Privacy Policy

1. Who We Are

This Privacy Policy applies to marklynd.com and related services operated by Mark Lynd (referred to as "we," "us," or "our"). Mark Lynd is the data controller responsible for personal information processed in connection with this site and the speaking, advisory, partnership, and publishing services offered through it.

For privacy inquiries, correction requests, or data subject rights requests, contact us via the contact form with the subject line "Privacy Request."

2. Scope

This policy covers personal information collected through: (a) marklynd.com website; (b) the Cybervizer and AI Bursts newsletters; (c) contact, booking, partnership, and media-inquiry forms; (d) keynote, advisory, and partnership engagements arranged through this site; and (e) communications with our team. It does not cover third-party sites we link to, which operate under their own policies.

3. Information We Collect

3.1 Information You Provide Directly

• Contact & booking forms: name, email address, organization, job title, event date, event type, budget range, message content, and any additional details you include.
• Newsletter subscriptions: email address and, optionally, name and role.
• Engagement contracts: billing contact, invoicing address, payment details (processed by third-party payment processors — we do not store card numbers), and engagement-specific information.
• Correspondence: the content of emails, call notes, and other communications you send to us.
• Media inquiries: journalist name, outlet, deadline, story topic, and any materials you share.

3.2 Information Collected Automatically

• Server logs: IP address, user-agent string, referring URL, pages visited, response codes, and timestamps. Retained up to 30 days for security, abuse prevention, and operational diagnostics.
• Analytics data: aggregated, anonymized metrics about how visitors use the site. Collected via Google Analytics after first meaningful interaction (scroll, click, or keyboard input).
• Cookies & local storage: small data files used for analytics, session management, and performance optimization. See Section 7.
• Device & browser info: operating system, screen resolution, and general location (country/region level from IP), used for responsive delivery and aggregate analytics.

3.3 Information from Third Parties

• Newsletter platform (Beehiiv): subscribe/unsubscribe events, open and click metrics, bounce/spam reports.
• Speaker bureaus, event organizers, and brand partners: if a third party introduces you to us for an engagement, we may receive the information they share about you (name, organization, event details).
• Public professional sources: LinkedIn, Thinkers360, company websites — used to verify engagement context (not stored beyond what's needed to respond).

4. How We Use Personal Information

We process personal information for the following purposes:

• Service delivery: responding to inquiries; scheduling and delivering speaking engagements, advisory sessions, workshops, tabletop exercises, and brand partnerships; fulfilling contractual obligations.
• Newsletters: sending the newsletters you have subscribed to (Cybervizer, AI Bursts); measuring newsletter performance in aggregate.
• Business operations: invoicing, contract management, tax and accounting records, financial reporting.
• Site improvement: understanding aggregate traffic patterns, fixing bugs, improving content and performance.
• Security & fraud prevention: detecting abuse, rate-limiting, and blocking malicious actors.
• Legal compliance: complying with applicable laws, regulations, court orders, and legitimate government requests; enforcing our Terms & Conditions.
• Marketing (limited): sending occasional updates about new services, books, or speaking topics — only to contacts who have opted in. You can opt out at any time.

5. Legal Bases for Processing (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under Article 6(1) GDPR:

• Contract (Art. 6(1)(b)): processing necessary to respond to your inquiry, negotiate an engagement, or deliver a contracted service.
• Consent (Art. 6(1)(a)): newsletter subscriptions and optional marketing communications. You may withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)): operating and securing the site, understanding aggregate analytics, and maintaining business records. We balance our legitimate interests against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)): tax, accounting, and other legally required retention.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

6. Sharing & Disclosure

We do not sell or rent personal information. We share personal information only with:

• Service providers acting on our behalf: Cloudflare (hosting, security, CDN), Google Analytics (aggregated analytics), Beehiiv (newsletter delivery), invoicing/accounting platforms, e-signature providers for contracts, and payment processors. These providers are bound by data-processing agreements.
• Engagement counterparties: when you book an engagement, we share relevant contact information with your event team, production partners, or travel coordinators as needed to deliver the service.
• Legal & regulatory: law enforcement, regulators, or courts in response to valid legal process, or to protect our rights, safety, or property.
• Business transfers: in the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to the terms of this policy.

7. Cookies & Similar Technologies

We use a minimal set of cookies:

• Strictly necessary: session security and CSRF protection on forms. These cannot be disabled.
• Analytics: Google Analytics cookies, loaded only after first user interaction. These help us understand aggregate usage; we do not use them to build profiles across sites.
• No advertising or cross-site tracking cookies.

You can block or delete cookies via your browser settings. Blocking analytics cookies does not affect site functionality.

Global Privacy Control & Do Not Track: we honor GPC signals from compliant browsers as a valid opt-out from the limited marketing/analytics uses described above.

8. International Data Transfers

Our infrastructure is primarily hosted in the United States via Cloudflare, with global edge presence. If you access the site from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where such transfers occur from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other lawful mechanisms.

9. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected:

• Contact-form submissions (non-contracted): up to 90 days, then deleted.
• Engagement records (contracts, invoices, event details): 7 years for tax and legal compliance, unless a longer period is required.
• Newsletter subscriptions: until you unsubscribe. Suppression list retained indefinitely to honor unsubscribes.
• Server logs: up to 30 days.
• Analytics data: aggregated and retained for up to 26 months (Google Analytics default).

10. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate or incomplete information.
• Deletion / erasure: request deletion, subject to legal retention requirements.
• Restriction: request we restrict processing in certain circumstances.
• Portability: receive your information in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time (does not affect processing already conducted).
• Complaint: lodge a complaint with your local supervisory authority (e.g., ICO in the UK, your national DPA in the EU).

California Residents (CCPA / CPRA)

In addition to the rights above, California residents have the right to know what categories of personal information are collected, used, disclosed, and sold or shared; the right to delete; the right to correct; the right to opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising); the right to limit use of sensitive personal information; and the right to non-discrimination for exercising these rights.

We do not knowingly sell or share personal information of any California resident. To submit a verifiable request, use the contact form.

Exercising Your Rights

Submit requests via the contact form. We respond within 30 days (may extend by 60 days for complex requests, with notice). Verification may be required to protect against unauthorized requests. Authorized agents may act on your behalf with written authorization.

11. Security

We implement administrative, technical, and physical safeguards designed to protect personal information:

• HTTPS/TLS encryption in transit, HSTS enforced.
• Encryption at rest for stored form submissions and engagement records.
• Strict access controls — personal information is accessed only by Mark Lynd and authorized service providers with a need to know.
• Regular security reviews, including annual application and infrastructure assessments.
• No storage of payment card data on our systems; payment processing is handled by PCI-compliant third parties.

No system is perfectly secure. In the event of a breach affecting your personal information, we will notify you and applicable regulators consistent with legal requirements.

12. Children's Privacy

This site is designed for professional audiences and is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact us and we will promptly delete it.

13. Third-Party Links

Our site links to third-party sites (Amazon, newsletter platforms, partner sites, social media). Those sites operate under their own privacy policies. We are not responsible for their practices.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date reflects the most recent revision. Material changes will be announced to newsletter subscribers and prominently posted on the homepage for at least 30 days. Continued use of the site after changes become effective constitutes acceptance.

15. Contact

Privacy questions, data subject rights requests, complaints, or other inquiries: marklynd.com/contact.

Postal mail: Mark Lynd, Attn: Privacy, Frisco, Texas, United States.