Skip to content
Data Privacy

How we look after
your data.

A plain-English account of what we collect, why we collect it, who we share it with, and how long we keep it. Written to be read, not skimmed past.

Last updated 02 May 2026

This privacy policy explains how we process your personal data when you use our website, theinstituteofai.co.uk. The website is operated by The Institute of AI (IoAI), an initiative of Net Buddies Ltd, a private company registered in England and Wales. The registered office is at 20–22 Wenlock Road, London, N1 7GU and the company number is 12351061.

Section 01

How we collect information about you.

We only collect information that you choose to share with us or that you generate while using our service. There are five routes by which information about you reaches us:

  • when you provide it to us by getting in contact via phone, email, web form, or in person;
  • when you register for an account on our website;
  • when you apply for an accreditation assessment;
  • when you subscribe to our services or place an order with us;
  • when you interact with communications that we send to you.

We do not buy mailing lists, scrape contact details, or receive your information from data brokers. If we hold something on you, you put it there.

Section 02

Information we collect.

Depending on which of the routes above brought you to us, we may collect any combination of the following:

IdentityFull name
ContactEmail address
RoleCurrent title (job or academic)
AffiliationCompany, university, or school name
ReferencesProvided as part of accreditation
ProfilesProfessional, portfolio, or social-media links (accreditation only)
PaymentPayment details where relevant — handled by our payment provider, never stored by us.
Section 03

Security.

We take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

Our website is hosted on a platform with adequate security measures, and access to identifiable data is limited inside the organisation to the people who need it to do their job.

Role-based access
Encryption in transit
Audit logging
Routine review
Section 04

How we use your information.

We use the personal information you provide to operate your account, manage your membership, process accreditation applications, communicate with you, and fulfil our legal obligations. You can manage your communication preferences for non-essential notifications via the Settings section of your account at any time.

To operate your account and deliver our services

When you register, we collect and use your personal information to create and manage your account, enable login, and provide access to core membership features. This processing is necessary for the performance of our contract with you.

To process accreditation applications

When you apply for accreditation, we process your personal data — including any references or links you provide — to assess your eligibility. This includes reviewing supporting material and, where necessary, contacting referees or reviewing external sources.

To manage accredited membership and billing

If your application is approved, we use your information to manage your accredited membership status and subscription, including billing notices, renewal reminders, and verification details.

To provide public verification (optional)

If enabled in your settings, we display a public verification page that includes your name, membership status, and accreditation details. You may enable or disable this at any time.

To send email notifications

We use your email address to send important operational emails — accreditation decisions, billing reminders, or security updates. These are required communications based on our contractual obligations.

Section 05

Who we share your data with.

We will only share your data with third parties to deliver our services, fulfil any contracts we enter with you, where required by law, or to enforce our legal rights.

Service providers

Only when necessary to deliver our services, we share your information with providers who act as data processors — such as hosting and payment-processing providers.

Payment information

IoAI does not store credit or debit card details. Our payment-gateway provider facilitates payments and does not retain, share, or use personal information for any purpose other than providing that service to IoAI.

Sharing for legal reasons

We may disclose your information to the extent we are required to by law — including government bodies and law-enforcement agencies — in connection with legal proceedings, and to establish, exercise, or defend our legal rights, including fraud prevention.

Except as described in this section, we do not provide your information to third parties.

Section 06

Data retention.

We will hold your personal information on our systems for as long as is necessary for the relevant purpose, or as otherwise described in this policy.

Record typePeriodWhy
General enquiries2 yearsHeld to respond to and complete your enquiry, then for two further years.
Corporate solutions enquiries7 yearsExtended due to the nature of corporate contracting and procurement cycles.
Membership records10 yearsFrom the ceasing of your last membership, to verify member status and history or to allow re-joining.
Disciplinary case records6 yearsIn the event of a disciplinary case against a current member, the record is retained for six years.
General data5 yearsFrom the most recent update in our systems.
Job applications12 monthsRetained in case a similar position arises within the year.

Periods are maximums. We delete sooner if a record stops being necessary, or if you ask us to under your right to erasure.

Section 07

Your rights.

Under UK GDPR, these rights belong to you — not to us. We aim to comply without undue delay, and within one month at the latest. Send requests to dataofficer@theinstituteofai.co.uk.

  1. 01

    Access

    Ask us to send you a copy of the personal data we hold about you, and details of how we are using it.

  2. 02

    Rectification

    Ask us to correct anything inaccurate or complete anything incomplete in the records we hold.

  3. 03

    Erasure

    Ask us to delete your data when there is no good reason for us to keep it, subject to our legal retention duties.

  4. 04

    Restriction

    Ask us to pause processing — for example while we check accuracy — without deleting the underlying record.

  5. 05

    Portability

    Ask us to provide your data in a machine-readable format so you can move it to another service.

  6. 06

    Objection

    Object to processing where we rely on legitimate interests, or to direct marketing of any kind.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.

Section 08

Changes to this policy.

We reserve the right to update our policy at any time without notice as we deem necessary, to the fullest extent permitted by law. The version number and last-updated date at the top of this page reflect the current state of the policy. Where a change materially affects how we use your data, we will flag it directly in your account or by email.

Section 09

Acceptance.

By using this website, you signify your acceptance of this policy. If you do not agree, we would advise you not to use our website.

Have a question about anything here? Email dataofficer@theinstituteofai.co.uk and a real person will get back to you.