1. Who We Are

The Centre for Trustworthy AI ("we", "us", "our") is operated by Cloud Lighthouse Ltd, located at 14 Spruce House, London SE10 8HF, United Kingdom.

For any privacy matters, please contact us through the online Contact Form.

2. Scope of This Policy

This policy explains how we collect, use, and protect your personal data when you:

• Visit centerfortrustworthyai.com or its subdomains

• Access our member portal at centru.ai

• Interact with us via events, social media, or support channels

This policy applies globally. Additional rights for UK and EEA residents are explained in section 10.

3. Data We Collect

We may collect the following categories of personal data:

• Account data: Name, email, company, role (kept for 3 years after account closure)

• Usage data: Page views, clicks, IP address, device info (retained for 26 months)

• Marketing data: Newsletter subscriptions, webinar sign-ups (kept until consent is withdrawn)

• Media request data: LinkedIn or organisation URLs (kept for 12 months)

• Support records: Ticket and chat history (retained for 3 years)

4. How We Use Personal Data

We use your data to:

1. Provide and secure our websites and platforms

2. Deliver membership services and content

3. Send transactional emails (e.g. password resets, billing notices)

4. Improve features and content based on usage patterns

5. Send newsletters and invitations if you have given consent

5. Cookies & Similar Technologies

We use the following cookies:

• Essential cookies – required for site functionality (e.g. session ID, security)

• Analytics cookies – anonymised Google Analytics (2-year expiry)

• Preference cookies – remember settings like language or cookie banner status

See our separate Cookie Policy for full details and opt-out options.

6. Sharing & International Transfers

We may share data with service providers as follows:

• Cloud hosting: Squarespace (UK and EU data centres)

• Email & CRM: Microsoft Azure (UK, with GDPR addendum)

• Payments: Stripe (transfers under EU–US and UK–US Data Privacy Framework)

We do not sell personal data. Where data is transferred internationally, we rely on Standard Contractual Clauses or adequacy decisions.

7. Security

We implement robust security measures including:

• ISO 27001-aligned controls

• Encryption at rest (Azure Key Vault) and in transit (TLS 1.2+)

• Role-based access control

• Annual penetration testing and quarterly vulnerability scans

8. Data Retention

We only retain personal data as long as necessary for the purposes outlined or to comply with legal obligations. After the retention period, data is deleted or anonymised.

9. Children

This website is not intended for children under the age of 16, and we do not knowingly collect their data.

10. Your Rights (UK / EEA Residents)

You have the right to:

• Access, correct, or delete your data

• Restrict or object to processing

• Withdraw consent at any time

• Request data portability

• Lodge complaints with the UK ICO or your local data protection authority

To exercise these rights, please contact us using the Contact Form.

11. Changes to This Policy

Any updates will be posted on this page. If we make significant changes, we will highlight them on the homepage. The "Last updated" date will reflect the most recent revision.

12. Contact

Cloud Lighthouse Ltd
14 Spruce House, London SE10 8HF, United Kingdom

Use the Contact Form and select "Privacy Request" for all privacy-related inquiries.