Madplum Creative — Privacy Policy
Effective date: July 16, 2026
Last updated: July 16, 2026
Madplum Creative helps brands make things people remember. Doing that work sometimes involves information you choose to share with us. This Privacy Policy explains what we collect, why we use it, when we disclose it, how we protect it, how long we keep it, and the choices that may be available to you.
We have written this policy to be understandable. The details matter, but there should not be any fine-print games.
1. Who we are and what this policy covers
Madplum Creative, Inc. (“Madplum,” “we,” “us,” or “our”) is responsible for the personal information covered by this Privacy Policy.
This policy applies to personal information we collect for our own business purposes through:
- madplumcreative.com, excluding the shop subdomain described below;
- agency-related contact, project-brief, newsletter, and other forms;
- email, telephone, video calls, social media, and other business communications; and
- interactions with visitors, prospective clients, clients, vendors, contractors, collaborators, and other professional contacts.
We refer to madplumcreative.com, excluding shop.madplumcreative.com, as the “Agency Site.”
The Madplum shop has a separate policy
This Privacy Policy does not apply to shop.madplumcreative.com.
That store is operated through Shopify and is governed by the separate privacy policy posted on the store. Information submitted through the store—including information connected with purchases, payments, fulfillment, customer accounts, and store activity—is handled under that separate policy.
When we work for a client
In some engagements, Madplum processes personal information solely on behalf of a client—for example, while designing, developing, hosting, maintaining, analyzing, or supporting a client’s website or digital experience.
In those circumstances, the client generally determines why and how the information is processed, and Madplum acts as the client’s service provider or processor. The client’s privacy notice and our agreement with that client govern that processing, subject to applicable law.
If you have a privacy question about information submitted to one of our clients, you should normally contact that client directly.
2. Personal information we collect
“Personal information” generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual or household. The precise definition may vary under applicable law.
The information we collect depends on how you interact with us.
Information you provide directly
This may include:
- Contact and professional information, such as your name, email address, telephone number, company, job title, professional profile, and business address.
- Inquiry and project information, such as your organization’s needs, project scope, goals, audience, budget, schedule, and proposal or consultation requests.
- Communications and submitted content, including emails, messages, meeting notes, feedback, questionnaires, documents, images, audio, video, and other files you choose to provide.
- Client and vendor administration information, such as agreements, project approvals, contact records, billing details, invoices, payment status, and tax-related information.
- Subscription and communication information, including whether you have requested agency updates and your communication preferences.
- Employment or contractor information, if you apply for a position or collaboration opportunity through a channel we provide, such as your résumé, portfolio, work history, qualifications, and references.
Please do not submit Social Security numbers, government-identification numbers, payment-card details, health information, biometric information, precise location information, account passwords, or other sensitive personal information through a general Agency Site form or ordinary email unless we specifically request it and provide an appropriate method.
Information collected automatically
When you visit the Agency Site, Madplum and the providers supporting it may collect limited technical and usage information, such as:
- IP address;
- browser, device, and operating-system information;
- pages viewed and links selected;
- referring and exit pages;
- dates and times of access;
- approximate location derived from an IP address;
- general Site-interaction information; and
- diagnostic, error, performance, fraud-prevention, and security information.
Technologies necessary to deliver, maintain, and secure the Agency Site may process limited technical information when you visit.
We may also use optional analytics, functional, marketing, or embedded-media technologies. Where applicable law requires consent before a non-essential technology is used, we will obtain that consent.
Information from other sources
We may receive limited personal information from:
- clients, referrals, business partners, and professional contacts;
- contractors and service providers supporting our operations;
- public websites, business directories, professional networks, and social-media platforms; and
- organizations evaluating or participating in a potential engagement with us.
We generally use information from these sources for legitimate business-to-business communications, relationship management, due diligence, and project planning.
3. How we use personal information
We may use personal information to:
- answer questions and respond to inquiries;
- evaluate potential engagements and prepare proposals;
- enter into and manage client, vendor, contractor, and collaborator relationships;
- provide creative, strategy, branding, design, development, consulting, and related services;
- communicate about projects, approvals, meetings, schedules, deliverables, and billing;
- operate, maintain, troubleshoot, secure, and improve the Agency Site and our business systems;
- understand Agency Site performance and content engagement;
- send agency updates or other communications you have requested;
- maintain records, administer our business, enforce agreements, and resolve disputes;
- protect Madplum, our clients, our personnel, and others from fraud, abuse, security threats, or unlawful activity;
- comply with legal, tax, accounting, insurance, and contractual obligations; and
- support a proposed or completed merger, financing, acquisition, reorganization, or sale of some or all of our business or assets.
We may aggregate or de-identify information and maintain it in that form when it is not reasonably capable of being associated with an individual.
We do not use the Agency Site to make decisions about visitors, prospective clients, clients, vendors, contractors, or collaborators that produce legal or similarly significant effects based solely on automated processing.
4. Legal bases where European or United Kingdom law applies
Where European Economic Area, United Kingdom, or similar data-protection law applies to our processing, we may rely on one or more of the following legal bases:
- taking steps at your request before entering into a contract;
- performing a contract with you or the organization you represent;
- pursuing legitimate interests, such as operating our business, responding to inquiries, maintaining client and professional relationships, improving our services, and protecting our systems;
- complying with legal obligations; and
- your consent, where consent is required.
When we rely on legitimate interests, we consider the nature of the information, the purpose of the processing, our business need, and the possible effects on individuals.
You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing that was lawful before consent was withdrawn.
5. How we use artificial intelligence
As a modern creative agency, we may use artificial-intelligence tools to assist with activities such as drafting, research, ideation, editing, analysis, workflow support, and quality review.
Our approach includes the following principles.
Human judgment remains involved
AI may assist our team, but people remain responsible for evaluating its output and applying professional judgment appropriate to the nature and risk of the work.
We limit what we submit
We do not intentionally submit sensitive personal information or confidential client material to an AI service unless the use is authorized for the engagement and appropriate safeguards are in place.
We use approved tools and settings
We use AI providers, account types, settings, and contractual terms intended to restrict providers from using submitted business or client content for unrelated purposes.
AI providers may still process and retain limited information as necessary to deliver, secure, troubleshoot, or monitor their services, as described in their applicable agreements and privacy terms.
We do not intentionally train generalized models with your information
We do not intentionally use personal information or confidential client content to train a generalized AI model unless the affected client or individual has expressly authorized that use.
We do not rely solely on AI for significant decisions
We do not use AI as the sole basis for decisions about individuals that produce legal or similarly significant effects.
If a particular engagement involves AI in a way that materially affects client-controlled information, the applicable agreement, project documentation, or client instructions will govern that use.
6. Cookies and similar technologies
We may use cookies, pixels, local storage, scripts, embedded content, and similar technologies to operate, maintain, secure, understand, and improve the Agency Site.
Some technologies are necessary for functions such as:
- delivering pages and Site features;
- maintaining security;
- managing traffic;
- detecting abuse or technical problems; and
- remembering certain Site or privacy-related choices.
We may also use non-essential technologies for purposes such as analytics, optional functionality, embedded third-party content, or campaign measurement.
Where applicable law requires consent before a non-essential technology is used, we will obtain that consent. You may also be able to restrict or delete cookies through your browser or device controls. Blocking some technologies may affect Agency Site functionality.
Third-party collection
When a third-party feature or service is loaded—such as an embedded video, map, social-media feature, analytics service, form service, or other external tool—the provider may receive technical information about your visit and may use cookies or similar technologies under its own privacy terms.
Madplum does not control every technology placed or operated directly by an independent third party. We review the services we choose, but the provider’s own privacy notice governs its independent processing.
Do Not Track
Some browsers offer a “Do Not Track” setting. There is not currently a uniform industry or legal standard governing how websites must respond to that signal.
Madplum does not currently treat a Do Not Track signal as an instruction to accept or reject cookies or other technologies.
Because Madplum does not currently sell personal information or share it for cross-context behavioral advertising, a Global Privacy Control signal does not change those current practices.
7. How we disclose personal information
We may disclose personal information in the following circumstances.
Service providers and contractors
We may provide information to companies and individuals that support our business, including providers of:
- website hosting and content delivery;
- cloud storage and file transfer;
- email and communications;
- customer-relationship and project-management systems;
- analytics and technical support;
- security and fraud prevention;
- accounting, billing, payment processing, and tax services;
- legal and professional advice; and
- approved artificial-intelligence services.
We require service providers and contractors, as appropriate to their role and the information involved, to protect personal information and use it only for authorized purposes.
Project collaborators and clients
We may disclose information to clients, independent contractors, production partners, developers, photographers, writers, strategists, consultants, or other collaborators when reasonably necessary to evaluate, perform, manage, or deliver an engagement.
We may also disclose information when you or the organization you represent directs or authorizes us to do so.
Professional advisers
We may provide information to attorneys, accountants, insurers, auditors, consultants, and other professional advisers when reasonably necessary for their services.
Legal, security, and protective purposes
We may disclose information when we reasonably believe disclosure is necessary to:
- comply with applicable law, regulation, court order, subpoena, or valid legal process;
- respond to lawful requests from governmental authorities;
- investigate fraud, security incidents, unlawful conduct, or violations of our agreements;
- protect the rights, property, safety, or security of Madplum, our clients, our personnel, or the public; or
- establish, exercise, or defend legal claims.
Business transactions
Personal information may be reviewed or transferred in connection with a proposed or completed merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar business transaction, subject to appropriate confidentiality and legal requirements.
8. We do not sell personal information or share it for behavioral advertising
Madplum does not currently sell personal information or share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act.
We have not done so during the preceding 12 months.
We will not begin selling personal information or sharing it for cross-context behavioral advertising without first updating our disclosures and providing any choices required by applicable law.
This section does not prevent us from disclosing information to service providers, contractors, clients, or project collaborators for the limited business purposes described in this Privacy Policy.
9. International processing
Madplum is based in the United States. Our clients, personnel, contractors, collaborators, and service providers may operate in the United States, the European Economic Area, and other countries.
As a result, personal information may be processed in a country whose privacy laws differ from those where you live.
Where applicable law requires it, we use contractual, organizational, or other recognized safeguards intended to protect personal information when it is processed across borders.
10. How long we retain personal information
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy.
The appropriate period depends on factors such as:
- the type, amount, and sensitivity of the information;
- the purpose for which it was collected;
- the duration of our relationship with you or the organization you represent;
- whether the information remains necessary to provide services or maintain business records;
- the risk of harm from unauthorized use or disclosure;
- applicable legal, tax, accounting, insurance, and contractual requirements; and
- whether the information is relevant to a dispute, investigation, legal hold, security matter, or potential claim.
In general:
- inquiry and prospective-client records are retained while an opportunity remains active and for a reasonable period afterward;
- client, project, contract, approval, and material business records are retained for the engagement and for a reasonable period afterward based on legal, contractual, insurance, accounting, and recordkeeping needs;
- billing, accounting, and tax records are retained for the periods required by applicable law and sound business practice;
- marketing-subscription information is retained until you unsubscribe or the subscription becomes inactive, although we may retain limited suppression information to continue honoring an opt-out;
- technical, diagnostic, and security records are retained according to their operational and security purposes; and
- information processed on behalf of a client is retained according to the client’s instructions and the applicable agreement.
Information may remain temporarily in secure backups until it is overwritten through normal backup processes.
When personal information is no longer reasonably required, we delete it, de-identify it, or place it beyond routine use, as appropriate.
11. How we protect personal information
We use administrative, technical, and organizational safeguards that we consider reasonable and appropriate based on:
- the nature and sensitivity of the information;
- the systems and providers involved;
- foreseeable risks;
- the size and scope of our operations; and
- applicable contractual and legal requirements.
No method of transmission, storage, or processing is completely secure. We therefore cannot guarantee that unauthorized access, loss, misuse, alteration, or disclosure will never occur.
If a security incident triggers notification obligations, we will provide the notices required by applicable law.
12. Your choices and privacy rights
Your rights depend on where you live, the nature of our relationship with you, and which laws apply to our processing.
Where applicable, you may have the right to:
- confirm whether we process your personal information;
- obtain access to personal information we hold about you;
- receive information about the categories, sources, purposes, and recipients of your information;
- correct inaccurate personal information;
- request deletion of personal information, subject to legal and operational exceptions;
- receive a portable copy of certain information;
- withdraw consent;
- object to or restrict certain processing;
- opt out of the sale of personal information, sharing for cross-context behavioral advertising, or targeted advertising;
- limit certain uses or disclosures of sensitive personal information;
- opt out of certain profiling or automated decision-making uses where applicable;
- appeal a decision concerning a privacy request; and
- exercise your rights without unlawful discrimination or retaliation.
Because Madplum does not currently sell personal information or share it for cross-context behavioral advertising, there is no current Madplum practice from which you need to opt out.
Even where a particular privacy law does not require us to grant a request, we may consider reasonable access, correction, deletion, and communication-preference requests as a matter of good practice.
How to submit a request
Email info@madplumcreative.com with “Privacy Request” in the subject line.
Please describe your request and provide enough information for us to identify the relevant records. We may need to verify your identity or authority before acting.
You may use an authorized agent where applicable. We may request evidence that the agent is authorized to act for you and may also verify your identity directly.
We will respond within the period required by applicable law.
Some requests may be denied or limited when an exception applies, including when information is reasonably necessary to:
- complete a transaction or provide requested services;
- protect security or prevent fraud;
- comply with legal, tax, accounting, insurance, or contractual obligations;
- establish, exercise, or defend legal claims;
- preserve evidence;
- exercise legal rights; or
- protect the rights and privacy of another person.
If applicable law gives you a right to appeal our decision, you may reply to our response or email us with “Privacy Appeal” in the subject line.
Residents of the European Economic Area or United Kingdom may also have the right to submit a complaint to the data-protection supervisory authority where they live or work.
Marketing communications
You may unsubscribe from marketing emails by using the unsubscribe option in the message or contacting us.
We may still send non-marketing communications concerning an active inquiry, engagement, payment, security matter, or legal obligation.
13. Children’s privacy
The Agency Site is designed for a business audience and is not directed to children under 16.
We do not knowingly collect personal information online from children under 13. If you believe a child has provided personal information to us through the Agency Site, contact us so we can investigate and take appropriate action.
The separate privacy policy posted at shop.madplumcreative.com governs information collected through the Madplum store.
14. Third-party websites and services
The Agency Site may link to or offer content or functionality provided by third-party websites and services.
Their privacy, security, and data-use practices are governed by their own policies and agreements. Madplum is not responsible for the privacy practices of an independent third party merely because the Agency Site links to it or offers the option to use or load its content.
This includes shop.madplumcreative.com, which has its own posted privacy policy.
15. Changes to this Privacy Policy
We may update this Privacy Policy as our practices, services, technology, providers, and legal obligations change.
When we make an update, we will revise the “Last updated” date and publish the revised policy.
If a change materially expands how we use or disclose personal information already collected, we will provide additional notice and obtain consent where required.
We will not apply materially broader practices retroactively in a manner inconsistent with our prior commitments unless permitted by law and appropriately disclosed.
16. Contact us
Questions, privacy requests, or concerns may be directed to:
Madplum Creative, Inc.99 Jackson St., Suite 266
Davidson, NC 28036
Email: info@madplumcreative.com
We would genuinely rather hear about a concern than leave it unresolved.
Nothing in this Privacy Policy limits any rights or obligations that cannot lawfully be limited.
© 2026 Madplum Creative, Inc. All rights reserved.