Private AI for Business — Your Data Stays Yours¶

Q: How is CorpusIQ different from using ChatGPT or Claude directly?

ChatGPT and Claude cannot natively access your business data. CorpusIQ bridges your tools to these AI assistants through secure, read-only MCP connectors that never store your data.

Q: Does CorpusIQ train AI models on my business data?

No. CorpusIQ does not store your business data — data is retrieved, processed in-memory, and returned. There is nothing to train on. This is an architectural guarantee.

Q: Is my data encrypted?

Yes. TLS 1.3 in transit, AES-256 at rest with 90-day key rotation, private subnets with deny-by-default firewall.

Q: What compliance standards does CorpusIQ meet?

CorpusIQ is SOC 2 Ready, GDPR Aligned, and CASA Tier 2 certified by DEKRA with OWASP Top 10 verification.

Q: How long does it take to set up?

Under 60 seconds per data source via OAuth. A typical 5–10 source business is fully connected in under 10 minutes. No code, no infrastructure.

Q: How does private AI compare to building our own RAG pipeline?

In-house RAG requires copying data to a vector database, building ETL, and managing security — weeks of engineering. CorpusIQ delivers private AI instantly through MCP with built-in compliance.

Public AI tools like ChatGPT and Claude are powerful, but they were not built with business data privacy in mind. When you paste financials into a chat window, upload customer lists, or connect APIs that copy your data to a third-party vector database, you lose control. Private AI for business changes the equation: it gives your team the same natural-language access to live business data — without moving, storing, or training on a single record.

CorpusIQ delivers private AI for business through the Model Context Protocol (MCP). Connect your tools once via read-only OAuth, ask questions in plain English, and get answers that cite their sources — all while your data stays exactly where it is.

Why Public AI Falls Short for Business¶

Scenario	The Problem
ChatGPT ↔ Business Data	ChatGPT cannot natively access your QuickBooks, HubSpot, or Shopify data. Without a connector, you are copy-pasting exports or uploading files — a privacy and accuracy nightmare.
Claude ↔ Business Data	Claude faces the same limitation. It has no native connection to your CRM, accounting system, or analytics. Manually feeding it data breaks version control and exposes sensitive records.
Uploading files to AI	Files uploaded to consumer AI tools may be retained, logged, or used for model improvement unless governed by an enterprise agreement with explicit data-processing terms.
Custom RAG pipelines	Building retrieval-augmented generation in-house means copying your data to a vector database and maintaining the infrastructure. Weeks of engineering. Ongoing cost. New attack surface.

CorpusIQ is the private AI layer that sits between your business tools and your AI assistant. Read-only on one side. Source-backed answers on the other. Zero data stored in between.

Data Privacy: Zero Data Stored, Ephemeral by Design¶

The core architecture of private AI for business is simple: your data never leaves your tools. Here is how CorpusIQ enforces that:

No persistent storage of business data. Query results are retrieved, processed, and returned to your AI client in a single ephemeral request. Nothing is written to disk.
Read-only connections. Every connector requests the minimum OAuth scopes required for retrieval. No write permissions. Ever.
Ephemeral context. Only the specific data needed to answer your query is passed to your AI assistant. It is not cached, logged, or retained after the session ends.
No training on your data. CorpusIQ does not use customer data for model training or improvement. Period.
User-scoped isolation. Every account operates in a separate namespace. No cross-tenant data access is possible.

Certifications & Compliance¶

Standard	Status
SOC 2	Ready — quarterly control checks, independent pen-testing annually
GDPR	Aligned — data minimization, user consent, deletion rights
Encryption	AES-256 at rest, TLS 1.3 in transit
Access Model	Read-only OAuth 2.0 — no write permissions ever

How It Works¶

Private AI for business with CorpusIQ follows a three-step flow:

1. Connect Your Tools Once¶

Authorize each data source through OAuth 2.0. CorpusIQ handles token management, refresh, and API versioning behind the scenes. Supported sources include HubSpot, QuickBooks, Shopify, Stripe, GA4, Google Ads, Meta Ads, Slack, Gmail, Google Drive, OneDrive, Dropbox, PostgreSQL, MSSQL, MongoDB, and 40+ more.

Every connection is read-only by default. The scopes you authorize are visible on screen during setup.

2. AI Queries Your Data¶

Ask a natural-language question inside ChatGPT, Claude, or any MCP-compatible AI assistant. CorpusIQ's MCP endpoint translates your question into live API calls across your connected tools.

"What were our top 5 customers by revenue last quarter,
 and what's their current HubSpot deal status?"

The AI sees your question. CorpusIQ sees your question. Your actual business data is fetched live, returned to the conversation context, and never persisted.

3. Responses Cite Their Sources¶

Every answer includes traceable citations — the specific record, report, or document the number came from. No black-box answers. No hallucinated revenue figures.

"Based on your QuickBooks Profit and Loss report for Q1 2026, your top 5 customers by revenue are: Acme Corp ($142K), Beta Inc ($98K), ... Their current HubSpot deal stages are: Acme Corp — Negotiation, Beta Inc — Closed Won, ..."

Public AI vs Private AI for Business¶

Capability	Public AI (ChatGPT, Claude)	Private AI (CorpusIQ)
Access live business data	❌ Requires manual upload	✅ Real-time API queries
Data storage	⚠️ May retain uploaded files	✅ Zero business data stored
Model training on your data	⚠️ Varies by tier and agreement	✅ Never trains on customer data
Audit trail	❌ No source traceability	✅ Citations trace every number
Compliance-ready	❌ Requires custom DPA	✅ SOC 2 Ready, GDPR Aligned
Write-back risk	⚠️ API keys can write data	✅ Read-only OAuth 2.0 only
Cross-source queries	❌ One file at a time	✅ Queries across 50+ tools
Setup time	N/A	✅ Under 2 minutes per source
Encryption	Varies by provider	✅ AES-256 + TLS 1.3

Security Architecture¶

OAuth 2.0 — Read-Only by Design¶

Every CorpusIQ connector uses OAuth 2.0 with the minimum required scopes. The authorization screen shows exactly which permissions are being requested — typically read access only. CorpusIQ never requests write, delete, or admin scopes.

Token management is fully server-side. Access tokens have 60-minute expiry with automatic refresh. Token revocation takes effect immediately across all active sessions.

No Training on Your Data¶

This is a hard architectural guarantee, not a policy statement. CorpusIQ does not store your business data, so there is nothing to train on. The platform retrieves data, processes it in-memory, and returns it to your AI client. After the response, the data is gone.

Transport and Encryption¶

In transit: TLS 1.3 with forward secrecy and HSTS enforcement
At rest: AES-256 encryption with managed key rotation every 90 days
Network: Private subnets, deny-by-default firewall, WAF and rate limiting on all public endpoints
API tokens: Never embedded in client-side code. Server-side usage only.

Audit Trail¶

Every API call is logged with an immutable audit trail. You can see exactly which queries were made, when, and which data sources were accessed. Deletion endpoints allow immediate removal of account data on request.

Frequently Asked Questions¶

What is private AI for business?

Private AI for business is a deployment model where AI assistants access your company's live data through secure, read-only connections — without the AI provider storing, retaining, or training on your data. CorpusIQ implements this through MCP connectors that query your tools in real time through OAuth 2.0, returning answers without creating copies of your business records.

How is CorpusIQ different from using ChatGPT or Claude directly?

ChatGPT and Claude are general-purpose AI assistants. They cannot natively access your QuickBooks, HubSpot, Shopify, or other business data. To get business answers from them, you must manually export and upload files — which breaks chain of custody and may expose data to retention or training. CorpusIQ bridges your tools to these AI assistants through secure, read-only MCP connectors that never store your data.

Does CorpusIQ train AI models on my business data?

No. CorpusIQ does not store your business data, so there is nothing to train on. Data is retrieved from your tools, processed in-memory for the duration of your query, and returned to your AI client. After the response, that specific data context is gone. This is an architectural guarantee — not just a policy.

Can the AI accidentally modify or delete my data?

No. All CorpusIQ connectors use read-only OAuth scopes. The AI assistant can query and report on your data, but it cannot create, update, or delete records. There is no write path in the system.

Is my data encrypted?

Yes. All data in transit is protected by TLS 1.3 with forward secrecy. Data at rest is encrypted with AES-256 and keys are rotated every 90 days. Network traffic is isolated via private subnets with deny-by-default firewall rules.

What compliance standards does CorpusIQ meet?

CorpusIQ is SOC 2 Ready with quarterly control checks and annual independent penetration testing. It is GDPR Aligned — practicing data minimization, user consent, and deletion rights. The platform is also CASA Tier 2 certified by DEKRA with OWASP Top 10 verification.

What data sources does private AI support?

CorpusIQ supports 50+ business tools including HubSpot, Salesforce, QuickBooks, Stripe, Shopify, Google Analytics 4, Google Ads, Meta Ads, Slack, Gmail, Google Drive, OneDrive, Dropbox, Notion, PostgreSQL, MSSQL, MongoDB, and more. New connectors are added regularly.

How long does it take to set up?

Connecting your first data source takes under 60 seconds — authorize via OAuth and you are ready to query. A typical business with 5–10 data sources can be fully connected in under 10 minutes. There is no code to write and no infrastructure to provision.

How does private AI compare to building our own RAG pipeline?

Building an in-house RAG pipeline requires copying your data to a vector database, building and maintaining ETL pipelines, managing embeddings, and handling security yourself — typically weeks of engineering effort. CorpusIQ provides private AI access instantly through MCP, with security and compliance built in. No data is copied or stored.

Can multiple team members use the same private AI connection?

Each team member creates their own CorpusIQ account and connects their own data sources. This preserves individual OAuth permissions — each user sees only the data their credentials allow. For enterprise deployments, SSO and centralized user management are available.

Start Your Free 30-Day Trial¶

Experience private AI for business with zero risk:

30-day free trial — full access to all 50+ connectors
No credit card required — sign up and start connecting immediately
Under 2 minutes to first answer — connect your first data source and ask a question
Read-only by default — your data cannot be modified

Start Free Trial →

Internal Links¶

*

This Hermes repo is one of the largest structured collections of public AI, automation, business, and technology documentation. Content remains attributed to original authors and repositories. Indexed and organized by www.CorpusIQ.io.