Privacy Policy

1. Who we are

CorpusIQ LLC (“CorpusIQ,” “we,” “us,” or “our”) is a private AI platform headquartered in Scottsdale, Arizona, USA. We operate the CorpusIQ service at corpusiq.io and the API at api.corpusiq.io.

2. What data we collect

• Account data: Email address, name, and password hash when you register.
• OAuth tokens: Read-only access tokens for the third-party services you connect (e.g., Gmail, Shopify, QuickBooks). Tokens are encrypted at rest.
• Query logs: The questions you submit and the responses returned. Stored per-user and not shared across accounts.
• Usage metadata: Request timestamps, connector types used, and feature flags. Used for billing and abuse prevention.
• Payment data: Processed by Stripe. We do not store card numbers or full payment details.

3. What we do NOT do

• We do not train AI models on your business data.
• We do not sell or share your data with third parties for advertising.
• We do not pool data across accounts for any purpose.
• We do not store raw document content, only indexed summaries used to answer your queries.

4. How we use your data

• To authenticate your identity and protect your account.
• To connect to third-party services on your behalf using OAuth.
• To answer your queries by retrieving relevant summaries from your connected sources.
• To provide billing, usage reporting, and support.
• To comply with legal obligations.

5. Data sharing

We share data only with service providers required to operate CorpusIQ: Microsoft Azure (infrastructure), Stripe (payments), and Supabase (authentication). All providers are contractually bound to data protection standards. We do not share data with AI model providers beyond what is necessary to answer a single query, no conversation history is shared with external model APIs.

6. Data retention

Account data and query logs are retained for as long as your account is active. You may delete your account and all associated data at any time by submitting a deletion request to privacy@corpusiq.io or by calling the deletion API endpoint documented at /docs.

7. Your rights

You have the right to:

• Access a copy of the data we hold about you.
• Correct inaccurate data.
• Delete your account and all associated data.
• Revoke OAuth access to any connected service at any time from the Connectors dashboard.
• Port your data in a machine-readable format.
• Lodge a complaint with your local data protection authority (GDPR users).

To exercise any of these rights, contact privacy@corpusiq.io.

8. Security

CorpusIQ is CASA Tier 2 certified, assessed by DEKRA. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We perform regular penetration testing and maintain an incident response plan. See our Security page for full details.

9. Cookies

We use a single session cookie (ciq_token) to authenticate your session. We do not use tracking cookies or advertising pixels.

10. Children

CorpusIQ is not directed at children under 13. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this policy. Material changes will be communicated by email or in-app notification. Continued use of the service after the effective date constitutes acceptance.

12. Contact

CorpusIQ LLC · Scottsdale, Arizona, USA
privacy@corpusiq.io