For UK charities & membership organisations · Member data
Not by pasting your whole register into a chatbot.
But you don't have to give up the analysis. The fix is to change where the data goes, not what you're allowed to ask of it: retention, growth, who's engaged, all of it, on data that never leaves you.
Here's why a membership export is the riskiest thing to put in a public tool, and how membership bodies run the same analysis on private AI that never lets the register leave.
It usually starts as something reasonable. A membership officer wants to know why renewals are slipping, or chart how the membership has grown, or find members who've drifted away before a renewal push. So they export the register from Beacon, CiviCRM, Salesforce or a membership system to a spreadsheet, and paste it into a public AI tool like ChatGPT, Gemini or Claude to do the thinking. Nothing about the intent is reckless. The problem is what's in that file, and where it's just gone.
A membership export isn't one record, it's hundreds or thousands: names, addresses, emails, membership and renewal history, payment records, often demographics. The moment it's pasted in, all of it lands on a US company's servers and sits in logs you cannot see or audit.
For many organisations the fact of membership is sensitive in itself. A faith group's roll implies religion, a condition-specific charity's members imply health, and trade union membership is named outright as special category data under UK GDPR. Your register can be laced with it even when no field is labelled that way.
People join expecting their details to be looked after, and they keep the rights that come with that, including asking what you hold under a subject access request. The ICO takes a dim view of personal data sent to a US tool with no lawful basis, and "someone pasted the register into ChatGPT" is not an answer your board will want to give.
If a member asked under a subject access request what had happened to their record, would your organisation have a clean answer?
None of this means going back to spreadsheets and pivot tables by hand. The analysis your team wants is genuinely useful, and for a membership body it goes to the heart of the work: keeping members, growing the base, knowing who's engaged. The job is to do it without handing the register to a stranger.
Imagine asking the same questions of the same membership data, in plain English, and getting the same answers back as figures, tables and charts, except nothing ever leaves your own systems. Three things change.
The register, contact details, renewal history and engagement records: it all stays inside your own tenancy. No US company, no logs you cannot see, nothing handed to a third party to train on.
Track retention and renewals, see where the membership is growing, find members who've gone quiet, chart trends over years, understand who's most engaged. The same questions, answered against your real data rather than a list you had to anonymise first.
It runs in infrastructure you control, in the UK. You can show a trustee or a member exactly where their data went: nowhere it shouldn't.
That's private AI for membership analysis: the same answers your team wants, on data that never leaves your control.
The build is a private AI assistant: a chat tool that looks and works like ChatGPT, but runs inside your own systems and sits next to your membership database, rather than something you paste spreadsheets into. You ask a question in plain English; it works out the query, runs it against a read-only copy of your data, and answers with the figures, tables and charts to back it up. Crucially, it shows you the query it ran, so every answer is auditable, and it physically cannot write, delete, or export anything.
Same questions you'd have pasted a spreadsheet into ChatGPT to answer. None of the data leaving the building.
I've built a sample chat assistant against dummy membership data here, to demonstrate the kinds of thing a private AI build can do for you. Below are a few everyday situations a membership organisation might bring to it. Each one starts with what you're actually trying to do, then the question you'd type, then a short recording of the assistant answering.
The board wants to see how the membership has grown over time, ahead of the next AGM.
You'd open the assistant and ask:
"Chart our membership numbers month by month over the last three years."
Renewals feel like they're slipping and you're planning a reactivation push, so you need to know how many members you're losing and whether it's getting worse.
You'd open the assistant and ask:
"How many members lapsed last year, and how does our renewal rate compare with the year before?"
You're deciding where to focus next year's outreach, and you want to know which part of the country is actually growing.
You'd open the assistant and ask:
"Which region grew its membership the fastest over the last year?"
You're planning next year's events and content, and you want to build it around what your members actually care about.
You'd open the assistant and ask:
"What are the most common interests across our membership?"
Want to see it pointed at your own membership system, or have a question of your own in mind? Tell me what you're trying to understand about your membership →
No. A membership export carries named individuals' contact details and membership history, and the public version of ChatGPT sends that to OpenAI in the United States, keeps it in logs you can't see, and may use it to train future models. For a UK organisation that's personal data leaving your control with no lawful basis to justify it.
In almost all cases, yes. You'd need a lawful basis to send member data to a third-party processor, a contract in place, and usually a data protection impact assessment. Pasting a list into a public AI tool has none of those, and because membership of a trade union, a religious body or a political body is explicitly special category data, for many organisations the bar is even higher.
Yes. Members have an ongoing relationship with you, so the data and the questions differ: renewals, retention, engagement and demographics rather than giving history, and for many bodies the fact of membership is sensitive in its own right. The privacy position, though, is identical. Either way it's personal data that should be analysed inside your own systems, not pasted into a public tool. If you also hold donor data, there's a sister page on analysing that safely.
Yes, and that's the better answer than exporting anything at all. A private build can query a read-only copy of your membership system, whether that's Beacon, CiviCRM, Salesforce or something bespoke, inside your own tenancy, so the data is analysed where it already lives and never gets emailed around as a spreadsheet in the first place.
That works too, and plenty of organisations are in exactly that position. The spreadsheet is loaded into your own private assistant rather than pasted into a public tool, so it's analysed the same way and stays just as firmly inside your control. You don't need a dedicated membership system to do this safely, just somewhere private for the data to live.
No. The build queries a read-only copy of your data, so it can read and analyse but cannot write, delete, or export. It also shows the query behind every answer, so anything it tells you can be checked.
Got a question that isn't here? Ask me directly →
Tell me who you are and what your organisation does. If any of this sounds like your situation, that's a good place to start. I'll let you know honestly whether I can help. Even a 30 to 45 minute call often leaves people with a clearer picture of the path forward, whether or not we end up working together. From there it's whatever fits: sometimes you don't need me, sometimes a short piece of scoping work makes sense first, and sometimes you already know what you want and we get straight to the build. There's no set process you have to follow.
For context: I work mainly with UK charities and non profits, with chief executives, operations and finance directors, programme leads, and the people who look after data and IT. Respectfully, I don't work with recruitment or development agencies.
Email: peter@peterbrady.co.uk
PNB Technologies Limited
55 Yew Tree Road, Ormskirk
Lancashire, L39 1NT, United Kingdom
Company Reg: 07166600
VAT Reg: GB986726850
© 2026 Peter Brady. All rights reserved.