Should your charity build its own AI? Almost certainly not — here's what to do instead
A question we keep hearing from boards and management committees across the social service sector — charities, social service agencies (SSAs), NGOs, nonprofits of every size — in one form or another: "Everyone says we need AI. Should we build our own, so our data stays private? Or is it safe to use ChatGPT?"
It's a good question, and the honest answer is short. But the reasoning behind it is where the confidence comes from — so let's walk through it in plain English, for the people who run programmes, not the people who run servers.
The simple version of how AI models get made
Every general-purpose AI model you've heard of — Claude, ChatGPT, Gemini — is built roughly the same way: a very large neural network, fed enormous amounts of text across thousands of specialised computers for months, then refined by specialist teams to be helpful and safe. Publicly reported estimates put the cost of training a single frontier model in the hundreds of millions of dollars.1 Only a handful of companies in the world do this.
So when a job advertisement or a consultant says "AI/ML expertise," it almost never means building models. It means using them well — connecting AI to your organisation's data and workflows, choosing the right tier of service, and putting sensible guardrails around it. That reframing matters, because it turns an impossible question ("can we afford to build AI?") into a manageable one ("which way of using it fits our data and our budget?").
The privacy worry is real — but it's about the wrong version
Here's the thing most people get wrong, and it changes the whole conversation:
The privacy concern that makes headlines comes from consumer AI tools. Enterprise tiers are governed by different, contractual terms.
answers you
unless you opt out — and busy staff rarely do
- Free and personal accounts (the ChatGPT or Claude app someone downloads themselves): depending on the plan and settings, conversations may be used to help train future models. Anthropic, for example, updated its consumer terms in 2025 so that chats on Free, Pro and Max plans may be used for model training unless the user opts out, with retention of up to five years for those who allow it.2 OpenAI's own help pages say it directly: ChatGPT "improves by further training on the conversations people have with it, unless you opt out."3 This is the version people are rightly worried about when staff paste client information into it.
- Business and enterprise tiers (Claude for Work, ChatGPT Enterprise/Business, and the APIs developers build on): the published terms say the opposite. Anthropic's commercial terms state plainly that "Anthropic may not train models on Customer Content from Services."4 OpenAI states that data from ChatGPT Enterprise, ChatGPT Business and its API platform is not used for training by default.3 These tiers also come with admin controls, audit logs, and independently audited security certifications (SOC 2 Type II, ISO 27001 and similar).5 That's a contractual commitment you can show your board and your auditor — a different thing entirely from a marketing promise.
- Stricter still: the same commercial models are available through the major cloud platforms — for example, Anthropic's Claude models through Amazon Bedrock, including in AWS's Singapore region6 — so processing can run inside your organisation's own cloud environment. For Singapore organisations, note the nuance: the PDPA does not require data to stay in Singapore — its transfer limitation obligation requires comparable protection wherever data goes — but a Singapore-region deployment can make that conversation much simpler. (More on the PDPA in our plain-English PDPA & AI guide.)
One practical habit follows from all of this: whatever vendor you use, get the commitments in writing — is our data used for training, where is it processed, how long is it retained, is there a data processing agreement? A vendor who can't answer crisply hasn't thought about it. And check the terms yourself before relying on them; they do change, which is why every claim in this article carries a "checked" date at the bottom.
Why "build your own" rarely makes sense
There are really two versions of "build your own", and they fail for different reasons:
Training a model from scratch is simply not an option for anyone outside a handful of frontier labs. The cost is measured in hundreds of millions of dollars and specialist teams that don't exist on the open market at charity salaries. Nobody advising a social service agency to "build its own AI" means this — and if they do, walk away.
Running an open-source model on your own servers (a model like Meta's Llama, downloaded and self-hosted) is genuinely possible, and it's the maximum-control option: data never leaves your building. But three things are true at once. You now need engineers to secure, patch and maintain it. The open models you can realistically run tend to lag the leading commercial models in capability. And — the part people find counterintuitive — your security posture is often weaker in practice than a major cloud provider's, because Amazon, Microsoft and Google employ thousands of security engineers and your organisation doesn't. In our view, self-hosting only earns its keep for organisations with extreme confidentiality requirements and a real engineering team to match.
The practical ladder, in order of effort
Enterprise subscription Days to set up
Claude for Work, ChatGPT Enterprise or Business. Staff get a sanctioned chat tool under business terms — no training on your data by default, admin controls, audit logs. For most organisations this alone captures most of the value, safely.
API + your own app Weeks
Build internal tools connected to your own data — an intake summariser, a report drafter — with proper access controls, sending the model the minimum data each job needs. This is where AI stops being a chat window and starts fitting your actual workflows.
Cloud-hosted models For stricter compliance
The same commercial models running inside your organisation's own cloud tenancy (e.g. Amazon Bedrock or Azure), with Singapore-region processing available. Useful when your funders, board or data classification demand tighter residency and isolation guarantees.
Self-hosted open source Most orgs never need this
Only if data truly cannot touch any vendor — and only with the engineering capacity to run it securely. Maximum control, real cost, weaker models. For a typical charity, this is solving a problem you don't have with resources you don't have.
For a social services context with sensitive client data, our honest read is that step i (the enterprise subscription) or step ii (the API-built internal tool) — plus a clear staff policy — gets you roughly 95% of the value with the privacy handled. Climb higher on the ladder only when a specific requirement pulls you there, not because it feels safer in the abstract.
The risk nobody budgets for: shadow AI
Here is the observation that changed how we advise on this, and it comes from sitting in social sector organisations, not from vendor brochures: the biggest real-world AI risk isn't the vendor. It's staff quietly using free consumer AI tools on their phones because the organisation gave them nothing official.
Freeze the decision for a year while a committee deliberates, and the AI use doesn't stop — it just goes underground, onto personal accounts, on exactly the tier of tool where conversations may feed future training runs. The caseworker pasting a client email into free ChatGPT at 9pm isn't malicious; she's drowning, and it helps. A sanctioned, safe option plus a short, clear policy — "never client data in consumer AI tools; use the org account; a human checks every output" — is itself the safety measure.
To make that easy, we've written a free one-page staff AI-use policy template for Singapore charities — printable, adaptable, written to sit alongside the PDPA obligations you already have. Take it, adapt it with your DPO, and you've closed the gap that actually causes incidents.
Frequently asked questions
Is it safe to put client data into ChatGPT or Claude?
It depends entirely on which version. Personal and free accounts: no — conversations may be used to improve future models depending on settings, so client and beneficiary data should never go into them. Business and enterprise tiers: the published terms say customer data isn't used for training by default — but even then, send the minimum data the task needs, keep a human approving outputs, and follow the four rules of thumb in our PDPA & AI guide.
Does the PDPA require our AI data to stay in Singapore?
No. The transfer limitation obligation requires that personal data sent overseas enjoys protection comparable to the PDPA — it doesn't mandate Singapore residency. Singapore-region cloud options exist and can simplify the conversation with your board and funders, but they're a choice, not a legal requirement. For your specific situation, ask a qualified data protection professional.
Isn't self-hosted open source the most private option?
It's the maximum-control option — data never leaves your infrastructure. But control isn't the same as security: you inherit all the patching, monitoring and access-control work that a major cloud provider's security teams would otherwise do. Unless you have extreme requirements and real engineers, it usually reduces your security while costing more.
What does "we don't train on your data" actually mean?
On business tiers, it's a term of the contract. Anthropic's commercial terms state that Anthropic may not train models on customer content;4 OpenAI states business data isn't used for training by default.3 The habit to build: ask every vendor to show you the commitment in writing, and re-check it when terms are updated.
Where we fit — and our interest, disclosed
Full transparency: we have a commercial interest in this topic. GoodTechHoldings builds software for the social sector — Socianote for case management and donor work, and custom AI-assisted workflows of exactly the kind on step ii of the ladder above ("API + your own app"). So weigh our advice with that in mind.
That said, notice what this article actually recommends for most organisations: step i of the ladder — an enterprise subscription you buy directly from the AI vendors, which involves us not at all. If that's all you need, that's what we'll tell you. Where we earn our keep is when a chat window isn't enough — when the job needs your data, your access controls, and workflows designed so the AI sees the minimum. And if we think a workflow is too sensitive for AI entirely, we'll say so; that stance is in writing in our PDPA guide. Worth reading next if funding is the blocker: the grants that co-fund digitalisation for Singapore charities.
Weighing an AI decision and want a straight answer?
Tell us what you're trying to do and what data it touches. We'll give you an honest read on which rung of the ladder fits — including "just buy the subscription, you don't need us." No obligation, no jargon.
[email protected]- Stanford HAI, AI Index Report (training cost estimates for frontier models) — aiindex.stanford.edu. Reported estimates vary by model and methodology.
- Anthropic — Updates to Consumer Terms and Privacy Policy (training on Free/Pro/Max chats unless opted out; up to 5-year retention if allowed) — anthropic.com/news/updates-to-our-consumer-terms
- OpenAI — "How your data is used to improve model performance" ("ChatGPT… improves by further training on the conversations people have with it, unless you opt out"; "By default, we do not train on any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API") — help.openai.com; see also Enterprise privacy — openai.com/enterprise-privacy
- Anthropic — Commercial Terms of Service ("Anthropic may not train models on Customer Content from Services") — anthropic.com/legal/commercial-terms
- Anthropic Trust Center (SOC 2 Type II, ISO 27001:2022, ISO/IEC 42001) — trust.anthropic.com; OpenAI Trust Portal — trust.openai.com
- AWS — Model support by AWS Region in Amazon Bedrock (Anthropic Claude availability incl. Asia Pacific (Singapore)) — docs.aws.amazon.com