Privacy Policy

1. Who we are

Cambridge AI Safety Hub ("CAISH", "we", "us", "our") is a project of Meridian Impact CIC, a Community Interest Company registered at Companies House (company number 13653958). Our website is caish.org.

If you have any questions about this privacy policy or how we handle your data, you can contact us at hello@cambridgeaisafety.org.

2. What data we collect and why

2.1 Meeting bookings

When you book a meeting through our calendar at /calendar, we collect:

• Your name — to identify you for the meeting
• Your email address — to send you a calendar invite and meeting details (e.g. a Google Meet link or in-person location)
• Meeting topic — so the person you are meeting knows what to expect
• Date, time, duration, and format (virtual or in-person) — to schedule the meeting

This information is used solely to create the calendar event and send confirmation emails. We do not use it for marketing or share it with third parties beyond the services described in Section 4.

2.2 Google Calendar overlay

Our booking page offers an optional "Overlay your calendar" feature. If you choose to use it, you will be asked to sign in with your Google Account through Google's standard OAuth consent flow. This grants our application read-only access to your Google Calendar events for the scope calendar.events.readonly.

We use this access to:

• Display your existing calendar events alongside our available meeting slots, so you can pick a time that works for you

We do not:

• Store, cache, or persist your Google Calendar data on our servers
• Share your Google Calendar data with any third party
• Use your Google Calendar data for advertising, analytics, or any purpose other than displaying it to you in the browser
• Access your calendar data after your browser session ends

Your Google Calendar data is fetched directly from Google's API to your browser. It is processed entirely client-side and is never transmitted to our servers. The access token is held only in browser memory and is discarded when you close the page or click "Hide your calendar".

You can revoke access at any time by visiting your Google Account permissions page and removing Cambridge AI Safety Hub.

2.2.1 Google API Services Limited Use Disclosure

Cambridge AI Safety Hub's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google Calendar data to provide and improve the calendar overlay feature that you see on the booking page.
• We do not transfer Google Calendar data to any third party, unless necessary to provide the feature, with your explicit consent, or for security/legal purposes.
• We do not use Google Calendar data for serving advertisements.
• No humans read your Google Calendar data. It is processed entirely by client-side code in your browser and is never sent to our servers.

2.3 Mailing list

If you sign up for our mailing list (hosted by HubSpot), we collect your email address. We use it only to send you updates about CAISH events and programmes. You can unsubscribe at any time using the link in any email.

2.4 Programme applications

Applications for our programmes (e.g. Alignment Fellowship, MARS) are collected through third-party form providers (Airtable, Tally). The data you submit — such as your name, email, and application responses — is used solely to evaluate your application. Please refer to the privacy policies of Airtable and Tally for how they handle data on their platforms.

2.5 Automatically collected information

When you visit our website, our hosting provider (Netlify) may automatically collect standard server log data such as your IP address, browser type, and pages visited. This data is used for security, performance monitoring, and rate limiting (e.g. to prevent abuse of the booking system). We do not use analytics tracking tools such as Google Analytics.

3. Legal basis for processing (UK GDPR)

We process personal data on the following bases:

• Consent — when you choose to overlay your Google Calendar, sign up for our mailing list, or submit a programme application
• Legitimate interest — when you book a meeting (we need your details to fulfil the booking) and for server logging (to maintain security and prevent abuse)

4. Third-party services

We use the following third-party services to operate the website. Each processes data only as needed for the stated purpose:

• Google Calendar API & Google Identity Services — for the calendar overlay feature (client-side only)
• Google Apps Script — to check calendar availability and create meeting events
• Google Fonts — to load typefaces used on the site
• Netlify — website hosting and serverless functions
• Resend — to send booking confirmation emails
• HubSpot — mailing list management
• Airtable — programme application forms
• Tally — programme application forms
• Luma — event listing data

5. Data retention

• Google Calendar overlay data — not retained; exists only in browser memory during your session
• Meeting bookings — stored as Google Calendar events for as long as needed to fulfil the meeting
• Mailing list — until you unsubscribe
• Programme applications — for the duration of the application cycle, after which they may be anonymised or deleted
• Server logs — retained by Netlify in accordance with their privacy policy

6. Your rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent at any time (e.g. revoke Google Calendar access, unsubscribe from the mailing list)
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at hello@cambridgeaisafety.org.

7. Cookies and local storage

Our website does not set tracking cookies. We use browser localStorage to cache meeting availability data for performance. This data does not contain personal information and is stored only on your device.

8. Children's privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this privacy policy from time to time. If we make material changes to how we use Google user data, we will notify affected users and obtain fresh consent before using their data in any new way. The effective date at the top of this page indicates when the policy was last revised.

10. Contact

Cambridge AI Safety Hub (a project of Meridian Impact CIC)
Email: hello@cambridgeaisafety.org