Guide7 min read

Is It Safe to Use AI for Nonprofits and Charities? (Donor and Beneficiary Data)

Yes, with one condition: anonymise donor and beneficiary identifiers before any AI prompt. Much charity case-note data is special category data.

By Pierre de ONYRI

Yes, with one firm limit. AI can help you draft a grant application or an appeal letter. It has no business seeing a beneficiary's name, address or case file. A nonprofit holds two data sets. Donors, with their names, giving history and payment details. Beneficiaries, with their health, family circumstances, sometimes an abuse record. Much of that second set is special category data under Article 9 of the GDPR. If it leaks, the harm is not embarrassment. It is danger. The fix is simple: anonymise the identifiers before you send, and let the model work on the structure.

Two data sets, two very different risks

Most charities think like a small business. One contact base, one file, a few spreadsheets. That framing is wrong. You actually hold two files of opposite nature, and only one of them can hurt someone.

  • Donors: name, contact details, giving history, payment details, sometimes wealth-screening or capacity notes. A leak here is a commercial and reputational problem. It is serious, but it is recoverable.
  • Beneficiaries: health conditions, disability, ethnicity, faith, safeguarding files, domestic-abuse cases, asylum journeys. A leak here can expose a real person to physical risk.

Take the hardest case. A woman supported after domestic abuse. Her refuge address sits in a case note. If that note escapes your control, this is not an admin incident. It is a physical-safety event. The same logic applies to an asylum seeker whose file reveals ethnicity, religion or health.

This has to be said soberly, without drama. The risk is not theoretical. It has a name and a face. That is what separates a charity from an ordinary small company.

GDPR Article 9: the bar is higher

The GDPR (and its UK version) treats certain categories of data apart. Article 9 gives them extra protection. Racial or ethnic origin. Political opinions. Religious or philosophical beliefs. Trade union membership. Genetic data. Biometric data used to identify someone. Health data. Data about sex life or sexual orientation.

The Information Commissioner's Office (ICO), the UK regulator, states the rule plainly. Processing this data is prohibited by default. To lift that ban you need a condition from Article 9, on top of your ordinary lawful basis under Article 6. In other words: two justifications, not one.

Now look at your case notes. Health, disability, ethnicity, faith, vulnerability tied to an immigration journey. Immigration status is not itself listed in Article 9. But the data sitting next to it almost always is. An asylum file speaks of origin, religion, health, sometimes persecution. You are squarely inside Article 9.

The ICO adds a decisive test. Most Article 9 conditions require the processing to be genuinely necessary. Necessary means targeted and proportionate to the purpose. Not merely convenient or habitual. Pasting a whole beneficiary file into a consumer chatbot to save time does not pass that test. The same draft can be produced from an anonymised outline.

Charity status is not an exemption

This is the sector's most common misunderstanding. "We are a small volunteer charity, the law will go easy on us." It will not. The law applies according to what you do with personal data. Not according to your size, and not according to your charitable purpose.

The ICO even runs an advice stream for small and medium organisations, small charities and clubs included. It offers self-assessment checklists, a helpline and bite-size guidance. The underlying message never changes. Some very small organisations may be exempt from the registration fee, but none are exempt from the data-protection principles. Your charity remains a data controller. It must be able to show compliance.

On the security side, the UK's National Cyber Security Centre (NCSC) publishes guidance built for small organisations, charities included. Its advice is deliberately cheap and low-skill. Back up essential data. Encrypt devices and lock screens. Use strong, distinct passwords. Spot and report phishing. Keep software updated. Train your people. The NCSC names supporter and beneficiary databases as exactly the data a charity cannot function without, and points to Cyber Essentials certification.

Now add the missing ingredient. Volunteers who rotate. Personal devices. Consumer AI accounts opened in two clicks. Those free tiers usually come with no signed DPA (Data Processing Agreement). They may reuse inputs to improve models. And they leave no usable audit trail. Thin security, untrained volunteers and consumer tools: that is a bad combination.

What the AI actually needs to help you

Good news: AI remains genuinely useful to a charity. It structures a grant bid. It tightens an appeal letter. It turns bullet notes into readable prose. For all of that, it needs the shape of the story, not the person.

Your taskWhat the model needsWhat must never leave your desk
Draft a grant applicationThe type of need, the outcomes, aggregate figures, the overall budgetBeneficiary names, dates of birth, addresses, case reference numbers
Write a donor appeal letterA composite, anonymised story and the tone you wantDonor name, giving history, payment details
Summarise case notesThe useful facts, with no identifiers and no named diagnosisHealth, safeguarding, abuse or ethnicity tied to one person
Prepare an annual reportAggregate numbers and trendsAny individual row from your beneficiary database
The model drafts just as well from an anonymised outline as from a named file.

The fix: anonymise before you send

The measure that works is boring, and that is a good sign. Strip the identifiers before any prompt. The model does not need a name, a date of birth, an address or a diagnosis. It needs the structure of the case.

Two-part diagram: at top, a donor card (name, amount) and a beneficiary case file marked with a shield, both in the clear (amber), travel toward an AI card that receives the exposed records with an amber alert; at bottom, the same two records are anonymized to cobalt tokens, and the AI receives only tokens, under a large cobalt shield with a checkmark.
After the ICO's guidance on special category data (GDPR Article 9), its advice for small organisations, and the NCSC's cyber security collection for charities.
  1. 1Collect the least data possible, starting at the intake form.
  2. 2Spot the identifiers in your text: names, addresses, dates, case numbers, amounts, health details.
  3. 3Replace them with reversible tokens, in the browser, before you send.
  4. 4Send only the anonymized text to the model, then restore the real values locally.
  5. 5Pick tools that come with a DPA and exclude your inputs from model training.
  6. 6Train staff and volunteers on the same rules, and keep the most sensitive safeguarding files off consumer AI entirely.

This list costs almost nothing. For a charity budget, that matters. The ICO's self-assessments are open to anyone, and the NCSC's guides are written for small teams. You do not need an expensive compliance programme to protect your beneficiaries. You need one simple rule that everybody follows.

That is exactly what ONYRI Sanitize is for. The engine detects sensitive data — names, addresses, dates, case numbers, donation amounts, health mentions — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. Your grant bid still gets drafted, your appeal letter still gets written, and no beneficiary is identifiable in the prompt.

Frequently asked questions

Is it safe to use AI for nonprofits and charities?
Yes, provided you anonymise before you send. AI can draft a grant application or an appeal letter from an anonymised outline. It does not need a beneficiary's name, address or case file. Much of that data is special category data under Article 9 of the GDPR, which demands an extra justification. And a beneficiary data leak can put a real person in physical danger.
Is our beneficiary data special category data under the GDPR?
Very often, yes. Article 9 of the GDPR protects health, ethnicity, religion, trade union membership, genetic and biometric data, and sex life. The ICO explains that processing it is prohibited by default: you need an Article 9 condition on top of your Article 6 lawful basis. Immigration status is not listed as such, but asylum files almost always carry Article 9 data alongside it. Criminal offence data falls under Article 10.
Is a small volunteer-run charity exempt from data protection law?
No. The law applies according to what you do with personal data, not your size or your charitable status. The ICO runs dedicated advice for small organisations, small charities included. Some very small organisations may be exempt from the registration fee, but none are exempt from the data-protection principles. Your charity is still a data controller, and it must be able to show compliance.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next