Privacy Policy
Last Modified: 07/8/2026
_____________________
SCOPE AND JURISDICTIONAL APPLICABILITY OF THIS POLICY
This comprehensive and legally binding Global Privacy Policy outlines, specifies, and governs the automated and manual processing, management, compilation, and storage of any information provided to, or collected by, The Mad Curtis Company, Inc. and its corporate subsidiaries, operating divisions, and brand affiliates. This operational framework applies directly to all digital interfaces, official corporate domains, applications, content distribution architectures, physical retail studio locations, theme parks, consumer venues, and live events where this privacy mandate is formally deployed, referenced, or linked.
We orchestrate and execute our data processing actions in strict accordance with the supreme applicable local statutes, federal mandates, and international data privacy frameworks in the geographical jurisdictions where our corporate operations are maintained. This includes, but is not limited to, the corporate parameters enforced within the United States of America under the State of Delaware corporate legal structures, alongside modern regional compliance architectures such as the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR). In specific operational scenarios, the Company may deploy supplementary data privacy notices that isolate unique product functionalities, corporate practices, or distinct global regions to maintain complete transparency.
The policy further clarifies that personal information provided on third-party platforms linked to our services, such as social networks or external websites, is managed according to those entities' own privacy practices. The Mad Curtis Company expressly disclaims liability for data practices of third-party operators and encourages users to review their policies, noting that configuration choices made on such platforms do not govern our own data collection.
This Privacy Policy is designed to be read in conjunction with our Terms of Use and specific franchise license agreements, creating a unified legal framework for all digital and physical interactions. Accessing our services or creating an account constitutes acceptance of the data processing procedures detailed in this comprehensive document, applicable across all our global operations.
WHO WE ARE AND THE CORPORATE DATA CONTROLLERS
The Mad Curtis Company, Inc., along with its subsidiaries and brand affiliates, functions as a global media enterprise, with personal data collected during engagement with our services managed by specific corporate entities within our portfolio. This structure ensures accountability under a unified data protection standard across our operating sectors, which include Mad Entertainment (production, studios, and Mad Plus), Mad Interactive (games, virtual experiences, Plus Max, M26, and Mad Store), and Mad Curtis Music Group (record labels).
For users in the United States, Canada, and other regions, The Mad Curtis Company, Inc., based in Delaware, acts as the primary data controller, while for users in the UK, EU, Middle East, and Africa, data is co-controlled by international divisions. Internal data sharing, under strict agreements, allows our subsidiaries to process information efficiently, enabling the consistent application of privacy rights across all interactions with our brands, from streaming to retail.
COMPREHENSIVE TYPES OF INFORMATION WE COLLECT
We collect two main categories of data: personal information that identifies a user and anonymous information that cannot be used to identify a specific guest. This includes Registration Credentials and Account Metadata (name, country, email, DOB, password) necessary for accessing our digital services. Commercial Financial and Transaction Information is collected for purchases, including billing, shipping, and payment method details for our store or event tickets, as documented by our data policies.
Additionally, we gather Public Forum Submissions and other interactive content, Usage, Viewing, Technical, and Device Analytics (IP address, browser, device info), and Geolocation Data for security and platform functionality. Our physical facilities may also use surveillance for safety. These methods, ranging from direct submissions to automated tracking, ensure we capture necessary information to enhance our services and protect our intellectual property.
SYSTEMATIC AND TECHNOLOGICAL METHODS OF DATA COLLECTION
The Mad Curtis Company employs a combination of direct, automated, and third-party methods, such as cookies, tracking pixels, and APIs, to gather user information. These tools, which record navigation and interaction, are essential for the operation of our services. Users are provided with options regarding these tracking technologies in accordance with regional regulations.
Data is also collected from trusted third-party partners and, where necessary, verified through external services, such as address validation, to maintain data accuracy. We may also obtain information, with user authorization, through third-party platforms to enhance our data processing capabilities, all while adhering to legal requirements and protecting our users' privacy.
STRATEGIC USE OF YOUR INFORMATION WITHIN THE FRANCHISE ECOSYSTEM
Information collected is utilized to enhance, manage, and secure our services, ensuring that user experiences are personalized and efficient, from streaming Mad Plus content to purchasing tickets for M26 (The Global Mad Fan Event). This includes managing accounts, responding to customer support, and providing personalized content recommendations, as well as maintaining the security of our platforms and preventing fraudulent activity, particularly in connection with our intellectual property.
Finally, we process user data to comply with legal obligations and to support our marketing efforts, which may include targeted advertisements and promotional materials based on user preferences. All data processing is designed to optimize our operations and deliver tailored content to our global audience, while respecting user privacy choices and complying with applicable regulations.
EXHAUSTIVE PROTOCOLS FOR SHARING INFORMATION WITH OTHER ENTITIES
The Mad Curtis Company, Inc. enforces strict corporate directives prohibiting the sale, rental, or unauthorized trade of your personal identifying information to third-party entities for their independent commercial or marketing gain. However, to execute modern corporate media operations, your information is shared internally among the subsidiaries, operating divisions, and brand affiliates that comprise the Mad Family of Companies. This internal ecosystem includes Mad Entertainment, Mad Interactive, and Mad Curtis Music Group, allowing our integrated units to coordinate user profiles across platforms like Mad Plus, streamline e-commerce fulfillment through the Mad Store, and deliver cohesive franchise experiences.
Beyond our corporate borders, personal information is systematically shared with authorized third-party service providers, technical contractors, and data processors operating under strict confidentiality mandates on our behalf. These external entities are contractually restricted from utilizing, disclosing, or retaining your personal data for any purpose other than executing the specific operational tasks assigned to them. These critical functions encompass digital infrastructure management, credit card processing for events like M26 (The Global Mad Fan Event), streaming cloud optimization, data analytics parsing, customer relationship management, and anti-fraud monitoring.
In the course of developing major cinematic properties, the Company may enter into strategic co-production alliances, joint ventures, or syndication agreements with major industry distribution platforms, including Amazon MGM Studios or Sony Pictures Animation (or others companies/studios). In these collaborative framework environments, limited operational data or analytical metrics may be shared between co-producers to evaluate audience demographic performance and manage regional distribution strategies. Any such data sharing is strictly governed by institutional non-disclosure boundaries and structured to safeguard individual user privacy.
Furthermore, we disclose personal information to external entities when required by law or in the good-faith belief that such action is necessary to comply with judicial proceedings, court orders, or legal processes served upon our global offices. This includes sharing data with law enforcement agencies, government regulators, or security personnel to investigate potential violations of our Terms of Use, protect our intellectual property rights (such as scripts from Arroyo Brothers Pictures our others studios), prevent imminent physical harm, or combat sophisticated cyber-warfare attacks against our servers.
Finally, user information may be shared, transferred, or reassigned to a third party as a core corporate asset in the event of a significant structural reorganization, merger, acquisition, consolidation, asset sale, or in the unlikely event of bankruptcy. If another corporate entity acquires all or substantially all of our media assets, that acquiring company will assume the rights and obligations regarding your personal information as detailed in this policy, with subsequent modifications communicated via our official press platforms.
USER RIGHTS, CONTROLS, AND PERSONAL DATA CHOICES
In strict alignment with modern international data protection standards, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), The Mad Curtis Company provides its users with a centralized suite of data controls. Regardless of geographic location, you possess the definitive legal right to access, inspect, and obtain a portable copy of the personal identifying information our corporate networks have collected, compiled, and maintained regarding your identity. You may exercise this right through our secure Data Subject Portal or by executing an official administrative query to our legal compliance division.
In addition to data access, users maintain the absolute right to demand the immediate rectification, updating, or comprehensive correction of any inaccurate, incomplete, or obsolete personal information within their account architecture. If you determine that your registration metadata on Mad Plus or shipping logs in the Mad Store contain factual errors, our interfaces allow for direct modification. In scenarios where data processing relies on your prior explicit consent, you retain the unyielding right to withdraw that authorization at any moment, without affecting the lawfulness of any processing conducted prior to said withdrawal.
Furthermore, you possess the right to request the complete erasure and deletion of your personal identifying information from our active databases and archives—a right frequently referred to as the "Right to be Forgotten." Upon receiving a validated deletion request, our technical operations teams will systematically scrub your metrics, subject only to narrow legal exceptions where retention is strictly mandated for financial auditing, tax compliance, or ongoing legal defense. Users may also request the restriction of data processing, limiting our systems to mere data storage while disputing information accuracy or challenging corporate processing mandates.
We provide comprehensive mechanisms allowing users to opt out of receiving targeted marketing materials, promotional newsletters, and exclusive development updates regarding our 2027/2028 film slates (OUTCROSS, TIMESHIFT, Downward, Family Disaster, and our Untitled Event Films). Every promotional communication dispatched from our corporate servers contains an automated, single-click "Unsubscribe" hyperlink embedded within the metadata. Additionally, users can modify their communication profiles inside their main account dashboard, ensuring their inbox preferences are respected at all times.
Lastly, we respect your right to manage digital tracking mechanisms and customized advertisement preferences across our networks. You can configure your internet browser or mobile operating system to reject cookies, block tracking pixels, or disable analytics tracking; however, doing so may restrict access to certain interactive experiences, such as downloading our Exclusive Blockbuster Summer Activity and Coloring Pack. The Mad Curtis Company is dedicated to ensuring that exercising your privacy controls will never result in discriminatory treatment, price inflation, or degraded service quality across any of our media platforms.
STRATEGIC PROTECTION OF CHILDREN'S PRIVACY
The Mad Curtis Company recognizes the profound responsibility of safeguarding the digital privacy of children interacting with our family-friendly intellectual properties, such as the Family Disaster franchise under Mad Television. We enforce a rigorous, age-gated architecture across all our applications, streaming hubs, and registration networks to prevent the accidental or unauthorized collection of personal identifying data from children under the age of 13 (or the applicable legal limit defined by regional international statutes).
In scenarios where a digital asset is structurally designed to appeal to or engage a multi-generational audience, our onboarding processes utilize an un-biased age verification wall. If a user identifies themselves as a minor under the age of 13, our systems immediately block the input of personal contact information, disabling public messaging features, geolocation tracking, and targeted advertising cookies. The system then switches to an anonymous, localized experience that complies with the Children's Online Privacy Protection Act (COPPA) of the United States.
When the collection of personal identifying data from a child is necessary to unlock a specific interactive experience, the Company mandates a strict process to obtain verifiable parental consent prior to data capture. Parents are required to verify their identity through recognized industry methods, such as providing a digital signature, answering security questions, or completing a micro-transaction. Parents retain the absolute right to review, modify, or order the deletion of their child's data at any time, and can revoke permission for further collection by contacting privacy@themadcurtiscompany.com.
We strictly limit the volume of data collected from minors to the bare operational minimum required to participate in the designated digital activity. We contractually prohibit our technical service partners from using children's data for behavioral profiling, commercial algorithm training, or targeted marketing campaigns. Our corporate assistants and studio managers undergo continuous training to ensure our entertainment ecosystems remain a safe, secure, and compliant space for young fans worldwide.
To ensure complete transparency regarding minor data management, the Company maintains a dedicated, comprehensive document that isolates these strict protocols. For a full, multi-layered breakdown of our specialized engineering and protective measures, parents and guardians are strongly encouraged to review our independent, standalone Children’s Privacy Policy, which can be accessed via the dedicated hyperlink situated within our main website's legal footer.
COMPREHENSIVE DATA SECURITY, INTEGRITY, AND RETENTION ARCHITECTURES
The preservation of the security, structural integrity, and absolute confidentiality of your personal information is a core mandate guiding our engineering operations. The Mad Curtis Company deploys an advanced defense infrastructure, utilizing top-tier administrative, physical, and digital security measures designed to protect data from unauthorized access, accidental loss, disclosure, or alteration. Our networks secure data transmissions using industry-standard Secure Sockets Layer (SSL) and Transport Layer Security (TLS) cryptographic protocols, alongside advanced database partitioning.
Our physical facilities, data servers, and production offices (including Arroyo Brothers Pictures production sets) implement strict access control protocols, including biometric checkpoints, secure firewall perimeters, and constant surveillance monitoring to eliminate data breaches. Internally, access to personal identifying information is strictly restricted through role-based access tokens, ensuring that only validated executive leaders, data compliance officers, and essential corporate assistants can review sensitive user profiles to execute their tasks.
Despite our extensive security architectures, it is vital to recognize that no digital platform or data transmission over the global internet can be guaranteed as 100% invulnerable to sophisticated hostile actors. The Company maintains a rapidly deploying Incident Response Team that continuously monitors for anomalies, system vulnerabilities, and unauthorized penetration attempts. In the event of a confirmed data breach impacting your personal information, we will initiate nationwide emergency notifications and regulatory disclosures in strict accordance with the mandatory timelines imposed by state and federal laws.
Regarding data retention, The Mad Curtis Company stores your personal information only for the exact duration necessary to fulfill the commercial purposes outlined in this Privacy Policy, unless an extended retention period is required or permitted by statutory law. Our corporate scheduling models categorize retention thresholds based on the underlying nature of the data: registration records are maintained for the active lifecycle of your Mad Plus subscription, while financial logs are archived longer to comply with strict IRS tax codes and corporate auditing parameters.
Once the maximum legal and operational retention threshold for a specific data block is crossed, our database managers execute automated, secure data destruction protocols. This involves permanently purging the physical drives or running irreversible anonymization scripts that convert personal records into generic, un-linkable metrics. This systematic clean-up ensures our cloud storage remains secure and fully compliant with data minimization mandates.
PROTOCOLS FOR GLOBAL DATA TRANSFERS, STORAGE, AND PROCESSING
The Mad Curtis Company operates as an international media enterprise with a global content delivery infrastructure, meaning that personal information collected on our digital properties may be transferred, stored, and processed across international borders. Our primary cloud networks, data center hubs, and corporate computing facilities are centrally located within the United States of America, specifically under the legal jurisdictions of the State of Delaware, where our core corporate infrastructure is established.
Consequently, when you access our platforms, stream our cinematic properties, or communicate with our development team, your personal information will be transferred out of your country of origin and into the United States. You must recognize that the data protection laws and privacy statutes enforced within the United States may differ from, or be less stringent than, the regulations established within your home country (such as the strict protections of the European Union's GDPR).
To ensure that your personal information receives an equivalent and unyielding layer of protection during international trans-border migrations, The Mad Curtis Company implements robust international transfer mechanisms. When migrating data from the European Economic Area (EEA), the United Kingdom, or Switzerland, the Company utilizes the European Commission’s approved Standard Contractual Clauses (SCCs) within our internal corporate agreements and external vendor contracts. These clauses legally obligate the receiving entity to handle the data according to supreme Western privacy safeguards.
Our global operational infrastructure is engineered to comply with shifting international legal frameworks regarding cross-border data flows. Our data management teams continuously audit our server routing maps and data center partners to guarantee compliance with regional frameworks, including Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) and evolving transatlantic data privacy accords. This ensures your information remains secure, regardless of the physical location of the server.
By utilizing our digital services, creating a corporate account, or downloading our official media, you explicitly acknowledge and consent to the international transfer, storage, and processing of your personal information within the United States and other global territories. The Mad Curtis Company remains dedicated to enforcing a unified, top-tier privacy baseline globally, ensuring your personal identity is treated with institutional care and respect across all borders.
AMENDMENTS TO THIS PRIVACY POLICY AND LEGAL NOTICES
The Mad Curtis Company reserves the exclusive right, at its sole discretion, to modify, amend, update, or completely rewrite parts of this Global Privacy Policy at any time to reflect technological advancements, changing industry standards, shifting regulatory mandates, or corporate scaling. When an official amendment is finalized, our web teams will update the "Last Modified" timestamp located at the summit of this document, signaling to the public that a new legal baseline has taken effect across our networks.
For material modifications that significantly alter how our systems collect, share, or utilize your personal identifying information, the Company will deliver prominent and proactive notifications prior to the implementation date. These notifications may include publishing flashing banners across our primary web domains, distributing direct emails to all registered accounts, or releasing an official corporate bulletin inside our public Newsroom interface at themadcurtiscompany.com.
We strongly encourage our audiences, creators, and platform users to check this page periodically to remain thoroughly informed about our current data management principles, data tracking architectures, and privacy practices. Your continued use, browsing, or interaction with any Mad Product or digital asset following the posting of an updated Privacy Policy constitutes your binding, formal acceptance of the modified terms and compliance parameters.
This document stands as the supreme privacy directive for our entire brand family, superseding any prior verbal agreements, outdated web notices, or informal statements regarding data processing. If a court of competent jurisdiction determines that any specific clause or subsection of this policy is invalid, illegal, or unenforceable, that specific element will be severed, while the remaining sections will continue in full force and effect.
CORPORATE COMMENTS, COMPLIANCE QUESTIONS, AND LEGAL INQUIRIES
If you have any questions, regulatory concerns, systematic complaints, or require clarification regarding the data processing mechanisms, corporate tracking cookies, or legal parameters detailed in this Privacy Policy, please contact our legal division. Our specialized data compliance officers and administrative team are fully equipped to address your privacy rights and assist you with data management.
The Company provides direct communication channels to ensure your inquiries are processed with professional priority. You may submit your formal legal requests, CCPA data deletion claims, or GDPR portability queries directly to our primary digital operations clearinghouse via email at: privacy@themadcurtiscompany.com.
Alternatively, you may initiate official communications by routing your administrative correspondence through the appropriate internal channels managed by our operational heads (such as our Business Affairs and Legal division under Priscilla (priscilla@themadcurtiscompany.com), or our Studio Operations unit led by Grettel (gvaldelomar@themadcurtiscompany.com)). The Mad Curtis Company is committed to reviewing, investigating, and resolving all verified privacy concerns within the mandatory timelines established by state and federal statutes.
© Mad. All rights reserved