Even if Kairos is not operating as a covered entity under HIPAA, best practice is to treat participant health and trauma information as if HIPAA applies. Key implications:

• Never send PHI or identifiable clinical content to consumer LLMs such as Gemini, Claude Free/Pro, or Perplexity Pro.

• PHI includes direct identifiers (name, date of birth, address) and combinations of indirect identifiers that could reasonably identify an individual in Kairos’ small, vulnerable population.

• Any AI system that processes PHI on Kairos’ behalf must be covered by a signed BAA or equivalent agreement, with encryption, access controls, audit trails, and documented risk management.

Core IP Protection

To protect Kairos’ strategic edge against future competitors:

• Full program manuals, detailed exercise scripts, proprietary process maps, and unreleased research designs are classified Tier 3.

• These materials must not be pasted verbatim into consumer AI tools.

• When AI is used to help with these assets, only partial, abstracted, or heavily summarized versions may be shared, and only with data‑training opt‑outs enabled or via business/enterprise plans that contractually prohibit training on customer content.

Anthropic Claude (including Claude Cowork)

Consumer Claude Free and Pro accounts use conversation data to improve the model unless the user opts out via “Help Improve Claude,” with data retained for 30 days or up to 5 years depending on training consent. Team and Enterprise accounts prohibit training on customer content by contract and treat data under commercial terms.

Policy:

• Claude Free/Pro may only be used with Tier 0 public content and very light Tier 1 drafts that do not reveal strategy or non‑public financials.

• Claude Team/Enterprise may be used for Tier 1 content and some Tier 2 internal drafts, but never for PHI/PII or Tier 3 assets.

• Claude Cowork, when enabled in connected tools (e.g., docs, code, or knowledge bases), must be restricted by configuration so that it does not index any repository containing PHI/PII or Tier 3 IP.

• Staff must always verify that training opt‑out is enabled in individual account settings when using any non‑Team/Enterprise Claude instance for nonprofit work.

Perplexity

Perplexity Free/Pro/Max accounts may use search queries and content to train models by default, although there is an account‑level “AI data retention” toggle that can be turned off. Perplexity Enterprise and Sonar API advertise zero data retention and contractual commitments that enterprise data is not used for training.

Policy:

• Perplexity Free/Pro/Max may be used only for Tier 0 public content research and high‑level brainstorming that does not include internal strategies or unpublished IP.

• The AI data retention toggle must be turned off on any account used for Kairos nonprofit work to limit future training, recognizing that data already used for training may not be deleted.

• For research tasks that require handling internal documents or structured data, Kairos should pursue Perplexity Enterprise or API usage with zero data retention and no training, if and when the risk/benefit tradeoff is favorable.

• PHI/PII and Tier 3 IP are always out of scope for Perplexity, even on enterprise plans, unless a dedicated legal review approves a specific use case under contract.

Google Gemini

Gemini consumer accounts train on conversation data by default, retaining activity for up to 18 months and allowing human review of some data for up to 3 years. Google explicitly advises users not to enter confidential information and clarifies that consumer tools are not a HIPAA‑compliant environment.

Policy:

• Gemini Free/Advanced must not be used with any Kairos Tier 2 or Tier 3 data.

• Gemini may only be used for publicly available material, generic writing coaching, and non‑specific brainstorming disconnected from Kairos internal context.

• If Google Workspace AI features are enabled for Kairos accounts in the future, IT and legal must review data processing terms to determine whether those features can safely touch Tier 1 internal content, and even then PHI/PII and Tier 3 IP remain out of scope.

Blotato, Apify, and Custom Agents

Blotato and Apify sit closer to the automation/orchestration layer and can call underlying LLMs via API; risk depends on which LLM provider, what data is passed, and how logs are handled.

Policy:

• Any Blotato or Apify workflow used in nonprofit operations must be documented in an internal registry, including what data sources it touches, which LLM provider it calls, and what retention settings apply.

• No Blotato or Apify workflow may be configured to ingest participant data, PHI/PII, or Tier 3 IP without a separate, board‑approved technical design that includes data minimization, tokenization/pseudonymization, access controls, and audit logging.

• Where possible, prompts and context sent through Blotato/Apify should be pre‑processed to tokenize or mask any PII before data leaves Kairos’ systems, following best practices for PII protection in external LLM APIs.
  
  

Canva

Canva operates as a cloud-based design and collaboration platform with AI-assisted content generation, shared workspaces, and third-party integrations. Risk exposure depends on workspace sharing configurations, uploaded organizational assets, enabled AI features, and whether nonprofit content is used to train or improve external AI systems.

Policy:

• Any Canva workspace, team, or AI-enabled design workflow used in nonprofit operations must be documented in an internal registry, including workspace ownership, enabled integrations, external sharing settings, AI features in use, and applicable retention or export controls

• No Canva environment may be used to upload, store, or process participant data, PHI/PII, confidential case information, or Tier 3 IP unless the organization has approved a documented governance review that includes role-based access controls, restricted sharing permissions, watermarking/export controls where appropriate, and periodic audit review of shared assets and public links.

• Where possible, documents, presentations, images, or prompts uploaded into Canva AI features should be pre-processed to remove or mask sensitive identifiers before leaving internal nonprofit systems, following organizational data minimization and least-privilege principles.
  
  

Github

Github functions as a software development, collaboration, and code hosting platform with integrated automation, CI/CD workflows, AI-assisted coding features, and third-party application integrations. Risk exposure depends on repository visibility, secrets management practices, enabled GitHub Actions workflows, Copilot usage, and how organizational code or data is transmitted to external AI services.

Policy:

• Any GitHub organization, repository, automation workflow, or AI-assisted development feature used in nonprofit operations must be documented in an internal registry, including repository classification, integration scope, enabled GitHub Actions workflows, AI tooling usage, secrets management approach, and retention or archival settings.

• No GitHub repository, workflow, or Copilot-assisted development process may contain participant data, PHI/PII, credentials, API keys, confidential legal records, or Tier 3 IP unless the environment has undergone a separate, board-approved technical and security review that includes branch protection rules, encryption controls, least-privilege access, secret scanning, audit logging, dependency monitoring, and secure CI/CD controls.

• Where possible, source code, prompts, issue discussions, logs, and workflow artifacts transmitted through GitHub or associated AI tooling should be reviewed and sanitized to remove sensitive identifiers, embedded secrets, or regulated data before synchronization with external systems or AI services, following secure software development and data minimization best practices.

High‑leverage allowed use cases (Tier 0–1)

Staff and contractors are encouraged to use AI tools for low‑risk, high‑leverage tasks using only Tier 0 and carefully selected Tier 1 data, such as:

• Drafting and editing public communication: blog posts, newsletters, website copy, non‑confidential slide decks, and social media content based on already public information.

• Generic writing, tone, and structure support for grant narratives, concept notes, and board documents, using sanitized content that does not include donor names, specific dollar amounts, or non‑public strategies.

• Researching public information about integrative oncology, mind‑body medicine, and nonprofit best practices, without disclosing proprietary frameworks or Kairos‑specific strategy.

• Brainstorming metaphors, titles, and high‑level framing for programs, while avoiding pasting in proprietary exercise scripts.

For these use cases, staff must:

• Verify privacy/training settings are set to the most restrictive available (e.g., Claude “Help Improve Claude” off, Perplexity “AI data retention” off).

• Avoid disclosing internal politics, personnel issues, or unannounced partnerships.

Strictly prohibited use cases (Tier 2–3)

The following are prohibited in all consumer AI tools (Claude Free/Pro, Gemini Free/Advanced, Perplexity Free/Pro/Max, generic Blotato and Apify workflows calling consumer APIs):

• Participant stories, trauma narratives, intake responses, assessments, or any description that could reasonably identify a participant directly or indirectly.

• Drafting or summarizing notes about individual participants, even if names are removed, when context (diagnosis, timeline, rare condition) could make them identifiable.

• Donor lists, prospect research that includes specific individuals’ giving history, or internal fundraising strategy documents.

• Internal financial statements beyond what is already public (e.g., detailed budgets with salary lines or vendor relationships).

• HR documents, performance reviews, or internal conflict details.

• Full proprietary curriculum documents, facilitated exercise scripts, behind‑the‑scenes retreat protocols, and unreleased research instruments.

If staff are unsure whether something is Tier 2 or Tier 3, they must treat it as Tier 3 by default and not share it with consumer AI tools.

Account and Plan Standards

Given the documented risks of consumer plans using chat data for training and retaining content for lengthy periods, Kairos adopts the following defaults:

• Prefer business, Team, or Enterprise plans that contractually forbid training on customer content for any AI provider used with Tier 1 internal data.

• Consumer Free/Pro accounts may not be linked to nonprofit email domains for operational work; if used, they are for personal experimentation only and must not touch Kairos data.

• For providers with privacy toggles, staff using personal accounts for any Kairos‑related work must opt out of data retention and training where possible.

Data Masking and Tokenization

For any approved future AI workflows that interact with more sensitive data via API, Kairos should adopt a “protect before you send” pattern:

• Detect PII and PHI in prompts and context before transmission.

• Replace real identifiers with semantically meaningful tokens (e.g., Participant_A, Hospital_X) so the LLM receives context without raw identifiers.

• Store mapping tables securely within Kairos systems and restore real identifiers only for authorized users after the AI response is returned.

This approach should be reserved for scenarios where there is a compelling benefit to AI assistance and where the underlying LLM provider is covered by appropriate contracts.

Access Control and Monitoring

To reduce the risk of accidental leakage:

• Limit access to AI tools connected to nonprofit systems to designated staff whose roles require them.

• Maintain a simple registry of which staff have access to which AI tools and at what plan level.

• Periodically review AI usage logs where available, focusing on whether prompts adhere to Tier 0–1 boundaries.

Shadow AI Access Control and Monitoring

Shadow AI refers to the use of artificial intelligence tools, agents, browser extensions, copilots, automation platforms, or external LLM services by employees, contractors, volunteers, or partners without formal organizational review, approval, governance, or security oversight. This includes both free and paid AI tools used independently outside approved nonprofit technology standards.

Shadow AI introduces elevated risks related to data leakage, unapproved retention of organizational information, regulatory noncompliance, intellectual property exposure, inaccurate outputs, reputational harm, and loss of visibility into how organizational data is processed or transmitted to external systems.

Policy:

• Any AI tool, automation platform, browser extension, chatbot, coding assistant, transcription service, document summarizer, image generator, or AI-enabled SaaS product used in nonprofit operations must be disclosed to the organization and documented in an internal AI and automation registry prior to operational use.

• No employee, volunteer, contractor, or partner may input participant data, PHI/PII, confidential organizational information, legal records, financial records, donor information, credentials, or Tier 3 IP into any unapproved AI system, public LLM interface, or externally hosted AI workflow without formal review and written authorization from designated organizational leadership.

All AI tools proposed for operational use must undergo a proportional governance and security review that evaluates:

• Data handling and retention practices

• Third-party model providers and subprocessors

• Access controls and authentication methods

• Audit logging capabilities

• Integration scope with nonprofit systems

• Regulatory and contractual obligations

• Output reliability and human review requirements

Incident Response

If a staff member believes they may have pasted sensitive information into a consumer AI tool:

• They must immediately notify the Executive Director (or designated AI/Data Protection lead) with a brief description of what was shared, in what tool, and when.

• The lead will assess whether PHI/PII or Tier 3 IP was involved, whether any legal obligations (e.g., breach notifications) are triggered, and what remediation is possible (e.g., deleting chat history, requesting account deletion).

• A brief incident report will be logged, including root cause and preventive steps (e.g., additional training or technical restrictions).

Governance Structure

To align with nonprofit AI governance best practices, Kairos will:

• Designate an “AI & Data Safeguards Lead” (this may be an officer, staff member, or board designee) responsible for maintaining this protocol, tracking provider changes, and advising on edge cases.

• Include AI use and data protection as a standing item in at least one board or committee meeting per year.

• Ensure that other key policies (data protection, safeguarding, conflict of interest, whistleblower) cross‑reference this AI protocol where appropriate.

Staff and Contractor Obligations

All staff, contractors, and volunteers who may use AI tools for nonprofit work must:

• Read and sign an acknowledgment of this protocol.

• Complete at least annual training covering:

  • What counts as PHI/PII and Tier 3 IP.

  • How to classify examples from their own workflows.

  • How to configure privacy settings in the specific tools they use.

  • How to respond if they believe a mistake has been made.

Board Oversight

The board is responsible for:

• Approving this protocol and revisiting it at least annually.

• Ensuring that AI use aligns with the mission, safeguards vulnerable populations, and does not compromise IP or competitive positioning.

• Asking management for assurance that training, technical controls, and incident reporting are functioning in practice.

AI is a tool, not a partner in sacred relationship with Kairos participants. Any use that diminishes embodied presence, consent, or ritual integrity contradicts the nonprofit’s purpose.

Implications for practice:

• AI may assist with language and structure for public‑facing materials, but human clinicians and facilitators hold final responsibility for the framing of healing work.

• AI may not be used to generate pseudo‑therapeutic responses to participants, simulate “counseling,” or automate intake/reflection responses. These interactions must remain human and relational.

• Staff are encouraged to notice when AI usage increases cognitive load, anxiety, or fragmentation and to scale back to preserve nervous system sustainability and discernment.