This page describes how HOLONA Inc. — a Delaware C-Corp building the AI control layer for Amazon sellers — meets the obligations that govern third-party software access to Amazon seller accounts. It is written for three audiences: sellers evaluating HOLONA, the compliance and legal teams who advise them, and Amazon itself. It states what we do, what we never do, and where the boundaries sit.
Two Amazon policies govern software like ours: the 2026 Business Solution Provider (BSA) agreement, which defines who may access seller accounts through Amazon's APIs and under what obligations, and the Data Protection Policy (DPP), which sets binding requirements for handling seller and customer data. Enforcement of the 2026 terms took effect on June 2, 2026.
HOLONA was architected to these policies before launch. Our closed beta opens in Q3 2026 — after the enforcement date — so there is no legacy access pattern to wind down and no migration standing between our architecture and full policy alignment. The constraints below were design inputs, not patches applied later.
Every API call HOLONA makes carries the x-amz-application-id header. Amazon can attribute every request to HOLONA — there is no anonymous traffic and no path through which our requests blend into a seller's own.
HOLONA reads and acts exclusively through SP-API and the Ads API, via OAuth scopes the seller grants. No browser automation, no scraping, no storage of Seller Central login credentials. If Amazon has not exposed an API for something, HOLONA does not do it.
Middleware backpressure keeps our request volume inside Amazon's published rate limits. Throttling is handled on our side — before requests leave our infrastructure — rather than by retrying against Amazon's enforcement.
Every decision HOLONA makes and every action it executes is logged for at least 12 months — Postgres for active records, S3 cold storage beyond — and is replayable on request by the seller, their auditors, or Amazon.
Data is encrypted with AES-256 at rest (AWS KMS) and TLS 1.2+ in transit. Marketplace PII is auto-purged at 30 days. All data resides in the United States. Customer data never trains any LLM. Full detail is on the companion page: Data protection.
HOLONA classifies every decision by reversibility. Decisions classified R5 — irreversible, with system-wide impact, such as liquidating aged inventory — are never auto-executed, at any automation level. They are presented as advisory, with a one-click deep link into Amazon Seller Central, so the seller takes the action inside Amazon's own interface and under Amazon's own controls.
This is by design, not by toggle. There is no setting, plan tier, or automation level at which HOLONA executes an R5 decision on its own.
Access begins only after the seller grants OAuth scopes through Amazon's authorization flow — HOLONA holds no access before that grant and no access beyond it. The seller can revoke authorization at any time, either from Seller Central or from HOLONA settings.
On revocation, HOLONA stops all API calls immediately. Stored data then follows the published retention schedule: marketplace PII deleted within 30 days, non-PII business data within 18 months, audit logs retained at least 12 months to preserve the accountability record.
HOLONA is in closed beta. Our developer profile and API access operate under Amazon's standard developer registration process. Nothing on this page should be read as a claim of Amazon endorsement, partnership, or certification — Amazon has issued us none of those, and we claim none. Compliance with the BSA agreement and the DPP is our obligation as a developer on Amazon's platform, not a badge Amazon awarded us. We document it here because sellers and their advisors deserve to see exactly how that obligation is met.
Questions about this page — including requests to replay audit logs or compliance reviews from a seller's legal team — go to contact@holona.io. Reference this page and its effective date, June 13, 2026.