AI & Ethics
Is It Ethical for Churches to Use AI on Member Data, or Is It Surveillance?
Whether it's ethical for churches to use AI on member data comes down to two questions: who acts, and on what data. AI that reads an observable change in how someone participates and hands it to a staff member to decide on is a tool for care. AI that infers motive, scrapes faces, buys outside profiles, or builds a watch-list nobody reviews is surveillance, and a church should refuse it.
I pastor a church and I build software, so I sit on both sides of this. A while back I was reading about how fast pastors are adopting AI, and the part that stuck with me wasn't the adoption number. It was the worry underneath it. In a Barna Group survey of 1,306 church leaders run in late 2025, data privacy was the most common AI concern named, with 83% saying they were concerned about it. That worry is correct, and it's also solvable. You solve it by knowing exactly where the line sits.
What's the difference between pastoral AI and surveillance?
The difference is what the AI is allowed to know and who gets to act on it. Pastoral AI works only with behavior your church can already see (giving, serving, groups, check-ins, prayer requests) and surfaces a change to a person who decides what happens next. Surveillance reaches for things people didn't share with you, or it acts on its own without anyone looking.
The way I think about it is this. A volunteer coordinator already knows, somewhere in the back of her mind, that a guy who used to run sound every other week hasn't been on the rotation in two months. She might not have the hours to connect that to the fact that his giving also went quiet. Software noticing both and putting them in front of her is the same act she'd do herself with more time in the day. Nobody learned anything private. She still decides whether a text or a coffee is the right move, or whether she happens to know his mom is sick and there's nothing to chase at all.
Surveillance is a different category of act. It's the system guessing whether someone's faith is cooling, or matching a face from a camera against a database, or buying a marketing profile that says this household is likely politically anxious or financially stressed. That builds a file on people who came to you trusting you wouldn't. Shepherding and file-building are not the same job, and the work shows you which one you're doing.
What should a church never let AI do with congregant data?
Some uses don't have an ethical version, and a church should rule them out before evaluating anything else. Never let AI judge a person's motive or faith, run facial recognition, buy or merge third-party psychographic data, train an outside company's model on your members, or take pastoral action on its own. These aren't settings to configure carefully. They're lines you draw once.
The reason they're absolute rather than case-by-case is that each one breaks the trust that makes a church a church. Reading motive presumes to know the heart, which is both bad theology and bad data, because software watches behavior and behavior is not the same as the reason behind it. Facial recognition turns your lobby into a checkpoint. Buying outside data imports surveillance you didn't even perform yourself. Letting the AI act on its own removes the one safeguard that keeps care human: a person who can say "I know why, leave it alone."
How can churches use AI without violating member privacy?
Keep the AI inside the fence your church already owns. It should work only with data your congregation gave you through ordinary ministry, stay sealed off from other churches and from the vendor's other products, and never reach outward for information people didn't hand you. Then put a staff member between every observation and every action.
In practice that's a short list of guardrails. The data is scoped to your church alone, so one congregation's records can't bleed into another's. Access is role-based, so a check-in volunteer doesn't see giving and a kids' worker doesn't see pastoral notes. The vendor doesn't train its models on your people. And anything the system surfaces lands in front of a person who decides, rather than triggering an automatic email or a flag that follows someone around. None of this is exotic. It's the same discipline you'd want around a filing cabinet, applied to a faster cabinet.
The safe church AI rubric
This is the part worth saving. Before you let any vendor near your member data, ask these six questions and make them answer plainly. If a vendor hedges on any of them, you have your answer.
| Question to ask the vendor | What a safe answer sounds like | Walk away if |
|---|---|---|
| What does the AI read? | Behavior only: giving, serving, groups, check-ins, prayer, forms. | It claims to read motive, sentiment, or "spiritual health." |
| Is our data isolated? | Each church's data is sealed; nothing crosses between churches. | Your records pool with other churches or their own marketing. |
| Who can see what? | Access is role-based; staff see only what their role needs. | Everyone with a login sees everything. |
| Do you train your models on our members? | No. Congregant data is never used to train their AI. | They "may use aggregated data to improve the product." |
| Any facial recognition or camera scanning? | None. | They scan faces for check-in or participation. |
| Who acts on what the AI finds? | A staff member decides; nothing is automatic. | The system messages or flags people on its own. |
Print it, paste it into an email, read it down the phone. The questions are the artifact. A vendor that lives inside these answers is selling you a tool, while one that can't is selling you a liability with a friendly logo.
Is AI safe for churches to use with member data?
It can be, but safety lives in the vendor and the configuration, not in the word "AI." The same underlying technology can either notice that a regular volunteer has been off the rotation for two months, or build a behavioral profile you'd be ashamed to show the person it describes. What separates those two outcomes is the six questions above.
That Barna finding reads to me less like fear of the technology and more like pastors taking their responsibility seriously. People hand a church their giving records, their kids, their prayer requests, sometimes the worst week of their life. Caution there is the right instinct. The move isn't to avoid the tools, it's to hold them to a standard high enough to deserve that trust.
This is the standard I built Scout to live inside, for what it's worth. It reads participation, not motive; each church's data is sealed off; access follows roles; congregant data never trains a model; there's no facial recognition; and everything it notices surfaces to a staff member who decides. I'm church-funded with no outside investors, which means there's no one upstream whose business depends on selling or mining your congregation's data. That arrangement is the only one I'd be willing to put my own church's records into.
Frequently asked questions
Is it ethical for churches to use AI on member data? Yes, when the AI reads observable participation, stays scoped to your church, and surfaces a change to a person who decides whether to reach out. It becomes unethical when it judges motive, scrapes faces, buys third-party data, or builds watch-lists no person reviews.
Is AI safe for churches to use with member data? It can be, but safety is a property of the vendor, not the technology. Confirm your data is isolated to your church, access is role-based, the vendor never trains its models on your congregants, and there is no facial recognition. If a vendor can't answer those plainly, that's your answer.
How can churches use AI without violating member privacy? Limit the AI to data your church already collects through normal ministry: giving, serving, groups, check-ins, prayer requests. Keep it from buying outside data or guessing at feelings. Make sure a staff member, not the software, decides what to do with anything it surfaces.
What's the line between pastoral care and spying on the congregation? Care notices a change you could already observe and prompts a person to follow up. Spying infers private things people didn't share, watches without their knowledge, or acts automatically. The deciding factors are who acts and on what data.
What should churches never let AI do with congregant data? Never let it read motive or faith, run facial recognition, buy or merge third-party psychographic data, train an outside model on your members, or take pastoral action on its own without a human in the loop.
Written by Nic Moore, pastor and founder of Scout. I keep these notes because I have to answer these questions for my own church before I answer them for anyone else's.