Insights · Social Sector · AI

Should your charity build its own AI? Almost certainly not — here's what to do instead

16 July 2026 · ~8 min read
The short answer: almost no organisation should build its own AI model — and privacy, done properly, is a reason for enterprise AI, not against it. Business and enterprise tiers of the major AI tools state in their published terms that your data is not used to train their models by default; the free consumer versions are the ones to worry about. The biggest real-world risk isn't the vendor — it's staff quietly using free AI tools on their phones because the organisation gave them nothing official. Giving people a sanctioned, safe option is itself the safety measure.

A question we keep hearing from boards and management committees across the social service sector — charities, social service agencies (SSAs), NGOs, nonprofits of every size — in one form or another: "Everyone says we need AI. Should we build our own, so our data stays private? Or is it safe to use ChatGPT?"

It's a good question, and the honest answer is short. But the reasoning behind it is where the confidence comes from — so let's walk through it in plain English, for the people who run programmes, not the people who run servers.

The simple version of how AI models get made

Every general-purpose AI model you've heard of — Claude, ChatGPT, Gemini — is built roughly the same way: a very large neural network, fed enormous amounts of text across thousands of specialised computers for months, then refined by specialist teams to be helpful and safe. Publicly reported estimates put the cost of training a single frontier model in the hundreds of millions of dollars.1 Only a handful of companies in the world do this.

So when a job advertisement or a consultant says "AI/ML expertise," it almost never means building models. It means using them well — connecting AI to your organisation's data and workflows, choosing the right tier of service, and putting sensible guardrails around it. That reframing matters, because it turns an impossible question ("can we afford to build AI?") into a manageable one ("which way of using it fits our data and our budget?").

The privacy worry is real — but it's about the wrong version

Here's the thing most people get wrong, and it changes the whole conversation:

The privacy concern that makes headlines comes from consumer AI tools. Enterprise tiers are governed by different, contractual terms.
Same model — different terms
Personal / free account
AI
answers you
Future training data
unless you opt out — and busy staff rarely do
Organisation business account
AI
answers you
Not used for training
by default — it's in the published terms3, 4
Your message reaches the AI either way — the tier decides what can happen to it afterwards. On business and enterprise plans, "no training on your data by default" is a published term you can show your board, not a favour.
Illustration · summarising the vendors' published terms as checked 16 July 2026 — see sources 2–4 below; terms change.

One practical habit follows from all of this: whatever vendor you use, get the commitments in writing — is our data used for training, where is it processed, how long is it retained, is there a data processing agreement? A vendor who can't answer crisply hasn't thought about it. And check the terms yourself before relying on them; they do change, which is why every claim in this article carries a "checked" date at the bottom.

Why "build your own" rarely makes sense

There are really two versions of "build your own", and they fail for different reasons:

Training a model from scratch is simply not an option for anyone outside a handful of frontier labs. The cost is measured in hundreds of millions of dollars and specialist teams that don't exist on the open market at charity salaries. Nobody advising a social service agency to "build its own AI" means this — and if they do, walk away.

Running an open-source model on your own servers (a model like Meta's Llama, downloaded and self-hosted) is genuinely possible, and it's the maximum-control option: data never leaves your building. But three things are true at once. You now need engineers to secure, patch and maintain it. The open models you can realistically run tend to lag the leading commercial models in capability. And — the part people find counterintuitive — your security posture is often weaker in practice than a major cloud provider's, because Amazon, Microsoft and Google employ thousands of security engineers and your organisation doesn't. In our view, self-hosting only earns its keep for organisations with extreme confidentiality requirements and a real engineering team to match.

The practical ladder, in order of effort

i.

Enterprise subscription Days to set up

Claude for Work, ChatGPT Enterprise or Business. Staff get a sanctioned chat tool under business terms — no training on your data by default, admin controls, audit logs. For most organisations this alone captures most of the value, safely.

ii.

API + your own app Weeks

Build internal tools connected to your own data — an intake summariser, a report drafter — with proper access controls, sending the model the minimum data each job needs. This is where AI stops being a chat window and starts fitting your actual workflows.

iii.

Cloud-hosted models For stricter compliance

The same commercial models running inside your organisation's own cloud tenancy (e.g. Amazon Bedrock or Azure), with Singapore-region processing available. Useful when your funders, board or data classification demand tighter residency and isolation guarantees.

iv.

Self-hosted open source Most orgs never need this

Only if data truly cannot touch any vendor — and only with the engineering capacity to run it securely. Maximum control, real cost, weaker models. For a typical charity, this is solving a problem you don't have with resources you don't have.

For a social services context with sensitive client data, our honest read is that step i (the enterprise subscription) or step ii (the API-built internal tool) — plus a clear staff policy — gets you roughly 95% of the value with the privacy handled. Climb higher on the ladder only when a specific requirement pulls you there, not because it feels safer in the abstract.

The risk nobody budgets for: shadow AI

Here is the observation that changed how we advise on this, and it comes from sitting in social sector organisations, not from vendor brochures: the biggest real-world AI risk isn't the vendor. It's staff quietly using free consumer AI tools on their phones because the organisation gave them nothing official.

Freeze the decision for a year while a committee deliberates, and the AI use doesn't stop — it just goes underground, onto personal accounts, on exactly the tier of tool where conversations may feed future training runs. The caseworker pasting a client email into free ChatGPT at 9pm isn't malicious; she's drowning, and it helps. A sanctioned, safe option plus a short, clear policy — "never client data in consumer AI tools; use the org account; a human checks every output" — is itself the safety measure.

To make that easy, we've written a free one-page staff AI-use policy template for Singapore charities — printable, adaptable, written to sit alongside the PDPA obligations you already have. Take it, adapt it with your DPO, and you've closed the gap that actually causes incidents.

Frequently asked questions

Is it safe to put client data into ChatGPT or Claude?

It depends entirely on which version. Personal and free accounts: no — conversations may be used to improve future models depending on settings, so client and beneficiary data should never go into them. Business and enterprise tiers: the published terms say customer data isn't used for training by default — but even then, send the minimum data the task needs, keep a human approving outputs, and follow the four rules of thumb in our PDPA & AI guide.

Does the PDPA require our AI data to stay in Singapore?

No. The transfer limitation obligation requires that personal data sent overseas enjoys protection comparable to the PDPA — it doesn't mandate Singapore residency. Singapore-region cloud options exist and can simplify the conversation with your board and funders, but they're a choice, not a legal requirement. For your specific situation, ask a qualified data protection professional.

Isn't self-hosted open source the most private option?

It's the maximum-control option — data never leaves your infrastructure. But control isn't the same as security: you inherit all the patching, monitoring and access-control work that a major cloud provider's security teams would otherwise do. Unless you have extreme requirements and real engineers, it usually reduces your security while costing more.

What does "we don't train on your data" actually mean?

On business tiers, it's a term of the contract. Anthropic's commercial terms state that Anthropic may not train models on customer content;4 OpenAI states business data isn't used for training by default.3 The habit to build: ask every vendor to show you the commitment in writing, and re-check it when terms are updated.

Where we fit — and our interest, disclosed

Full transparency: we have a commercial interest in this topic. GoodTechHoldings builds software for the social sector — Socianote for case management and donor work, and custom AI-assisted workflows of exactly the kind on step ii of the ladder above ("API + your own app"). So weigh our advice with that in mind.

That said, notice what this article actually recommends for most organisations: step i of the ladder — an enterprise subscription you buy directly from the AI vendors, which involves us not at all. If that's all you need, that's what we'll tell you. Where we earn our keep is when a chat window isn't enough — when the job needs your data, your access controls, and workflows designed so the AI sees the minimum. And if we think a workflow is too sensitive for AI entirely, we'll say so; that stance is in writing in our PDPA guide. Worth reading next if funding is the blocker: the grants that co-fund digitalisation for Singapore charities.

Weighing an AI decision and want a straight answer?

Tell us what you're trying to do and what data it touches. We'll give you an honest read on which rung of the ladder fits — including "just buy the subscription, you don't need us." No obligation, no jargon.

[email protected]
Sources — checked 16 July 2026:
  1. Stanford HAI, AI Index Report (training cost estimates for frontier models) — aiindex.stanford.edu. Reported estimates vary by model and methodology.
  2. Anthropic — Updates to Consumer Terms and Privacy Policy (training on Free/Pro/Max chats unless opted out; up to 5-year retention if allowed) — anthropic.com/news/updates-to-our-consumer-terms
  3. OpenAI — "How your data is used to improve model performance" ("ChatGPT… improves by further training on the conversations people have with it, unless you opt out"; "By default, we do not train on any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API") — help.openai.com; see also Enterprise privacy — openai.com/enterprise-privacy
  4. Anthropic — Commercial Terms of Service ("Anthropic may not train models on Customer Content from Services") — anthropic.com/legal/commercial-terms
  5. Anthropic Trust Center (SOC 2 Type II, ISO 27001:2022, ISO/IEC 42001) — trust.anthropic.com; OpenAI Trust Portal — trust.openai.com
  6. AWS — Model support by AWS Region in Amazon Bedrock (Anthropic Claude availability incl. Asia Pacific (Singapore)) — docs.aws.amazon.com
Important: This article is general information, not legal, professional, or procurement advice. GoodTechHoldings is an independent software company. We are not affiliated with, endorsed by, or speaking for Anthropic, OpenAI, Amazon, Microsoft, Google, Meta, or any government agency; all product names and trademarks belong to their respective owners. Vendor terms, plans, and regional availability change — verify the current published terms yourself before relying on them. Statements about vendor terms are accurate to the sources listed, as checked on 16 July 2026. How the PDPA applies depends on your organisation's specific circumstances — consult a qualified data protection professional or lawyer. As disclosed above, GoodTechHoldings builds and sells software and AI-assisted workflows for this sector.