Spheriq AI works with information that is valuable and often sensitive for nonprofits and funding organizations. What has not been made public in a profile is often worthy of protection or bears the traces of internal work contexts that should also remain internal. Data protection is not an add-on, but the foundation of Spheriq AI’s architecture.
In the non-profit sector, it is not just about public organizational data. Applications may contain information on illness, poverty, social situation, vulnerable groups, organizational strategies or financial details of a confidential nature. Even inconspicuous institutional information can be sensitive if it allows conclusions to be drawn about individuals, funding decisions or strategic decisions.
Data protection is particularly important in the non-profit sector
This is no less true for the other side: access to funding is not simply a “technical” issue. It is controlled by statutes and guidelines that are not fully public, but also by internal discussions and human decisions that are made in a confidential setting. An AI that provides support in this environment must therefore handle data with particular care.
Spheriq AI follows the principle that the AI may only use what the respective user is authorized to see in the specific context. It does not have a free view of all data, but works consistently within the existing authorizations. The AI is therefore only available to logged-in users because only they can see a specific platform context. Access is role- and context-based. This means that a user on an organization profile, a sponsor in the application context or a non-profit organization researching funding each have different perspectives and access options. Spheriq AI precisely overcomes these boundaries. The AI sees no more than the users themselves.
Trustworthy AI as a guiding principle
But it is not only data protection that demands consequences. Responsible use of technology is generally expected in the non-profit sector in particular – especially with regard to AI. Concepts such as “Responsible AI” or “Explainable AI” have now become established. Spheriq’s architecture is based on such recognized principles for trustworthy AI (see part 1 of the background series: Spheriq AI as a pipeline).
These were formulated particularly clearly in the guidelines of the European Commission’s AI expert group (comparable principles can be found at the OECD, UNESCO, ISO, IEEE, BSI or the Council of Europe). These seven requirements are particularly relevant for Spheriq AI:
- Human supervision: Spheriq AI supports the preparation and classification, but does not make any funding decisions.
- Technical robustness and security: The pipeline checks the context, data access, evidence and response before a result is output.
- Data protection and data management: AI only uses information that is accessible in the respective role and work context.
- Transparency: Tools, documents and sources used should remain traceable.
- Fairness and non-discrimination: Evaluations are based on professional criteria, profiles, funding logic and documented evidence, not on invisible attributions.
- Social and ecological well-being: Spheriq AI is operated in a resource-saving manner and (also) dispenses with energy-guzzling top-performance models for ecological reasons.
- Accountability: Processing steps, sources and decision-making bases remain verifiable.
Thanks to its architecture, Spheriq AI is fundamentally designed for data-saving processing. The context is provided precisely and is not researched anew on the web each time. This means that data is not used arbitrarily, but processed within the framework of clearly defined work steps.
Sovereign infrastructure
Spheriq AI processes the data in its own data environment. The AI is operated by PeakPrivacy, the Swiss platform for sovereign AI applications. While common AI services forward data to international hyperscalers, PeakPrivacy operates its models in data centers in Switzerland, Germany and France, which ensures that no data leaves the servers or is used to train AI models.
This architecture strengthens governance for all users. It reduces third-party, provider and control risks. This is particularly crucial for organizations that process application data, internal assessments or confidential documents.
Why not just ChatGPT?
General AI tools are powerful, but they are not automatically designed to meet the specific data protection requirements of the non-profit sector. Anyone who enters data into well-known AI chats such as ChatGPT or Claude must check on a case-by-case basis whether this data may be passed on, whether it is personal or confidential and whether its use is compatible with internal guidelines.
The contract model is crucial, as is the order processing from the perspective of the owner of the data entered. In the past, the access rights of foreign authorities have also repeatedly been an issue, especially for the USA, where most models are operated. In addition, various publicized examples show that user data was used for model training, even if the company had previously claimed the opposite.
Spheriq AI takes a completely different approach here. The AI works with controlled access, uses the existing data sets and processes them entirely on the controlled PeakPrivacy infrastructure. This makes AI usable directly within the protected workspace. In this way, the combination of access control and sovereign infrastructure creates double security.
Responsibility and human control
Data protection does not end with technology. Spheriq AI is designed as a supporting system. It can structure information, make suggestions, assess a fit, identify gaps or prepare texts. However, decisions with a significant impact on individuals or organizations remain consistently with people.
This applies in particular to funding decisions. Spheriq AI can support a preliminary review, apply a funding logic or prepare an expert opinion. However, it does not decide on approval or rejection. From a legal perspective, these decisions must always be the responsibility of the people and bodies of the funding organization.
For Spheriq AI, data protection is a fundamental architectural principle. Role-based access, mandatory login, data minimization, sovereign infrastructure without model training and traceable sources together form a solid framework. This allows AI to be used where it is particularly useful in the non-profit sector: directly in day-to-day work, with clear context, controlled data access and without giving up control.
