AI and Nonprofits: Navigating the Opportunities and Boundaries

If you're in nonprofit leadership—or close to it—you've probably been part of this discussion. Maybe it came up in a board meeting, between your IT and executive teams, or through a question raised by marketing or legal.

The core issue? Where does AI fit into our organization?

The reason this keeps coming up is that there's no straightforward answer yet. That's not a failure of leadership—it's a sign of how nuanced the issue is, especially in the nonprofit world. Unlike tech companies or retail brands, nonprofits often handle highly sensitive data: case files, court records, medical histories, immigration details. These aren't just numbers in a database—they're tied to real people. And if that information ends up where it shouldn't, the fallout could be devastating for the individuals involved and for your organization.

Caution is understandable. The challenge is moving from caution to clarity.

Shifting Ground

What makes this moment different from other tech decisions is how fast AI regulations are evolving—and the stakes are high.

In 2025, over 100 new state-level AI laws passed. Colorado's AI Act, launching June 2026, is the most comprehensive state law to date, requiring safeguards against algorithmic discrimination in high-risk AI systems. Federal enforcement is already active, and legal experts are defining new board-level responsibilities around AI oversight—what they're calling "AI due care" and "AI loyalty oversight." If your board can't answer whether donor or client data is being fed into public AI tools, that's a governance gap—and a real liability.

This isn't theoretical. It's already your operating environment.

Not "If" But "Where"

Most nonprofit leaders aren't debating whether to use AI anymore. The real question is where it can be used safely and where it shouldn't be used at all.

That's the right way to frame it. AI isn't one-size-fits-all. Comparing an AI tool that drafts donor emails to one that processes client intake data is apples to oranges. Treating them the same is what keeps organizations stuck.

Think in Zones

A simple framework I've seen work well is a traffic light system: green, yellow, and red zones—based on proximity to sensitive data and the risk level if something goes wrong.

Green zone: These are low-risk, high-value uses of AI. Think drafting donor emails (with human review), managing social media, summarizing meeting notes, identifying grant opportunities, or running a chatbot that answers volunteer questions late at night. Translating materials, testing email subject lines, or analyzing engagement trends also fall here. The common theme: no sensitive data goes in, and everything is checked by a person before it goes out. A good rule: if you wouldn't post the input on your website, don't put it into an AI tool.

Yellow zone: This is where things get more complex. AI-powered donor segmentation, predictive analytics for service delivery, or AI-assisted hiring can offer major benefits—but they also risk reinforcing biases in your data. For instance, one nonprofit found its segmentation tool unintentionally prioritized certain demographics because of inequities baked into historical giving patterns. These tools need strong policies, human oversight, and regular audits. This zone isn't a no-go—it's a "not yet" until you have guardrails in place.

Red zone: This is where AI has no place—full stop, or close to it. Crisis intervention, trauma response, eligibility decisions for services, or anything involving personally identifiable information (PII) should stay off-limits. The risks aren't hypothetical. A chatbot replaced a crisis helpline and started giving callers the exact advice that fuels their condition. A government benefits algorithm flagged tens of thousands of families using nationality as a risk factor, triggering wrongful debt collection that destroyed lives. If your organization works with crisis services, child welfare, or vulnerable populations, these boundaries need to be set immediately—even before your AI policy is fully formed.

Start Simple

An effective AI framework doesn't have to be complicated. Start by answering four questions: What counts as AI use in your organization? What values guide its use? What are your data-handling rules? And, most importantly, where is AI explicitly off-limits?

Your team already knows what matters most—case files, client records, sensitive histories. Put those boundaries in writing. Make sure everyone understands them, from senior leadership to volunteers. Review them regularly. A couple of pages are enough to start.

Our Approach

At MyRecruiter, we've drawn this line from day one. Our AI works strictly in the green zone—supporting donor and volunteer engagement, answering questions about your mission, and amplifying your outreach. We don't touch casework, PII, or client records. That boundary isn't a limitation; it's how we ensure trust.

Moving Forward

The questions nonprofit leaders are asking right now—about risk, exposure, and where AI belongs—are the right ones. The organizations that approach this thoughtfully will get it right.

You don't need to implement AI everywhere. You just need to know where it fits, where it doesn't, and move forward confidently in the areas that are safe. Draw the lines. Write them down. Start in the green zone.

Your data is sacred. Your mission is critical. And the fact that you're thinking this carefully is exactly the right place to begin.