Privacy Policy

Last updated: 28 April 2026

Cambridge AI Consultants is a trading name used by a sole trader registered with the Information Commissioner's Office (ICO), registration reference C1892255. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).

1. Who We Are

Cambridge AI Consultants provides AI strategy advisory services to UK businesses. For data protection enquiries, contact us at [email protected].

2. What Data We Collect

We may collect and process the following data:

• Business contact information: Name, job title, business email address, company name, and company registration details (e.g. FCA number, Companies House number).
• Booking information: Details provided via our booking form, including firm name, firm size, and responses to intake questions.
• Session data: Notes and recordings from our consultations. Session recordings are made only with your verbal consent, confirmed at the start of each call.
• Payment information: Processed securely by Stripe. We do not store your card details.
• Website usage data: Where you have given consent via our cookie banner, we collect analytics and advertising-attribution data using the third-party tools listed in §6 below. If you decline, or have not yet given consent, we collect only basic anonymous usage data provided by our hosting platform (Cloudflare) as part of standard web serving.

3. How We Obtain Your Data

We obtain your data from the following sources:

• Directly from you: When you book a session, contact us, or fill in our intake form.
• Public registers: We source business contact information from publicly available registers, including the FCA Financial Services Register, the SRA Solicitors Register, and Companies House. This data is used for business-to-business outreach only.
• Third-party enrichment: We may use business data enrichment services to identify appropriate business contacts at firms listed on public registers.

4. Lawful Basis for Processing

We process your data under the following lawful bases:

• Contract: To deliver the advisory services you have booked and paid for.
• Legitimate interests: To contact businesses about our services via email. Our legitimate interest is promoting our advisory services to businesses that may benefit from them. We have conducted a Legitimate Interest Assessment (LIA) and concluded that this interest is not overridden by your rights, given that: (a) we contact you in a professional business capacity; (b) the data is sourced from public business registers; (c) we provide a clear and easy way to opt out; (d) we only contact corporate subscribers (limited companies and LLPs), not sole traders or individuals.

5. B2B Email Communications

We may send you email communications about our services if you are a corporate subscriber (a limited company or LLP) as defined under PECR Regulation 22. In accordance with PECR:

• We do not send unsolicited emails to sole traders, non-LLP partnerships, or individuals.
• Every email we send identifies us by name and provides a valid contact address.
• Every email includes a clear, functional unsubscribe mechanism.
• If you opt out, we action your request immediately and add you to our suppression list to prevent future contact.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on this website only with your explicit, granular consent. Our cookie banner lets you choose Analytics, Advertising, or both — or decline all non-essential cookies. The two categories are independent: you can grant one and decline the other.

Strictly necessary — always on. Stores your cookie preference itself. No third-party data sharing.

Analytics — help us understand how visitors use the site (loaded only if you grant the Analytics category):

• Google Analytics 4 (GA4): anonymised page-view and event data. Provider: Google LLC. Privacy policy.
• PostHog: event-level analytics, hosted on PostHog's EU infrastructure for UK/EEA data residency. Provider: PostHog Inc. Privacy policy.

Advertising — help us measure which ads bring visitors to the site, so we can spend our advertising budget effectively (loaded only if you grant the Advertising category):

• Meta Pixel (Facebook / Instagram). Provider: Meta Platforms Ireland Ltd. Privacy policy.
• Reddit Pixel. Provider: Reddit Inc. Privacy policy.
• Quora Pixel. Provider: Quora Inc. Privacy policy.
• Microsoft UET and Microsoft Conversions API (Bing Ads). Provider: Microsoft Ireland Operations Ltd. Privacy policy. The Conversions API is a server-to-server delivery channel for the same Microsoft Advertising service as UET — when you confirm a booking, conversion event details (no cookies) are transmitted from our server to Microsoft's, only if you granted the Advertising category.

We do not load any of these tracking technologies until you have explicitly granted the matching category in our cookie banner. If you decline, choose only one category, or have not yet made a choice, only the categories you granted are loaded.

You can withdraw or change your consent at any time by clicking "Cookie preferences" in our footer.

Cookies set by these tools include both session cookies (deleted when you close your browser) and persistent cookies (retained for up to 24 months). For details of specific cookies set by each provider, refer to the privacy policies linked above.

Attribution context. When you arrive at this site from an advertisement, the URL contains a click identifier (such as qclid for Quora, rdt_cid for Reddit, gclid for Google, msclkid for Microsoft, or fbclid for Meta). When you then click a booking link, we attach this click identifier together with any UTM tags from the URL so the booking can be matched back to the campaign that brought you to us. If you have given cookie consent, we additionally include the analytics and advertising cookies set by the providers listed above, and we mirror this attribution package in your browser's local storage (key cac_tracking_v1) so it survives navigation between pages on this site. The local-storage entry stays on your device and is cleared when you clear your browser data or withdraw consent.

Server-side conversion measurement. When you confirm a booking, our server transmits a conversion event to the providers above where you have granted the relevant category — analytics providers (GA4, PostHog) when you have granted Analytics, and advertising providers (Meta, Reddit, Quora, Microsoft) when you have granted Advertising. Your cookie-consent decision (made at the moment you submitted the booking) travels with the event so the provider applies it correctly: if you declined a category, no event is sent to providers in that category. This server-to-server channel runs in parallel to the cookies above and helps measure attribution even when your browser blocks cookies. If you have not interacted with the cookie banner, no event is sent to any provider.

7. How We Use Your Data

• To deliver AI strategy advisory sessions you have booked.
• To prepare pre-session research about your firm.
• To send you a summary of recommendations after your session.
• To follow up on your session progress (with your agreement).
• To send you information about our services (B2B outreach, with opt-out).

8. Data Sharing

We do not sell your data. We may share data with:

• Payment processors: Stripe, for processing session payments.
• Scheduling platforms: Cal.com, for managing bookings.
• Email service providers: For sending transactional and marketing emails.
• Analytics providers: Google (Google Analytics 4) and PostHog — only where you have given cookie consent. See §6 for details.
• Advertising platforms: Meta, Reddit, Quora, and Microsoft — only where you have given cookie consent, and only for measuring whether ads led to bookings on our site. See §6 for details.

All third-party processors are bound by data processing agreements and handle data in accordance with UK GDPR.

9. Data Retention

• Client session data: Retained for 2 years after the session, then deleted.
• Business contact data (outreach): Retained until you opt out, at which point it is moved to our suppression list.
• Suppression list: Retained indefinitely to ensure we do not contact you again.
• Payment records: Retained for 6 years in accordance with HMRC requirements.

10. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data (subject to legal retention requirements).
• Object to processing based on legitimate interests.
• Restrict processing in certain circumstances.
• Data portability.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

11. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on this page with the date of the last update.