Business Privacy Policy

Sola Studio (“Sola Studio,” “we,” “us,” or “our”) sets out this Privacy Policy (this “Policy”) regarding personal information and other information collected in connection with our business services.

1. Scope

1. This Policy applies to Sola Studio’s business services provided to corporations, unincorporated organizations, sole proprietors, and other persons using our services for business purposes.
2. This Policy applies to our business services generally, including services for clients in Japan and clients located outside Japan.
3. This Policy applies to information collected through our website, inquiry forms, detailed forms and application forms separately provided by us, scheduling and booking tools, email, online meetings, shared documents, cloud storage, payment-related services, and other channels used in connection with our business services.
4. Separate privacy terms may apply to personal / consumer services where applicable.

2. Information We Collect

We may collect the following categories of information in connection with our business services.

(1) Corporate and organizational information

• company name
• organization name
• office location
• country
• company URL
• business or service overview
• other organization-related information

(2) Contact and representative information

• contact person name
• title
• department
• email address
• phone number
• preferred language
• other contact-related information

(3) Inquiry and consultation information

• service of interest
• preferred way of proceeding
• preferred service format
• consultation topic
• project status
• consideration stage
• budget range
• priority or urgency
• internal review status
• preferred start timing
• preferred meeting timing/format
• NDA-related preferences
• expected monthly support volume
• supplementary notes
• other information relevant to the initial consultation

(4) Information collected through detailed forms and application forms

• publicity / case study permission status
• permitted publicity scope
• detailed information required for concept structuring, specification support, review, design support, implementation support, or ongoing support
• existing accessibility audit results, review findings, issue lists, automated check results, target pages, target flows, target components, known issues, areas the Client would like to improve, and other related information for Accessibility Review or Accessibility Remediation Support
• target URLs, public pages, non-public pages, staging or test environments, login-protected flows, target screens, target scope, out-of-scope areas
• UX or messaging notes, website structure, sitemap, wireframe-related information, intended page types, expected page volume, website setup, platform or tool information, advanced features, user flows, desired actions, decision-flow information, and related website planning information
• source materials, English versions, English summaries, approved explanations, original versions, existing Japanese copy, existing translations, translation route preferences, and other materials or information relating to copy preparation, localization-related context, translation adjustment, UX or messaging notes, or review
• shareable materials, background materials, known concerns, and supporting information relating to target pages, screens, flows, UX or messaging context, campaign materials, marketing materials, sales materials, presentation materials, or other review materials
• analytics data, search-related data, page-quality check results, heatmaps, session recordings, screen recordings, screenshots, user inquiries, support records, feedback, reviews, surveys, internal notes, improvement history, campaign context, previous campaign notes, sales feedback, legal or policy wording shared as reference or context, and other reference materials or related information shared by the Client
• contract, procurement, payment, VAT, invoicing, and internal approval information
• expected role for each service, preferred timing for progress updates or sharing, preferred format for sharing materials or work outputs, possible follow-up support, and other information necessary to carry out the engagement
• supplementary notes, free-text responses, and related materials shared outside the form, including through follow-up email or shared documents

(5) Contract, invoicing, and payment information

• information required for estimates, contracts, SOWs, orders, invoices, and payments
• billing information
• payment method, currency, invoicing requirements, and payment instructions
• records processed through Stripe, Deel, or other payment or remittance-related services

(6) Information collected or generated during service provision

• records of communications through email, meetings, shared documents, forms, GitHub, cloud storage, and similar channels
• review outputs, UX or messaging notes, design notes, shared materials, project notes, meeting notes, and work notes
• shared URLs, screen information, files, code, screenshots, specification information, and other information necessary for the engagement

(7) Website usage and technical information

• information collected through cookies and similar technologies
• usage information collected through Google Analytics or similar analytics tools
• session-related information
• authentication-related information
• ad measurement / tracking-related information
• other technical information collected for website operation

(8) Information collected in connection with the Development Consultation Readiness Check

• email addresses entered when requesting delivery of a PDF or other reference material corresponding to the result of the Development Consultation Readiness Check
• the result category of the Development Consultation Readiness Check
• records relating to whether the individual agreed to the Privacy Policy, when that agreement was given, and which version was agreed to
• whether the individual wishes to receive update or announcement emails
• market classification, language, campaign parameters, and other information necessary for managing the relevant flow or service operations
• submission timestamps and other intake records

(9) Information collected or temporarily handled in connection with the Conversion Leak Estimator

• input information entered into the Conversion Leak Estimator, including monthly visits, CTA click rate, form completion rate, lead-to-opportunity rate, close rate, average deal value / LTV, currency, estimated friction impact, and similar inputs
• identifiers, temporary storage metadata, and other information temporarily stored in the browser as necessary to retain estimator values after a result is successfully displayed, and to support transfer of those values to the Friction Review Report application form within the same browser session

The specific information collected may vary depending on the service used, project stage, form type, contract stage, and communication channel.

3. How We Collect Information

We may collect information through the following methods:

1. through inquiry forms and other input forms on our website
2. through detailed forms, application forms, and other forms separately provided by us
3. through scheduling and booking tools such as Google Calendar
4. through email, online meetings, shared documents, shared storage, GitHub, and similar communication channels
5. through estimates, contracts, SOWs, invoices, payment instructions, and other contract/payment-related documents
6. through Stripe, Deel, or other payment or remittance-related services, or through records generated by or received from them
7. through cookies, analytics tools, ad measurement tools, and similar technical means
8. through direct sharing by the Client or the Client’s representatives of files, URLs, notes, documents, and other materials
9. through a form or similar flow used to request delivery of a PDF or other reference material related to the result of the Development Consultation Readiness Check
10. through temporary browser-side storage technologies such as sessionStorage used in the Conversion Leak Estimator to temporarily retain estimator values after a result is successfully displayed, and to support transfer of those values to the Friction Review Report application form within the same browser session

4. Purposes of Use

We may use collected information for the following purposes:

1. to receive and respond to inquiries, identify the relevant matter, and confirm the appropriate contact person
2. to assess project suitability and determine whether and how we may respond
3. to structure the initial direction of the engagement, including service type, scope approach, support model, language, and related conditions
4. to schedule and conduct meetings, provide communications and notices, and manage follow-up
5. to prepare estimates, enter into contracts, prepare and manage SOWs, process orders, invoices, payments, accounting, and tax-related matters
6. to provide reviews, design support, specification support, implementation support, ongoing support, and related services
7. to perform the services, conduct reviews, organize findings, consider improvement hypotheses, structure priorities, prepare UX or messaging notes, website structure, sitemaps, wireframes, copy proposals, review outputs, implementation support, and possible follow-up work based on the Client’s shared materials, background context, target URLs, target screens, target flows, target components, target messages, campaign materials, marketing or sales materials, presentation materials, specifications, analytics data, search-related data, accessibility audit results, review findings, issue lists, automated check results, user inquiries, support records, feedback, campaign context, sales feedback, source materials, English versions, English summaries, approved explanations, original versions, existing Japanese copy, existing translations, translation information, localization-related context, legal or policy wording shared as reference or context, and other reference information
8. to manage security, authentication, access control, records, dispute prevention, fraud prevention, harassment response, and similar operational needs
9. to improve service quality, internal operations, and service design
10. to manage publicity permissions, case-study permissions, and permitted publication scope
11. to comply with applicable laws, contracts, accounting/tax obligations, and other legal or operational requirements
12. to send a PDF or other reference material corresponding to the result of the Development Consultation Readiness Check, and to manage related guidance or intake records
13. where a separate indication of willingness to receive such communications has been given, to send update emails, service-related notices, or similar informational emails, and to manage such communications
14. to provide result display, reference information, flow analysis, input assistance, and related functions in the Conversion Leak Estimator based on user input
15. to temporarily retain values entered into the Conversion Leak Estimator after a result is successfully displayed, and, where the user proceeds to the Friction Review Report application form, to use those values for transfer, prefill assistance, and improved application convenience within the same browser session

5. Third-Party Services and External Tools

We may use the following third-party services or external tools in connection with the operation or provision of our business services:

1. Supabase: May be used as a database or application infrastructure for form submissions, basic information, project information, and related data.

2. Google services: Google Calendar, Google Meet, Google Forms, Google Docs, Google Drive, Google Sheets, and other Google services may be used for scheduling, booking, online meetings, input forms, and for creating, storing, and collaboratively editing shared materials and related documents.

3. Stripe, Deel, and other payment-related services: May be used for payment processing, payments, remittances, invoicing-related processing, payment record management, and other payment-related operations.

4. Resend and other email delivery / notification services: May be used for inquiry acknowledgements, form submission confirmations, payment guidance, scheduling guidance, contract-related communications, and other email delivery or notification purposes necessary for service operations.

5. GitHub: May be used where work outputs or related information are shared through GitHub, or where GitHub is needed for communications or service provision.

6. Notion, Loom, CodePen, StackBlitz, JSFiddle, and other sharing, explanation, or verification tools: May be used as needed for project explanation, verification, sharing, review, or communication.

7. AI-assisted tools and language model services: May be used, where appropriate, for internal drafting, summarizing, translation support, copy preparation, UX or messaging note preparation, review support, issue organization, explanation, or similar service-support purposes. Where such tools are used with Client materials, we seek to limit the information shared to what is reasonably necessary for the relevant task and to take into account confidentiality, sensitivity, and the applicable service context.

8. Accessibility review and page-quality check tools: Browser developer tools, axe, Lighthouse, WAVE, miChecker, PageSpeed Insights, and similar tools may be used where necessary for accessibility review, page-quality checks, display checks, implementation checks, or other checks required for service provision.

9. Vercel and other website operation / hosting-related services: May be used for operating, displaying, delivering, analyzing, or technically managing our website or related web functions.

10. Google Analytics: May be used for website usage analysis, improvement, and internal analytics.

11. Advertising and related measurement services: Google Ads, Meta Ads, and related advertising, measurement, or tracking tools may be used where they are implemented on our website or service flow, for advertising delivery, advertising measurement, access analysis, service improvement, or related purposes.

The handling of information by these third-party services may also be governed by the privacy policies, terms, and rules of those service providers.

6. Where Information May Be Stored or Managed

Information we collect may be stored or managed in locations such as the following:

1. Supabase: For website form submissions, basic information, project information, scheduling and booking-related information, and related records.

2. Email systems and email delivery / notification services: For email communications, notices, confirmation requests, contract-related communications, sending records, and related records.

3. Cloud storage such as Google Drive: For contracts, estimates, SOWs, invoices, receipts, meeting notes, project notes, shared materials, work outputs, and related documents created or shared before, during, or after service provision.

4. Stripe, Deel, and other payment-related services: For payment processing, remittance processing, invoice and payment record management, payment-related communications, and related payment administration.

5. GitHub and other repositories or shared environments: For code, configuration, related documentation, and other information necessary for service provision, sharing, or collaboration.

6. Website operation and hosting-related services: For information necessary to operate, display, deliver, analyze, or technically manage our website or related web functions.

7. AI-assisted tools and other service-support environments: Where used for internal drafting, summarizing, translation support, copy preparation, UX or messaging note preparation, review support, issue organization, explanation, or similar service-support purposes, relevant information may be processed or temporarily handled in such tools or environments according to the applicable tool settings, provider terms, and operational safeguards.

7. Third-Party Disclosure and External Processing

1. We do not provide personal information to third parties except where we have consent from the relevant individual or Client, where required by law, where necessary to protect a person’s life, body, or property, or where otherwise permitted under applicable law.

2. Notwithstanding the preceding paragraph, we may entrust or share personal information and other information with external services, cloud services, payment-related services, professional advisors, subcontractors, or other third parties to the extent necessary to achieve the purposes set out in this Policy.

3. Where we allow an external service or service provider to handle personal information or other information under the preceding paragraph, we will seek to ensure appropriate handling to the extent necessary and reasonable, taking into account the nature of the service provider, the purpose of use, the scope of handling, contractual terms, and related circumstances.

4. Where a third-party service, shared environment, repository, cloud storage, chat tool, payment/remittance service, or other external service designated by the Client is used, the handling of information by that service may be governed by that service provider’s privacy policy, terms, and other applicable rules.

5. Where AI-assisted tools or language model services are used for internal drafting, summarizing, translation support, copy preparation, UX or messaging note preparation, review support, issue organization, explanation, or similar service-support purposes, information may be processed by those tool providers to the extent necessary for the relevant task. We seek to use such tools in a manner that is reasonable in light of confidentiality, sensitivity, the agreed service scope, and the nature of the information involved.

6. Where we use external services provided by operators outside Japan, or external services through which information may be stored or processed outside Japan, we will handle such information in accordance with the approach to international transfers and overseas processing set out in Section 11 of this Policy.

8. Sensitive and Confidential Information

1. As a general rule, we do not request the sharing of sensitive personal information, highly confidential information, regulated information, or similar information unless reasonably necessary for the relevant services.
2. If the Client intends to share such information, the Client should confirm with us in advance the necessity of such sharing and the applicable handling conditions.
3. In particular, before an NDA or other confidentiality arrangement is in place, we may not assume that the engagement is structured to receive highly confidential information.
4. Where sharing of sensitive or highly confidential information is necessary, we may separately arrange conditions concerning sharing method, viewing scope, access control, storage location, NDA coverage, or similar safeguards.
5. Unless specifically requested and agreed as necessary for the relevant service, Clients should avoid sharing personal data, customer data, credentials, secrets, unpublished access details, highly confidential legal or policy materials, or similar sensitive information through initial inquiry forms, public forms, or other channels not intended for such information.

9. Cookies, Analytics, and Advertising-Related Technologies

1. Our website may use cookies, localStorage, and similar browser-side storage or access technologies for website operation, session management, authentication, usability improvement, access analysis, consent management, and related purposes.
2. In the Conversion Leak Estimator, we may use sessionStorage and similar browser-side temporary storage technologies to temporarily retain, within the user’s browser, estimator values after a result is successfully displayed, and to support transfer of those values to the Friction Review Report application form within the same browser session. These technologies are used primarily for estimator result handling, form prefill assistance, and related usability improvement. Estimator values temporarily retained in this way are not treated as submitted application data unless and until the user submits the relevant application form.
3. We may use Google Analytics with consent mode for website usage analysis, improvement, and internal analytics.
4. Where consent mode is used, Google tags may load before a user makes a choice in the consent banner or cookie settings interface. In such cases, consent is handled according to the applicable default consent state and the user’s subsequent consent choices.
5. Where analytics or advertising consent is denied, analytics or advertising cookies may not be read or written, but Google or related services may still receive cookieless pings or similar non-cookie signals for consent-mode-related measurement, fraud prevention, service reliability, or related operational purposes.
6. Where analytics or advertising consent is granted, Google Analytics, Google Ads, Meta Ads, and related analytics, advertising, measurement, or tracking technologies may use cookies and similar technologies to the extent implemented on our website or service flow and according to the user’s consent choices.
7. We may use Google Ads, Meta Ads, and related advertising, measurement, or tracking technologies only where they are implemented on our website or service flow, for advertising delivery, advertising measurement, access analysis, service improvement, or related purposes.
8. We may use cookie consent tools or other consent-management mechanisms where they are implemented or introduced. These tools may store consent choices using cookies, localStorage, or similar browser-side storage technologies so that the user’s preferences can be remembered.
9. Where embedded forms, scheduling tools, payment tools, or other third-party features are used on our website or within our service flow, those third parties may also collect information through cookies or similar technologies.
10. Details regarding cookie management, consent choices, settings, or opt-out options may be provided through our website’s cookie settings, consent banner, or the relevant third-party services.

10. Recording, Records, and Retention

1. For purposes reasonably necessary for service provision, operational quality, safety, dispute prevention, harassment response, or similar legitimate needs, we may record, retain, or otherwise preserve parts of meetings, calls, screen-sharing sessions, communications, or other interactions.
2. Where explanation, notice, or consent is required by law or operational practice before such recording or retention, we will take the necessary steps in advance.
3. We will not publicly disclose such recordings or records outside the relevant purpose, except where required by law, permitted by the relevant individual’s consent, or otherwise justified for dispute handling or similar legitimate reasons.

11. International Transfers and Overseas Processing

1. Sola Studio operates from Japan. However, because we use external tools, cloud services, payment-related services, communication tools, and file-sharing or collaboration platforms, information may be processed or stored outside Japan, outside the Client’s country or region, or in other jurisdictions where such service providers operate.
2. Even where a Client accesses our services or website from outside Japan, we will handle information in accordance with this Policy.
3. Where international processing or overseas storage occurs, we will seek to handle information appropriately in light of the nature of the services, operational necessity, and relevant contractual or technical safeguards.

12. Retention

1. We retain collected information for as long as reasonably necessary to fulfill the purposes of use, and as required for contractual, legal, tax, accounting, recordkeeping, dispute-prevention, and other legitimate operational needs.
2. Records relating to contracts, estimates, invoices, payments, accounting, taxation, and similar matters may generally be retained for seven (7) years.
3. Inquiry information that does not lead to an engagement, and unused application or detailed-form information, may generally be retained for approximately one (1) to two (2) years, after which, if no longer needed, it may be deleted, restricted, anonymized, or otherwise appropriately managed.
4. Project files, project notes, shared materials, email records, and other project-related information may be retained as needed for service provision, follow-up, recordkeeping, dispute prevention, or other legitimate operational purposes.
5. Cookie, analytics, and other technical data may be retained in accordance with our settings, the retention settings of relevant external services, and reasonable operational needs.
6. Information temporarily retained in the browser in connection with the Conversion Leak Estimator will generally remain only for the duration of the relevant browser session, depending on the user’s browser environment, settings, session state, or actions, and is distinct from application information or detailed-form information that we retain on the server side. Where such information is formally submitted through the Friction Review Report application form or a similar form, the submitted information will thereafter be treated as ordinary application information or detailed-form information and retained in accordance with the relevant provisions of this Section.
7. Where information is no longer needed, we may delete it, anonymize it, restrict its use, or otherwise manage it appropriately.
8. Information relating to requests for delivery of PDFs connected to the result of the Development Consultation Readiness Check, preferences regarding informational email delivery, and related intake records may also be retained as needed for the relevant purposes of use, management of consent records, management of unsubscribe requests, and other legitimate operational needs, and may be deleted, restricted, anonymized, or otherwise appropriately managed when no longer needed.

13. Security

We seek to implement reasonable and appropriate security measures to reduce the risk of unauthorized access, leakage, loss, alteration, destruction, or similar issues, including access controls, viewing-scope controls, and storage-management controls appropriate to the nature of the information and the services.

14. Requests for Access, Correction, Deletion, and Related Rights

1. Where required by applicable law, and upon a request from the relevant individual, the Client, or a duly authorized representative, as applicable, we will respond to requests concerning access, correction, deletion, suspension of use, restriction, or similar rights recognized under applicable law.
2. However, immediate or complete compliance may not always be possible where retention is required for contractual, legal, tax, accounting, recordkeeping, dispute-prevention, or other legitimate reasons.
3. Such requests should be directed to the contact point stated at the end of this Policy.

15. Position on Legal and Regulatory Matters

Even where our services involve privacy, cookies, consent management, accessibility, compliance, legal or policy page placement, disclosures, claims, pricing explanations, support information, or other legal/regulatory matters, any organization of information, guidance, UX or messaging notes, review, copy proposal, wireframe, localization-related input, or shared material we provide is general, practical, or service-oriented in nature unless expressly stated otherwise. Final legal, regulatory, compliance, publication, and external-responsibility determinations remain with the Client and/or the Client’s legal or other professional advisors.

16. Changes to This Policy

1. We may revise this Policy where required due to legal changes, service changes, operational needs, or other reasonable circumstances.
2. If we revise this Policy, we will notify users by publishing the revised content and effective date on our website or by another appropriate method.
3. The revised Policy will take effect on the effective date stated in such notice.

17. Contact

For inquiries regarding this Policy, requests relating to personal information, or similar communications, please contact:

• Email: info@solastudio.studio

Where appropriate, we may also direct you to our website contact page or another designated contact method.