, regulated information, or similar information unless reasonably necessary for the relevant services.
2. If the Client intends to share such information, the Client should confirm with us in advance the necessity of such sharing and the applicable handling conditions.
3. In particular, before an NDA or other confidentiality arrangement is in place, we may not assume that the engagement is structured to receive highly confidential information.
4. Where sharing of sensitive or highly confidential information is necessary, we may separately arrange conditions concerning sharing method, viewing scope, access control, storage location, NDA coverage, or similar safeguards.

9. Cookies, Analytics, and Advertising-Related Technologies

1. Our website may use cookies and similar technologies for website operation, session management, authentication, usability improvement, access analysis, and related purposes.

2. We may use Google Analytics and other analytics tools for website usage analysis, improvement, and internal analytics.

3. We may use Google Ads, Meta Ads, and related advertising, measurement, or tracking technologies only where they are implemented on our website or service flow, for advertising delivery, advertising measurement, access analysis, service improvement, or related purposes.

4. We may use cookie consent tools or other consent-management mechanisms where they are implemented or introduced.

5. Where embedded forms, scheduling tools, payment tools, or other third-party features are used on our website or within our service flow, those third parties may also collect information through cookies or similar technologies.

6. Details regarding cookie management, settings, or opt-out options may be provided through our website’s cookie settings, consent banner, or the relevant third-party services.

10. Recording, Records, and Retention

1. For purposes reasonably necessary for service provision, operational quality, safety, dispute prevention, harassment response, or similar legitimate needs, we may record, retain, or otherwise preserve parts of meetings, calls, screen-sharing sessions, communications, or other interactions.
2. Where explanation, notice, or consent is required by law or operational practice before such recording or retention, we will take the necessary steps in advance.
3. We will not publicly disclose such recordings or records outside the relevant purpose, except where required by law, permitted by the relevant individual’s consent, or otherwise justified for dispute handling or similar legitimate reasons.

11. International Transfers and Overseas Processing

1. Sola Studio operates from Japan. However, because we use external tools, cloud services, payment-related services, communication tools, and file-sharing or collaboration platforms, information may be processed or stored outside Japan or outside the Client’s country.
2. Even where a Client accesses our services or website from outside Japan, we will handle information in accordance with this Policy.
3. Where international processing or overseas storage occurs, we will seek to handle information appropriately in light of the nature of the services, operational necessity, and relevant contractual or technical safeguards.

12. Retention

1. We retain collected information for as long as reasonably necessary to fulfill the purposes of use, and as required for contractual, legal, tax, accounting, recordkeeping, dispute-prevention, and other legitimate operational needs.
2. Records relating to contracts, estimates, invoices, payments, accounting, taxation, and similar matters may generally be retained for seven (7) years.
3. Enquiry information that does not lead to an engagement, and unused application or detailed-form information, may generally be retained for approximately one (1) to two (2) years, after which, if no longer needed, it may be deleted, restricted, anonymized, or otherwise appropriately managed.
4. Project files, project notes, shared materials, email records, and other project-related information may be retained as needed for service provision, follow-up, recordkeeping, dispute prevention, or other legitimate operational purposes.
5. Cookie, analytics, and other technical data may be retained in accordance with our settings, the retention settings of relevant external services, and reasonable operational needs.
6. Where information is no longer needed, we may delete it, anonymize it, restrict its use, or otherwise manage it appropriately.

13. Security

We seek to implement reasonable and appropriate security measures to reduce the risk of unauthorized access, leakage, loss, alteration, destruction, or similar issues, including access controls, viewing-scope controls, and storage-management controls appropriate to the nature of the information and the services.

14. Requests for Access, Correction, Deletion, and Related Rights

1. Where required by applicable law, and upon a request from the relevant individual, the Client, or a duly authorized representative, as applicable, we will respond to requests concerning access, correction, deletion, suspension of use, restriction, or similar rights recognized under applicable law.
2. However, immediate or complete compliance may not always be possible where retention is required for contractual, legal, tax, accounting, recordkeeping, dispute-prevention, or other legitimate reasons.
3. Such requests should be directed to the contact point stated at the end of this Policy.

15. Position on Legal and Regulatory Matters

Even where our services involve privacy, cookies, consent management, accessibility, compliance, or other legal/regulatory matters, any organization of information, guidance, review, or shared material we provide is general or practical in nature unless expressly stated otherwise. Final legal, regulatory, compliance, and external-responsibility determinations remain with the Client and/or the Client’s legal or other professional advisors.

16. Changes to This Policy

1. We may revise this Policy where required due to legal changes, service changes, operational needs, or other reasonable circumstances.
2. If we revise this Policy, we will notify users by publishing the revised content and effective date on our website or by another appropriate method.
3. The revised Policy will take effect on the effective date stated in such notice.

17. Contact

For enquiries regarding this Policy, requests relating to personal information, or similar communications, please contact:

• Email: info@solastudio.studio

Where appropriate, we may also direct you to our website contact page or another designated contact method.