Privacy policy

Last updated: December 7, 2025

Mad Hat ("we," "us," or "our") operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you, the customer, with a curated shopping and educational experience (the "Services"). This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. We may collect or process the following categories of personal information depending on how you interact with the Services (e.g., buying physical merchandise vs. enrolling in a digital course):

• • Contact details: Name, address, billing address, shipping address, phone number, and email address.
• • Financial information: Credit card, debit card, and financial account numbers, payment card information, transaction details, and payment confirmations.
• • Account information: Your username, password, security questions, course progress, completion status, preferences, and settings.
• • Transaction information: The items you view, put in your cart, purchase, return, or exchange, and your past transactions (including digital product access logs).
• • Communications with us: Information you include in communications with us, such as customer support inquiries or feedback on course materials.
• • Device information: Information about your device, browser, network connection, IP address, and other unique identifiers.
• • Usage information: Information regarding your interaction with the Services, including how and when you interact with or navigate our website.

Personal Information Sources

We may collect personal information from the following sources:

• • Directly from you: When you create an account, purchase a product, enroll in a course, communicate with us, or otherwise provide us with your personal information.
• • Automatically through the Services: From your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies.
• • From our service providers: When we engage third parties to enable certain technology (such as payment processing or course hosting) and when they collect or process your personal information on our behalf.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

• • Provide, Tailor, and Improve the Services: To perform our contract with you, process your payments, fulfill your orders (shipping physical goods or granting access to digital content), remember your preferences, send notifications related to your account, manage your account, and create a customized experience.
• • Marketing and Advertising: To send marketing, advertising, and promotional communications by email or text message, and to show you online advertisements for products or services.
• • Security and Fraud Prevention: To authenticate your account, provide a secure payment experience, detect and investigate fraudulent or malicious activity, and secure our services.
• • Communicating with You: To provide customer support, respond to inquiries, and maintain our business relationship with you.
• • Legal Reasons: To comply with applicable law, respond to valid legal process, or enforce our terms or policies.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

• • With our Platform & Service Providers: We share information with vendors and third parties who perform services on our behalf (e.g., our ecommerce platform host, payment processors, data analytics, customer support, cloud storage, and fulfillment/shipping partners).
• • With Business and Marketing Partners: To provide marketing services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
• • When You Direct Us: If you request us or otherwise consent to our disclosure of certain information to third parties, such as through your use of social media widgets or login integrations.
• • In Connection with Business Transactions: Such as a merger or bankruptcy, to comply with legal obligations, or to protect/defend our rights and the rights of our users.

Hosting and Data Processing

Our Services are hosted by a third-party ecommerce platform provider. This provider collects and processes personal information about your access to and use of the Services in order to provide the platform functionality to us. Information you submit to the Services will be transmitted to and shared with our platform provider as well as third parties that may be located in countries other than where you reside.

Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies. We do not guarantee and are not responsible for the privacy or security of such sites.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, or resolve disputes.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information:

• • Right to Access / Know: You may have a right to request access to personal information that we hold about you.
• • Right to Delete: You may have a right to request that we delete personal information we maintain about you.
• • Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
• • Right of Portability: You may have a right to receive a copy of the personal information we hold about you.
• • Managing Communication Preferences: You may opt out of receiving promotional emails at any time by using the unsubscribe option displayed in our emails to you.

You may exercise any of these rights by contacting us using the contact details provided below. We will not discriminate against you for exercising any of these rights.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us or lodging a complaint with your local data protection authority.

International Transfers

Please note that we may transfer, store, and process your personal information outside the country you live in. If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date, and provide notice as required by applicable law.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at support@madhat.io.