Download PDF (143 KB)
PDF version — print or share with your team.
Non-profit teams want to know whether Claude Cowork can lighten the grant and communications load without exposing donor data. According to Statistics Canada, 12.2% of Canadian businesses now use AI, double the rate a year earlier, and lean non-profit staff are quick to reach for tools that save hours. The duty to protect donor information stays with the organization.
Mike Pearlstein, CISSP, MSc AI, founder of Fusion Computing, which has secured IT for Canadian non-profits and charities across Toronto, Hamilton, and Metro Vancouver since 2012.
Key takeaways
- A non-profit can use Claude Cowork on a Team or Enterprise plan with access scoped to one program or campaign folder and a written policy.
- Scope it to one program, never the whole donor CRM.
- Cowork stores its work locally, so it sits outside your audit logs. Funder and privacy audits need traceable records you build yourself.
- Someone reviews donor-facing output. PIPEDA applies, and Ontario’s Bill 194 may apply to publicly funded organizations.
Can non-profits use Claude Cowork with donor and program data?
Yes, a non-profit can use Claude Cowork on a Team or Enterprise plan, with access scoped to one program or campaign folder and a written policy. The organization owns donor-privacy duties under PIPEDA, and no vendor setting removes them. On the business plans, your content is not used to train Anthropic’s models by default, which is why donor work belongs there and never on a personal account.
The control that matters is scope: which files the agent opens, which plan governs the data, and who reviews the output before it reaches a donor or a funder. Donor trust depends on keeping personal information controlled, so the setup around the tool is what keeps it safe.
It’s the same secure-adoption logic from the pillar guide on using Claude Cowork securely in your business, applied to a charity, and it sits alongside our broader IT for non-profits work.
What Claude Cowork actually does for a non-profit
Claude Cowork completes multi-step document work rather than answering a single question. For a non-profit, the practical jobs are assembling grant and funding applications, drafting donor communications and appeals, writing program and impact reports, organizing policy and board documents, and preparing event and volunteer materials. Each output is a draft for staff to verify before it reaches a donor or a funder.
Here’s how those jobs map to the work, with the guardrail that protects donors. Fusion Computing walks organizations through this before any pilot, the same way we scope any AI services engagement.
Book a 30-minute call to scope Claude Cowork for your organization safely →
| Task | What Cowork does | The guardrail |
|---|---|---|
| Grant and funding applications | Assembles applications from program materials | Internal program data, reviewed before filing |
| Donor communications and appeals | Drafts appeals and thank-you messages | Donor identifiers stay in a scoped folder |
| Program and impact reports | Drafts reports from program data | A draft for review, figures checked |
| Policy and board documents | Writes and organizes policies and minutes | Internal documents, no donor data |
| Event and volunteer documents | Drafts event and volunteer materials | De-identified or admin data only |
The donor-data and privacy guardrails
The core guardrail is least privilege: scope Cowork to one program or campaign folder, not the whole donor CRM. Classify what is allowed in (working documents for the active program) and what stays out (donor identifiers and giving histories beyond the scoped folder). Keep someone reviewing anything donor-facing. Cowork runs in an isolated virtual machine, but prompts still reach Anthropic, so scope is the control that limits exposure.
The mistake we flag most often is scope. When an organization connects the agent to the whole donor CRM, a single task can read every donor’s record. Scope it to the active program and you’ve cut most of the risk.
Field note. In the non-profit pilots I’ve run, the first thing I change is access. I’ve watched a development lead point an agent at a CRM export with every donor’s giving history. We scoped it to one campaign folder, and the workflow that felt reckless became routine. The work’s identical; the exposure isn’t.
The policy is the other half. A short rule set, the kind we cover in our guide on what belongs in an AI acceptable use policy, names the approved tool, the data that may go in, and who may run it. Fusion Computing pairs that with a cybersecurity review so the organization protects donor trust under PIPEDA.
The oversight gap for funder and privacy audits
Claude Cowork stores its conversation history locally on each user’s computer, and that activity is not captured by audit logs, the Compliance API, or data exports. For a non-profit this matters: funders and privacy obligations assume the organization can account for how donor information is used. Team and Enterprise owners can stream Cowork events to a SIEM through OpenTelemetry, which Anthropic notes does not replace audit logging for compliance.
According to Anthropic’s guidance on using Cowork on Team and Enterprise plans, the local history “is not subject to Anthropic’s standard data retention policies and cannot be centrally managed or exported by admins.” The Enterprise audit logs that do exist capture metadata, not the work.
Fusion Computing wires the OpenTelemetry stream into the same monitoring we run for managed detection and response, so an organization sees tool calls and file access even though the transcript stays on the device. If a document supports a funder report, the organization keeps that record on purpose.
Plan tier and a setup checklist for a non-profit
The plan tier is the first decision: only Team and Enterprise carry the “not trained on by default” commitment plus the admin controls an organization needs. From there, a safe rollout is short: scope to one program folder, keep “ask before acting” on, put a donor-data rule in the policy, turn on OpenTelemetry monitoring, keep the executive director or a privacy lead signing off, and review the vendor terms against PIPEDA.
Cowork runs on Pro, Max, Team, and Enterprise plans per Anthropic’s release notes, and on the business tiers your content is not used to train models by default, as Anthropic’s privacy commitments set out. Here’s the checklist Fusion Computing runs with an organization.
Get a CISSP-led review of where AI tools touch your donor data →
Why Canadian firms bring this work to Fusion Computing
CISSP-led, a Microsoft Solutions Partner and a CompTIA Managed Services Trustmark holder, securing IT for Canadian SMBs across Toronto, Hamilton, and Metro Vancouver since 2012.
- Choose Team or Enterprise. Donor data on a personal account is the first risk to fix.
- Scope to one program folder. Never the whole donor CRM. Widen only with a reason.
- Default to “ask before acting.” Cowork always asks before deleting files; keep approvals on.
- Put a donor-data rule in the policy. Donor identifiers stay in scope or out of the tool.
- Turn on OpenTelemetry monitoring. It’s the only visibility you have into what the agent did.
- Keep a leader signing off. Nothing donor-facing or funder-facing ships without review.
- Map the terms to your obligations. Check Anthropic’s data handling against PIPEDA, and Bill 194 if you are publicly funded.
None of it’s exotic, and most of it takes an afternoon. Fusion Computing sets it up as part of the managed IT work we already do for charities, and the same pattern carries to Ontario municipalities and accounting firms under their own rules. If you want a second set of eyes before your team pilots Cowork, talk to us or read more about how we work.
Claude Cowork is worth adopting for the grant, donor, and program documents that fill a non-profit week. The organizations that set the plan, the scope, and the donor-data rule first are the ones that’ll use it calmly while their peers are still arguing about whether it’s allowed.
Fusion Computing helps Canadian businesses across Toronto and the GTA, Hamilton, and Metro Vancouver with managed IT, cybersecurity, and Microsoft 365.
Frequently Asked Questions
Is Claude Cowork safe for donor data?
Claude Cowork can be safe for donor data on a Team or Enterprise plan, with access scoped to one program folder and someone reviewing the output. The work runs locally, though prompts reach Anthropic, so expose only the documents a task needs. On the business plans your content is not used to train models by default, which is why donor data belongs there.
Can Claude Cowork draft grant applications?
Yes. Cowork can assemble grant and funding applications from your program materials, past submissions, and outcomes data, which saves a small team real time. Treat the draft as a starting point for a person to review and tailor to the funder. Keep the source materials in a scoped folder so the agent sees only the active program.
What plan do we need, and is there non-profit pricing?
Claude Cowork runs on the paid Pro, Max, Team, and Enterprise plans, and an organization should use Team or Enterprise for donor or program data. Anthropic has offered non-profit and small-business programs at times, so check current eligibility. Plan tier rather than price is the security decision, because only the business tiers keep your content out of training by default.
Is our data used to train the model?
On Team and Enterprise plans, your content is not used to train Anthropic’s models by default, so documents processed under a business plan stay out of training. Personal Pro and Max plans follow individual privacy settings, which differ from the business default. For an organization holding donor information, that difference is the reason to use a business plan.
Want an AI use policy that protects donor privacy and funder trust? →
Does Bill 194 apply to us?
Maybe. Ontario’s Bill 194 strengthens cyber and AI governance for the broader public sector. A non-profit that delivers public services or receives significant public funding may fall in scope, so check your funding agreements. Whether or not it applies, PIPEDA governs donor personal information, so the donor-data guardrails in this guide apply either way.
How is Claude Cowork different from non-profit CRM AI?
CRM AI is built into a fundraising or donor-management platform and scoped to that system. Claude Cowork is a general desktop agent that works across your own files and apps, which suits grants, reports, and communications more than donor scoring. The practical differences are where the data lives and how broadly the agent can reach.
Does Claude Cowork work on Windows or only Mac?
Claude Cowork works on both macOS and Windows through the Claude desktop app, and it reached general availability on both on April 9, 2026. It is not available on the web or on mobile. Some capabilities, such as computer use, arrived first as research previews, so confirm the current feature list for your platform inside the app.
Who at the organization should run Claude Cowork?
Start with a small group in development or programs who understand donor privacy, never the whole organization. Cowork is an organization-wide setting that owners can switch on or off, and granular per-user controls are limited, so a deliberate pilot with named users beats a broad rollout. Pair it with training and a written policy first.
