Sprint Preview for Tomar Beh

SAFE AI Policy Pack v1

A 4-page editable policy template + self-audit scorecard + quick-reference card. Built for UK charities, arts orgs, and community programmes adopting AI without a written framework. ~1,500 words.

SAFE AI Policy for [Your Organisation Name]

Adopted by the Board on: [date]
Policy owner: [name, role]
Review date: [date, recommended 12 months from adoption]
Version: 1.0

About this policy

This policy uses the SAFE AI Framework developed by Tomar Beh, AI Consultant for Nonprofits and author of Start AI Right for Nonprofits. It is written for UK charities, arts organisations, community programmes, and mission-led teams that are already using AI tools (ChatGPT, Claude, Gemini, Copilot, Canva AI, etc.) and need a single document the board can sign off, the team can follow, and funders can see.

If you have not yet read Start AI Right for Nonprofits, do that before adopting this policy. The book explains the reasoning behind every section here. This document is the operational artefact; the book is the thinking.

1. Purpose

[Your organisation] uses AI tools in our day-to-day work, including:

• Drafting and editing funding bids
• Drafting communications to supporters, donors, members
• Summarising meetings, reports, and research
• Generating images for social media and programme materials
• Translating content into and out of English
• [Add other current uses here]

This policy sets out how we use AI in a way that protects the people we serve, our staff, our funders, and our mission.

2. The SAFE AI Framework

We apply six principles to every AI use case in our work.

S for Secure

We do not put personal data, beneficiary information, donor information, financial records, or unpublished organisational information into public AI tools without verifying where that data goes and who can access it.

What this means in practice at [your organisation]:

• Approved tools for personal data: [list, or write "none until further notice"]
• Approved tools for non-personal content: [list, e.g. ChatGPT Team account, Claude for Work, Microsoft Copilot]
• Prohibited tools for any organisational use: [list]
• Anyone unsure where a tool sits asks [name, role] before using it.

A for Accountable

Every AI-assisted piece of work has a named human owner who reviewed it before it left the organisation.

• The person who used the AI tool signs off the final output.
• A short note ("drafted with AI assistance, reviewed by [name]") is kept on internal records for any externally published material.
• If an AI-generated output causes harm, the named human owner is accountable, not the tool.

F for Future Ready

We build AI literacy across the team so confidence grows over time rather than concentrating in one or two people.

• All staff receive an introduction to the SAFE AI Framework within [30] days of joining.
• The team meets [monthly / quarterly] for a 30-minute SAFE AI check-in.
• New AI tools are reviewed by [name, role] before being adopted across the team.

E for Empowered

Staff are trusted to use AI for their work, with structure and support, not asked to hide it.

• Using AI tools to draft, edit, and improve work is encouraged within this policy.
• Staff do not need to disclose AI use internally for low-risk tasks (drafting, summarising, brainstorming).
• Staff do disclose AI use when outputs go to funders, beneficiaries see them, or they form part of official records.

A for Aligned (second A)

AI use supports our mission and our values. We do not use AI to do work that should stay human-led.

The following work stays human-led at all times:

• Decisions about people we serve (eligibility, escalation, safeguarding)
• Personal communications with bereaved or vulnerable beneficiaries
• Final sign-off on funding bids that name specific people or communities
• [Add organisation-specific human-led areas]

I for Inclusive

We notice that AI tools have biases. We check that AI-assisted work does not exclude or misrepresent the communities we serve.

• We review AI-generated text for cultural, gender, racial, and ability assumptions before publishing.
• We do not use AI-generated images of people unless we have explicit permission and a brief that reflects the community we serve.
• When in doubt, we ask a member of the community we serve to review.

3. Disclosure to external audiences

We disclose AI use externally when AI was used to generate substantial parts of a public-facing document (fundraising appeals, reports, blog posts, social posts of more than 100 words), or when a funder or regulator asks, or when the output is presented as the work of a named author or beneficiary.

We do not need to disclose when AI was used for grammar checking, formatting, or summarising internal documents, or when AI drafted text that a human then substantially rewrote.

Standard disclosure wording:

"This [document / image / video] was drafted with AI assistance and reviewed by [name, role] at [your organisation]."

4. Data, GDPR, and the Charity Commission

This policy is written to be compatible with UK GDPR and the Data Protection Act 2018, Charity Commission guidance for England and Wales (or Scotland or Northern Ireland), Fundraising Regulator code where relevant, and any sector-specific frameworks (Arts Council, Lottery Heritage Fund, NCVO).

We do not put personal data of UK residents into AI tools that process data outside the UK or EU unless we have verified the tool's data-residency settings and recorded that decision in our data inventory.

5. What to do when something goes wrong

1. Pause use of the tool for that workflow.
2. Notify [name, role] within 24 hours.
3. Correct the public output (issue a correction, update the page, apologise where needed).
4. Bring it to the next SAFE AI check-in for the team to learn from.
5. Update this policy if the incident reveals a gap.

6. Review and adoption

This policy is reviewed every 12 months or whenever a new AI tool is adopted, a concern is raised, or a significant change occurs in AI capability.

Adopted by: [board chair name, signature, date]
Reviewed by: [policy owner name, signature, date]

Appendix A: SAFE AI Self-Audit Scorecard

Total: ___ / 30

Appendix B: Quick-reference card

Print this and put it where the team makes AI decisions. Before using an AI tool, ask:

1. Secure: where does this data go?
2. Accountable: am I willing to sign off this output?
3. Future Ready: would I want a colleague to do this same thing?
4. Empowered: am I using AI to do my best work, or to hide work?
5. Aligned: should this stay human-led?
6. Inclusive: does this represent the people we serve fairly?

If any answer is "I am not sure," pause and ask [name, role].

Draft newsletter issue for AI & the Next-Gen Organisation

~700-word draft using a teachable 3-block format (principle + prompt + team-meeting question). Drop into your existing newsletter as-is, or use it to test a recurring section structure.

Your team is already using AI. The only question is whether you have written it down yet.

By Tomar Beh, AI Consultant for Nonprofits and author of Start AI Right for Nonprofits

Most teams I work with already use AI tools every day. ChatGPT for funding bids. Claude for board summaries. Copilot for meeting minutes. Canva AI for social media images. None of that is a problem. It becomes a problem when nobody has written down where the data goes.

This issue is structured around three blocks, which is a format I want to use more often if you find it useful. Reply to this email and tell me yes or no.

1. One principle from the SAFE AI Framework, explained in 5 minutes.
2. One ready-to-use prompt or policy line you can copy into your own work this week.
3. One question to bring to your next team meeting.

This week: Secure

The first letter of the SAFE AI Framework is S for Secure.

Most UK nonprofit teams I work with already use AI tools every day. ChatGPT for funding bids. Claude for board summaries. Copilot for meeting minutes. Canva AI for social media images. Gemini for translating donor communications.

None of that is a problem. It becomes a problem when nobody has written down where the data goes.

A simple example. A programme manager pastes a draft beneficiary case study into ChatGPT to make it shorter for a funding bid. That case study includes a first name, an age, and the name of a small town. ChatGPT, on a free account, may use that input to train future models. The beneficiary did not consent to that. The funder did not ask for it. The trustee board has no record that it happened.

That is not a malicious mistake. It is a missing policy.

The fix is not "stop using AI." The fix is a written line that every team member can find in 10 seconds.

The one policy line you can adopt this week

Copy this into your team handbook, your staff wiki, or pin it in your shared Slack or Teams channel:

Our team uses AI tools to draft, edit, and improve our work. We do not
put personal data, beneficiary information, donor information, or
unpublished organisational information into public AI tools. If you
are unsure whether a tool counts, ask [name] before using it.

One sentence. One named person. Done.

That single line does three things. It signals that AI use is normal, not hidden. It draws a clear edge around the high-risk use case. It gives anyone unsure a fast escalation path.

One prompt you can use this week

If your team writes funding bids and you have not yet built a structured prompt for it, paste this into ChatGPT or Claude:

You are helping me draft a funding bid for a UK nonprofit. The funder is
[funder name]. The maximum bid value is [amount]. The total length must
be under [word count].

I will paste a longer draft below. Your job is to:
1. Cut it to [word count] without removing the case for support.
2. Keep tone warm, professional, and direct. Avoid corporate jargon.
3. Flag any section where the case for support is weak so I can strengthen it.
4. Use placeholders [LIKE THIS] anywhere you would normally put a real
   person's name, beneficiary detail, or unverified statistic. I will
   fill those in myself.
5. Do not invent statistics, named beneficiaries, or partner organisations.

Here is the draft:
[your draft]

The placeholder pattern is the SAFE part. It keeps the AI honest. It keeps you in control. It saves you the time it would take to scrub the output for fabrications.

One question for your next team meeting

"What is the one AI tool someone in our team uses every week that the
rest of us would be surprised about?"

Almost every nonprofit team I have worked with finds at least one. Not because anyone is hiding it. Because the team has not had a reason to share it yet.

That question is the start of an AI inventory. The inventory is the start of the policy. The policy is the start of trust.

What is coming next week

Issue #2: Accountable. Why every AI-assisted output needs a named human owner, and how to write that into your team's workflow without slowing anything down.

If you have not yet downloaded Start AI Right for Nonprofits, the free book that explains the full SAFE AI Framework, you can get it here: [book download URL]

If you want the full SAFE AI Policy Pack (a 4-page editable policy template plus board summary plus self-audit scorecard, ready to adopt at your next board meeting), download it here: [policy pack URL]

If you want to talk about how SAFE AI applies to your specific organisation, send me a message on LinkedIn with the words "SAFE AI" and I will reply within 48 hours.

See you next week.

Tomar
Human Lead and AI Powered

Funnel Architecture (and how your book fits)

How the book, newsletter, and policy pack work as one funnel that converts LinkedIn traffic into discovery calls.

The current state

You already have the book. You already have a LinkedIn profile. You already have 815 followers. What you do not have is the wiring that turns those three things into a repeatable inbound machine.

The funnel, end to end

Read top to bottom. A LinkedIn post pulls someone to the Featured section. They download the book. The download captures their email. The welcome sequence introduces AI & the Next-Gen Organisation (the newsletter you already run at 99 subscribers). Each weekly issue points at the Policy Pack. The Policy Pack download triggers a discovery call invitation. The call closes into the 90-day engagement.

What each asset does

The book (top of funnel)

Job: Build trust at scale. Capture email.

The book has already been written. The work now is to convert it from "thing mentioned in About" to "the centerpiece of the profile." That means:

1. Banner image showing the book cover prominently with a one-line value tagline. This is the new audit recommendation in Section 1.
2. Featured section item #1 with the same cover image and a free-download CTA.
3. Landing page on your website (or Gumroad / Beacons / Notion) where the download requires email opt-in. Email captures into Mailchimp, ConvertKit, Beehiiv, Substack, whatever ESP you choose.
4. First comment on every LinkedIn post that touches the SAFE AI Framework: link to the book.
5. Every newsletter issue references the book at the start and end.

The book is the highest-trust, lowest-friction asset you have. The funnel starves without it doing this job.

AI & the Next-Gen Organisation newsletter (middle of funnel)

Job: Stay in the inbox once a week so the relationship does not go cold between book download and discovery call.

1. You already run this on LinkedIn Native Newsletter at 99 subscribers, biweekly. Strong foundation.
2. Move from biweekly to weekly. The drop-off between weekly and biweekly is meaningful; weekly compounds subscriber count faster.
3. Adopt the three-block structure from Asset 2 as a recurring format (one principle + one prompt + one team question). Optional: name the recurring section ("This week from the SAFE AI desk") so subscribers know what they will get.
4. Cross-promote on every carousel: one final slide saying "The longer version is in AI & the Next-Gen Organisation, subscribe free." Currently zero feed posts cross-promote the newsletter.
5. Capture emails outside LinkedIn for the top 10% engaged subscribers (via the Policy Pack download, which is gated by email). LinkedIn-only subscribers cannot be exported if LinkedIn reach ever drops.

The newsletter is the only asset that gets into the prospect's inbox on a predictable rhythm. Without it, every prospect needs to be re-found and re-warmed through algorithmic LinkedIn distribution every time, which is expensive in time and unreliable in reach.

SAFE AI Policy Pack (bottom of funnel)

Job: Convert intent into a discovery call. Identify hot leads.

1. The Policy Pack template in Asset 1 is v1. Add your real client examples, customise for your branding, ship.
2. Download requires email opt-in if the visitor is not already on the newsletter list.
3. Every download triggers an automated email from you within 24 hours: "Saw you downloaded the Policy Pack. Quick question: are you adopting this with your board, or just researching for later? Either is fine, just want to know whether to send the board adoption checklist or the longer reading list."
4. "Adopting with the board" = hot. Offer a 30-minute SAFE AI Conversation call.
5. "Researching for later" = warm. 6-week nurture sequence that ends with the same offer.

The 90-day SAFE AI engagement (paid)

The engagement you sell mirrors the structure of the Sprint I would deliver to you. SAFE AI audit, written policy customised for the organisation, staff training, four CRAFT+ prompt templates customised for the team's actual workflow. Each engagement generates a case study. Each case study refreshes the book, the newsletter, the policy pack. The funnel compounds.

One last thing about the book

Three audit recommendations get sharper when the book is treated as the cornerstone:

1. Banner image (new recommendation in Section 1). Book cover on the left, one-line tagline on the right, small "Author" badge. Makes the book unmissable in the first 2 seconds of profile view.
2. Headline (Section 2). The recommended rewrite already includes "Author of Start AI Right." Keep that. "Author of" buys 5x more trust than any consultant credential in this niche.
3. Newsletter (Section 4). Every issue opens with a one-line book reference and ends with a one-line policy-pack reference. The newsletter is the connective tissue between the trust asset (book) and the conversion asset (policy pack).