Privacy Policy

Last updated: 25 April 2026

Who this covers and who is responsible

This policy applies to thetrustsequence.com and to the LinkedIn integration application registered under the same name. The data controller for both is Maris Skujins, an individual based in Latvia. Contact: [email protected].

The LinkedIn integration exists to publish posts authored by Maris Skujins to his own personal LinkedIn profile on a schedule. It is not used to access, post on behalf of, or collect data from any other person.

Information we collect

From visitors to thetrustsequence.com

If you submit the early-access form, we collect:

• Your first name (optional, used to personalise any future message)
• Your email address (required, used to contact you about the book)
• The date and time your submission was received

We do not collect your IP address, browser fingerprint, location, or any tracking identifier through the form. The site itself sets no first-party cookies, runs no analytics scripts, embeds no advertising trackers, and uses no fingerprinting or social-media pixels.

From the LinkedIn integration

The LinkedIn integration authenticates as Maris Skujins through LinkedIn's standard OAuth 2.0 flow. It stores:

• An access token and refresh token issued by LinkedIn, used to publish posts
• Basic profile information (name, profile URL) returned by LinkedIn during sign-in
• The text and image content of posts that are queued for publishing, plus a log of posts that have been published (including post URL and timestamp)

These tokens authorise the application to act only on behalf of Maris Skujins, only on his own LinkedIn profile. The application does not collect, request, or store information about any other LinkedIn user.

Legal basis for processing (GDPR)

Where the GDPR applies, we rely on the following lawful bases under Article 6:

• Consent (Art. 6(1)(a)) — for collecting and using your email address through the early-access form. By submitting the form you give us permission to contact you for the purpose described below. You can withdraw this consent at any time, with no effect on the lawfulness of any processing that took place before withdrawal.
• Legitimate interests (Art. 6(1)(f)) — for the operation of the LinkedIn integration on the controller's own profile. The integration processes only the controller's own personal data (his own tokens, his own posts) and does not affect third parties.

How we use the information

• Your name and email are used solely to notify you when the book becomes available, and to send a small number of related updates about the book (for example, the first framework, or a chapter excerpt). We do not use this data for advertising, profiling, or automated decision-making, and we will never sell or rent it.
• OAuth tokens are used only to call LinkedIn's API to publish posts and add the first comment under each post.
• Post content is published to Maris's LinkedIn profile and retained in an operational log so we can confirm what was published, when, and whether it succeeded.

Where your data is stored, who processes it, and international transfers

We use the following processors to operate the site and integration:

• Google LLC — the early-access form submits your name and email to a Google Apps Script endpoint, and the data is stored in a Google Sheet within a Google Workspace account controlled by Maris Skujins. Google processes data on Google's infrastructure, which may include servers in the United States. Transfers to the US are covered by the EU–US Data Privacy Framework, to which Google is certified, and by Google's Standard Contractual Clauses where applicable.
• GitHub, Inc. (a subsidiary of Microsoft) — hosts the static website via GitHub Pages. GitHub may collect aggregate request logs (including visitor IP addresses) for security and abuse-prevention purposes, governed by GitHub's own privacy policy. We do not access these logs.
• LinkedIn Ireland Unlimited Company — the destination platform for posts created by the integration. The integration interacts with LinkedIn's API; LinkedIn processes the resulting content under its own terms and privacy policy.
• The hosting provider for the LinkedIn integration server — a server located in the EU, controlled by Maris Skujins. OAuth tokens, queued posts, and the post log are stored here, on storage that is not world-readable and not exposed to the public internet except through authenticated API endpoints.

We do not share, sell, or transfer your personal data to any party outside the processors listed above.

How long we keep your data

• Your name and email are kept until you ask us to remove them, or until 24 months after the book is published (whichever is sooner), at which point the early-access list is deleted.
• OAuth tokens are kept only for as long as the integration is in use; they are deleted on request, when the integration is decommissioned, or when you (as the LinkedIn account holder) revoke the application's access in LinkedIn settings.
• Post logs are kept for operational and auditing purposes for up to 24 months and then deleted.

Your rights under the GDPR

If your personal data is processed by us, you have the following rights:

• Right of access (Art. 15) — ask for a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17), the “right to be forgotten” — ask us to delete your data.
• Right to restriction of processing (Art. 18) — ask us to pause processing while a question is resolved.
• Right to data portability (Art. 20) — receive the data you provided in a common machine-readable format.
• Right to object (Art. 21) — object to our use of your data on the basis of legitimate interests.
• Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time. Every email we send will include a one-click unsubscribe link, and you can also unsubscribe by replying with the word “unsubscribe” or by emailing us directly.

To exercise any of these rights, email [email protected]. We aim to respond within 30 days, as required by Article 12(3) of the GDPR.

Right to complain to a supervisory authority

If you believe your rights have been infringed, you can lodge a complaint with the data protection supervisory authority of the EU/EEA member state where you live, where you work, or where the alleged infringement took place. The supervisory authority for the controller is Latvia's Data State Inspectorate (Datu valsts inspekcija), www.dvi.gov.lv.

Automated decision-making and profiling

We do not use your data for automated decision-making or profiling within the meaning of Article 22 of the GDPR.

Security

We take reasonable technical and organisational measures to protect your data, including transport-layer encryption (HTTPS) for all submissions, restricted access to the systems that hold the data, and the use of established processors that maintain their own security programmes. No system is perfectly secure; if a breach occurs that is likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours and, where required, you directly.

Children

The site and the integration are not directed at children under 16 and do not knowingly collect information from them. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

If this policy changes materially, the “Last updated” date above will be revised. For substantive changes that affect how we use data already collected from you, we will notify you by email before the change takes effect.

Contact

Questions about this policy, or about data held about you: [email protected].