Writing an AI Policy for Your Nonprofit: Template and Guide

An AI policy isn't about being prescriptive or restrictive. It's about making intentional decisions about how your nonprofit uses AI tools—and documenting those decisions so your team has clarity and your board has confidence.

Without a policy, you risk inconsistent AI use, potential compliance problems, and mission drift. With one, you create guardrails that let staff innovate safely.

Why You Need an AI Policy Now

AI adoption in nonprofits is happening fast. Some staff members are experimenting with ChatGPT for grant writing. Others might be exploring donor segmentation tools or chatbots. Without shared guidelines, you get:

• Inconsistent practices: One team member prompts AI carefully; another throws sensitive data at it.
• Compliance gaps: You might unknowingly violate donor privacy or accessibility standards.
• Mission risk: An AI tool produces biased fundraising content and damages your reputation.
• Staff confusion: People don't know what's allowed, so they either avoid AI entirely or use it recklessly.

A policy solves this. It's not restrictive—it's enabling. It says: "Here's where AI adds value for us, here's how we use it safely, and here's who to ask if you're unsure."

What Your AI Policy Should Cover

A nonprofit AI policy typically includes five core sections:

1. Purpose and Scope

Define what you mean by "AI" and which tools fall under the policy. Is it generative AI only? Does it include donor databases with predictive analytics? Be specific.

Example language: "This policy applies to any generative AI tool, machine learning application, or algorithmic decision-making system used in nonprofit operations. This includes but is not limited to: large language models (ChatGPT, Claude), image generators, predictive analytics tools, and automated workflow systems."

2. Approved and Prohibited Uses

This is where you get specific. What AI uses do you encourage? What's off-limits?

Approved uses: Grant writing (with human review), social media content drafting, donor segmentation (with manual validation), volunteer matching, summarizing feedback.

Prohibited uses: Making final funding or hiring decisions without human review, processing unencrypted personally identifiable information (PII) or health data, creating AI-generated media without disclosure, targeting vulnerable populations without transparency.

3. Data Protection Requirements

This is critical. Staff must understand what data they can input into AI tools.

Key rules:

• Never enter donor names, addresses, phone numbers, or email addresses into public AI tools like ChatGPT.
• Never share beneficiary health or personal information.
• Never input trade secrets, unpublished strategic plans, or confidential board materials.
• Use only encrypted enterprise AI tools for any sensitive data.
• If your nonprofit processes health data, review HIPAA compliance before using any AI tool.

4. Transparency and Disclosure

When you use AI, stakeholders need to know. Build transparency into your policy:

• Disclose AI use in grant proposals if the funder requires it (increasingly common).
• Tell donors if you're using AI to predict their giving capacity.
• Disclose AI-generated content on your website or in communications (unless it's transparent by context—like a chatbot).
• Inform program participants if AI is used to tailor their services.

5. Oversight and Review

Who monitors AI use? Who can approve new tools? How often do you revisit the policy?

Assign responsibility: Designate a cross-functional AI Committee (tech lead, program director, legal/compliance, communications) to review new tools, audit compliance quarterly, and update the policy annually.

The committee's job isn't to rubber-stamp requests—it's to ask hard questions: Is this aligned with our mission? Does it introduce bias? Can we audit the outputs? Do we understand the data terms?

A Template to Get Started

Here's a bare-bones policy template you can customize:

[ORGANIZATION] AI POLICY

1. PURPOSE
[Organization] uses AI tools to enhance efficiency, improve decision-making, and
extend our mission reach. This policy ensures we use AI responsibly and ethically.

2. APPROVED USES
- Internal operations: drafting content, analyzing data, process automation
- External: fundraising, program delivery (with transparency)
- Analysis and reporting only (until validated with human review)

3. PROHIBITED USES
- Processing unencrypted donor PII, health data, or beneficiary information
- Making unilateral decisions (hiring, program access, resource allocation)
- Creating synthetic media without disclosure
- Reproducing copyrighted content

4. DATA HANDLING
- Enterprise tools only for sensitive data
- No public AI tools for any personal information
- Data retention: Regularly delete prompts/outputs that contain PII

5. TRANSPARENCY
- Disclose AI use in grant proposals (check funder requirements)
- Tag AI-generated content on website/social media
- Inform stakeholders when AI personalizes their experience

6. OVERSIGHT
- AI Committee reviews new tools quarterly
- Annual policy review every March
- Incident reporting: Staff reports AI errors/bias to [contact]

7. TRAINING
- All staff using AI tools must complete this training annually
- Tool-specific training before first use

Approval: [Board Chair], [Executive Director], [Date]
Review Schedule: Annually (March 2027)

How to Get Board Buy-In

Your board will want reassurance, not jargon. Frame the policy conversation this way:

"We're not asking permission to use AI—it's already happening. This policy makes sure we use it safely and consistently."

Present three things:

1. The risk of doing nothing: Staff using tools inconsistently, potential compliance gaps, reputational risk from biased outputs.
2. The opportunity: Concrete examples (grant writing, donor segmentation, volunteer matching) that show ROI and mission alignment.
3. The guardrails: Show the five policy sections. Emphasize oversight and transparency.

Board members often worry about "robots replacing staff." Address this directly: "AI handles routine tasks so our team can focus on relationships and strategy. It's a tool, not a replacement."

Common Mistakes to Avoid

Mistake #1: Being too vague. "Staff may use AI responsibly" doesn't help anyone. Be specific about approved tools and use cases.

Mistake #2: Focusing only on generative AI. Don't forget predictive analytics, automated workflows, and algorithmic decision-making. They're all AI.

Mistake #3: Not updating it. AI changes fast. Review your policy every 12 months minimum.

Mistake #4: No enforcement. A policy without accountability is just words. If someone violates it, follow up.

Mistake #5: Ignoring bias and equity. Add explicit language about monitoring for bias in AI outputs, especially in fundraising and program decisions.

Next Steps

Start here:

1. Audit current use: Ask your leadership team what AI tools people are already using. You might be surprised.
2. Define your priorities: Where does AI create the most value for your nonprofit? Start there.
3. Draft the policy: Use the template above. Keep it under two pages for initial adoption.
4. Form an AI Committee: Representatives from operations, programs, tech, and leadership.
5. Board presentation: Frame it as risk management and efficiency, not restriction.
6. Staff training: Make sure people understand it and can ask questions.
7. Set a review date: March 2027 is reasonable. Earlier if you discover new gaps.

An AI policy isn't burdensome—it's liberating. It gives your team permission to experiment with guardrails, and your board confidence that you're managing the risks thoughtfully.