For UK charities · Donor & supporter data
Under UK law, not safely.
But you don't have to give up the analysis. The fix is to change where the data goes, not what you're allowed to ask of it.
Here's why a donor export is the riskiest thing to put in a public tool, and how charities run the same analysis on private AI that never lets the data leave.
It usually starts as something reasonable. A fundraiser wants to find lapsed donors before an appeal, or summarise how a campaign performed, or draft some segments. So they export a list from Raiser's Edge, Salesforce, Donorfy, Beacon or CiviCRM to a spreadsheet, and paste it into a public AI tool like ChatGPT, Gemini or Claude to do the thinking. Nothing about the intent is reckless. The problem is what's in that file, and where it's just gone.
A CRM export isn't one record, it's hundreds: names, addresses, emails, full giving history, often wealth-screening flags. The moment it's pasted in, all of it lands on a US company's servers and sits in logs you cannot see or audit.
The fact of a donation can imply someone's health, faith, sexuality or politics. That laces a donor list with inferred special category data under UK GDPR, even when no field is labelled that way. Major-donor and wealth-screening profiles are sensitive profiling on top.
The ICO has fined charities specifically over how they handled donor data, and the Fundraising Regulator expects donors to know how their data is used. "A fundraiser pasted it into ChatGPT" satisfies neither, and there's no lawful basis for it.
If a donor asked under a subject access request what had happened to their giving record, would your charity have a clean answer?
None of this means going back to spreadsheets and pivot tables by hand. The analysis your team wants is genuinely useful. The job is to do it without handing the data to a stranger.
Imagine asking the same questions of the same donor data, in plain English, and getting the same answers back as figures, tables and charts, except nothing ever leaves your own systems. Three things change.
Giving history, contact details, prospect research: it stays inside your own tenancy. No US company, no logs you cannot see, nothing handed to a third party to train on.
Segment supporters, find lapsed donors, measure an appeal's return, chart giving trends over years. The same questions, answered against your real data rather than a list you had to anonymise first.
It runs in infrastructure you control, in the UK. You can show a trustee or the Fundraising Regulator exactly where donor data went: nowhere it shouldn't.
That's private AI for donor analysis: the same answers your fundraisers want, on data that never leaves your control.
The build is a private AI assistant: a chat tool that looks and works like ChatGPT, but runs inside your own systems and sits next to your donor database, rather than something you paste spreadsheets into. You ask a question in plain English; it works out the query, runs it against a read-only copy of your data, and answers with the figures, tables and charts to back it up. Crucially, it shows you the query it ran, so every answer is auditable, and it physically cannot write, delete, or export anything.
Same questions you'd have pasted a spreadsheet into ChatGPT to answer. None of the data leaving the building.
I've built a sample chat assistant against dummy donor data here, to demonstrate the kinds of thing a private AI build can do for you. Below are a few everyday situations a charity might bring to it. Each one starts with what you're actually trying to do, then the question you'd type, then a short recording of the assistant answering.
A trustee asks you for a month-by-month breakdown of donations over the past twelve months, ahead of the next board meeting.
You'd open the assistant and ask:
"Chart total giving by month last year."
Your fundraising lead is planning a reactivation appeal and needs to know how many supporters have drifted away, and whether it's getting worse.
You'd open the assistant and ask:
"How many donors lapsed in 2025, and how does that compare with the year before?"
You're putting together a list for a personal stewardship round, and you want your most valuable supporters who have gone quiet.
You'd open the assistant and ask:
"Who are the top 20 donors by lifetime value that haven't given since 2023?"
You're deciding where to put next year's campaign budget, and you want to know which appeal actually brought new people in, rather than more from the regulars.
You'd open the assistant and ask:
"Which appeal brought in the most first-time donors?"
Want to see it pointed at your own CRM, or have a question of your own in mind? Tell me what you're trying to find in your donor data →
No. A donor export carries named individuals' contact details and giving history, and the public version of ChatGPT sends that to OpenAI in the United States, keeps it in logs you can't see, and may use it to train future models. For a UK charity that's personal data leaving your control with no lawful basis to justify it.
In almost all cases, yes. You'd need a lawful basis to send supporter data to a third-party processor, a contract in place, and usually a data protection impact assessment. Pasting a list into a public AI tool has none of those, and because giving can imply special category data, the bar is even higher.
Yes, and that's the better answer than exporting anything at all. A private build can query a read-only copy of your CRM inside your own tenancy, so the data is analysed where it already lives and never gets emailed around as a spreadsheet in the first place.
That works too, and many charities are in exactly that position. The spreadsheet is loaded into your own private assistant rather than pasted into a public tool, so it's analysed the same way and stays just as firmly inside your control. You don't need a CRM to do this safely, just somewhere private for the data to live.
They're better than the free version, and they do turn off training on your data. But the data still leaves your organisation for a US provider's systems, and you're trusting their settings and their logs rather than controlling them yourself. For your most sensitive supporter data, "we control it" is a stronger position than "they promised not to look."
No. The build queries a read-only copy of your data, so it can read and analyse but cannot write, delete, or export. It also shows the query behind every answer, so anything it tells you can be checked.
Got a question that isn't here? Ask me directly →
Tell me who you are and what your organisation does. If any of this sounds like your situation, that's a good place to start. I'll let you know honestly whether I can help. Even a 30 to 45 minute call often leaves people with a clearer picture of the path forward, whether or not we end up working together. From there it's whatever fits: sometimes you don't need me, sometimes a short piece of scoping work makes sense first, and sometimes you already know what you want and we get straight to the build. There's no set process you have to follow.
For context: I work mainly with UK charities and non profits, with chief executives, operations and finance directors, programme leads, and the people who look after data and IT. Respectfully, I don't work with recruitment or development agencies.
Email: peter@peterbrady.co.uk
PNB Technologies Limited
55 Yew Tree Road, Ormskirk
Lancashire, L39 1NT, United Kingdom
Company Reg: 07166600
VAT Reg: GB986726850
© 2026 Peter Brady. All rights reserved.