AMBROSE PRODUCTIONS INC. PRIVACY POLICY

Effective: February 20, 2026

Ambrose Productions Inc. (“Ambrose,” “we,” “us,” or “our”) does not sell personal information for monetary value. However, under certain privacy laws, use of third-party analytics or advertising technologies may be considered “sharing.”

YOUR PRIVACY CHOICES

You have the right to opt out of:

Sale of personal information
Sharing of personal information for targeted advertising
Certain automated profiling activities

HOW TO OPT OUT

Option 1: Email
info@ambroseproductions.com
Subject line: “Opt-Out Request”

Option 2: Global Privacy Control (GPC)
We honor browser-based opt-out signals where required by law.

Option 3: Cookie Preferences
Manage via the Cookie Preferences link in our website footer.

Marketing opt-outs may take up to 30 days to process.

1. INTRODUCTION, SCOPE & DEFINITIONS

Ambrose Productions Inc. (“Ambrose,” “we,” “our,” or “us”) is an independent film and television studio engaged in the development, financing, production, distribution, licensing, marketing, merchandising, and commercialization of audiovisual content and related intellectual property across theatrical, streaming, digital, and live-event platforms.

We recognize that personal information is entrusted to us in a variety of professional, creative, and commercial contexts. This Privacy Policy explains how Ambrose collects, uses, processes, stores, transfers, and protects personal information when individuals interact with us.

This Privacy Policy applies to:

Ambrose-operated websites and microsites
Streaming or digital viewing platforms
Casting and talent submission portals
Employment application systems
Investor communications
Event registrations and screenings
Promotions and contests
Social media integrations
Any service linking to this Privacy Policy
(collectively, the “Services”).

DEFINITIONS

For purposes of this Notice:

“Personal Information” means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual or household.
“Sensitive Personal Information” includes government identification numbers, financial account credentials, background check information, and similar legally protected data.
“Processing” means collection, use, storage, disclosure, analysis, or deletion of personal information.

BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THIS Privacy Policy AND AGREE TO ITS TERMS.

If you do not agree, you should not access or use our Services. This Privacy Policy forms part of our Terms of Use.

2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

Ambrose collects personal information reasonably necessary to operate our creative and business activities in a lawful and proportionate manner.

We adhere to principles of:

Data minimization
Purpose limitation
Storage limitation
Security and integrity

A. Identifiers

Name
Email address
Mailing address
Telephone number
IP address
Device identifiers
Account credentials
Online identifiers

B. Professional & Business Information

Employer
Job title
Production credits
Guild affiliations
Agency representation
Resume / CV
Investor accreditation documentation

C. Commercial Information

Transaction history
Purchase records
Merchandise orders
Ticket purchases
Payment confirmations

D. Internet & Device Activity

Browsing activity
Pages viewed
Engagement metrics
Streaming duration
Referring URLs
Browser type and version
Device type
Session timestamps

E. Geolocation Data

General geographic location derived from IP address
Event attendance check-ins

We do not collect precise GPS location data without explicit consent.

F. Casting & Employment Information

Headshots and reels
Application materials
Background screening results (where lawful)
Payroll information
Work authorization documentation

G. Sensitive Personal Information (Limited Collection)

We collect Sensitive Personal Information only where strictly necessary, including:

Government ID numbers (employment compliance)
Tax information
Background check results

We do not use Sensitive Personal Information for marketing or profiling.

3. SOURCES OF PERSONAL INFORMATION

We collect personal information from the following sources:

A. Directly From You

When you:

Register for communications
Purchase products or tickets
Submit casting materials
Apply for employment
Attend events
Communicate via phone, SMS, or email
Participate in surveys or promotions

B. Automatically Through Technology

We collect certain data automatically through:

Log files

Web beacons

Pixel tags

Security monitoring systems

Log File Data

When you visit our Services, we may record:

IP address
Operating system
Browser type
ISP or carrier
Pages viewed
Date/time of visit
Mobile device information

This data supports site functionality, analytics, and security.

C. From Third Parties

We may receive personal information from:

Talent agencies

Public databases

Social media platforms

Marketing partners

Investor verification services

Background screening providers

We may combine such information with data collected directly.

4. PURPOSES OF PROCESSING

Ambrose processes personal information for legitimate creative, operational, and legal purposes.

A. Service Provision

Operating digital platforms
Managing film and television releases
Processing transactions
Providing customer support

B. Audience Engagement & Marketing

Sending promotional updates
Inviting you to screenings or events
Conducting audience research
Delivering tailored promotional content (where permitted)

C. Production & Talent Operations

Evaluating casting submissions
Hiring and onboarding crew
Administering payroll
Complying with guild obligations

D. Corporate Governance & Compliance

Investor communications
Regulatory compliance
Contract administration
Risk management

E. Security & Fraud Prevention

Detecting unauthorized access
Preventing fraud
Protecting intellectual property

F. Analytics & Business Improvement

Measuring engagement
Improving website performance
Testing new features

We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review.

5. LEGAL BASES FOR PROCESSING (WHERE APPLICABLE)

Where GDPR or similar laws apply, Ambrose relies on:

• Performance of a contract

• Legitimate interests (balanced against individual rights)

• Legal obligations

• Consent

Where consent is required, you may withdraw consent at any time without affecting prior lawful processing.

6. COMMUNICATIONS, CONSENT & TARGETED ADVERTISING

A. Email Communications

You may opt out of promotional emails by clicking the “unsubscribe” link in any message.

Transactional or service-related communications may continue as necessary.

B. SMS & Telephone Communications (TCPA Compliance)

If you provide your phone number, you expressly consent to receive communications via:

• SMS

• Text message

• Automated dialing systems

• Artificial or prerecorded voice

You represent that you are authorized to provide such consent. Standard carrier rates may apply. You may opt out by replying “STOP.”

C. Targeted Advertising & Analytics

We may use third-party analytics and advertising technologies to:

• Understand audience engagement

• Deliver promotional content

• Optimize marketing campaigns

These technologies may use cookies or device identifiers.

You may opt out via:

• Global Privacy Control

• Cookie Preferences

• privacy@ambroseproductions.com

Ambrose does not sell personal information for monetary consideration.

D. Data Combination & Profiling Transparency

We may combine personal information from different sources to:

• Improve content relevance

• Enhance audience insights

• Strengthen fraud prevention

We do not engage in profiling that produces legal or similarly significant effects without meaningful human involvement.

7. SALE OR SHARING OF PERSONAL INFORMATION; TARGETED ADVERTISING

Ambrose does not sell personal information for monetary consideration.

However, under certain U.S. state privacy laws (including the California Consumer Privacy Act, as amended by CPRA), some uses of third-party analytics, cross-context behavioral advertising technologies, or digital marketing services may be considered “sharing” of personal information.

A. Categories Potentially Shared for Advertising/Analytics

We may share the following categories with advertising or analytics partners:

• Identifiers (IP address, device ID, cookie ID)

• Internet or network activity data

• General location data

• Interaction and engagement metrics

We do not knowingly share:

• Government ID numbers

• Financial account numbers

• Background check data

• Sensitive employment documentation

B. Opt-Out Rights

Where required by law, you may opt out of:

• Cross-context behavioral advertising

• Targeted advertising

• Sale or sharing of personal information

• Profiling in furtherance of decisions producing legal or similarly significant effects

You may exercise these rights via:

• Email: privacy@ambroseproductions.com

• Global Privacy Control (GPC)

• Cookie Preference Center

We will not discriminate against you for exercising these rights.

8. DISCLOSURE OF PERSONAL INFORMATION TO SERVICE PROVIDERS & PARTNERS

Ambrose discloses personal information to third parties only where necessary and subject to contractual safeguards.

A. Categories of Service Providers

We may disclose personal information to:

• Cloud hosting and infrastructure providers

• Content delivery networks

• CRM and communications platforms

• Payment processors

• Accounting and payroll providers

• Casting management platforms

• Background screening vendors

• Security and fraud prevention vendors

• Marketing and analytics vendors

• Legal and professional advisors

Each vendor is contractually required to:

• Use personal information only for specified purposes

• Maintain reasonable security safeguards

• Not retain, use, or disclose personal information beyond the contracted scope

• Comply with applicable data protection laws

B. Production & Distribution Ecosystem

In connection with film and television production, we may share necessary personal information with:

• Co-producers

• Studios

• Distributors

• Licensing agents

• Merchandising partners

• Guilds or unions (where required)

Disclosures are limited to the minimum necessary for operational purposes.

9. DATA RETENTION & MINIMIZATION

Ambrose retains personal information only for as long as reasonably necessary to:

• Fulfill the purpose for which it was collected

• Satisfy contractual obligations

• Comply with legal or regulatory requirements

• Resolve disputes

• Enforce agreements

A. Retention Factors

Retention periods are determined based on:

• Nature of the relationship

• Sensitivity of the data

• Legal obligations

• Statutory limitation periods

• Regulatory guidance

B. De-Identification

Where feasible, we may:

• De-identify personal information

• Aggregate information

• Remove direct identifiers

De-identified information may be retained for analytics and research purposes in accordance with applicable law.

10. INTERNATIONAL DATA TRANSFERS

Ambrose operates primarily in the United States but engages in global production, distribution, and marketing activities.

Personal information may be transferred to, stored in, or processed in jurisdictions outside your country of residence.

A. Safeguards

Where required by applicable law, we rely on:

• Standard Contractual Clauses (SCCs)

• Data Processing Agreements

• Vendor risk assessments

• Lawful transfer mechanisms recognized under GDPR and UK GDPR

B. EU/UK Individuals

If you are located in the European Union, European Economic Area, or United Kingdom, we process personal information in accordance with:

• EU GDPR

• UK GDPR

You may request additional information regarding transfer safeguards.

11. YOUR PRIVACY RIGHTS & REQUEST PROCEDURES

Depending on your jurisdiction, you may have the right to:

• Access personal information

• Correct inaccuracies

• Request deletion

• Obtain a portable copy

• Restrict processing

• Object to certain uses

• Withdraw consent

• Opt out of sale or sharing

• Appeal denial of a request

A. Verification

To protect against fraudulent requests, we may:

• Request identity verification

• Match information already on file

• Use reasonable verification procedures

We will not require excessive documentation.

B. Response Timing

We will respond within the timeframe required by applicable law (generally 30–45 days).

If we deny your request, you may have the right to appeal. Appeals may be submitted via: privacy@ambroseproductions.com

12. CALIFORNIA RESIDENT DISCLOSURES (CPRA)

California residents have the right to:

• Know categories of personal information collected

• Know categories disclosed or shared

• Request deletion

• Request correction

• Opt out of sale or sharing

• Limit use of sensitive personal information

• Non-discrimination

Ambrose does not use sensitive personal information for purposes beyond those necessary to provide Services.

We do not engage in profiling that produces legal or similarly significant effects without human review.

13. OTHER U.S. STATE PRIVACY RIGHTS

Residents of Colorado, Texas, Virginia, Connecticut, Utah, and other states may have similar rights, including:

• Access

• Correction

• Deletion

• Data portability

• Opt-out of targeted advertising

• Opt-out of profiling

We honor applicable state-specific rights as required by law.

14. CHILDREN’S PRIVACY & COPPA

Our Services are intended for individuals aged 13 and older.

Individuals under 13 may not create accounts or submit personal information without verified parental consent.

If we become aware that personal information from a child under 13 has been collected without appropriate consent, we will:

• Delete the information

• Terminate associated accounts (if applicable)

For casting or child talent submissions, additional compliance measures may apply.

15. DATA SECURITY & GOVERNANCE

Ambrose implements administrative, technical, and physical safeguards designed to protect personal information, including:

• Encryption in transit (TLS)

• Secure hosting infrastructure

• Role-based access controls

• Access logging

• Vendor due diligence

• Multi-factor authentication (where appropriate)

• Regular review of security practices

We also maintain internal data governance policies to limit data access to personnel with a legitimate business need. No system can guarantee absolute security.

16. INCIDENT RESPONSE & BREACH NOTIFICATION

In the event of a data security incident involving personal information, Ambrose will:

• Promptly investigate

• Contain and mitigate the issue

• Assess risk to affected individuals

• Provide notifications as required by applicable law

• Cooperate with regulators where necessary

Notification timing and content will comply with federal, state, and international requirements.

17. DO NOT TRACK; GLOBAL PRIVACY CONTROL; CROSS-DEVICE SIGNALS

Ambrose recognizes legally valid browser-based signals such as Global Privacy Control (GPC).

If enabled, we will treat such signals as a valid opt-out request where required by law. Preferences must be set for each device and browser. We do not currently respond to traditional “Do Not Track” signals unless required by law.