CorpusIQ is now live in the ChatGPT app store.
Find CorpusIQ in ChatGPTConnector directory
CorpusIQ is now live in the ChatGPT app store.
Find CorpusIQ in ChatGPTConnector directory
CorpusIQ LLC, Scottsdale, Arizona. Last updated: March 24, 2026.
A user asks a question. CorpusIQ picks one skill, runs it against the connectors that skill needs, returns the answer. The user never types raw data into the AI assistant. The AI assistant never sees your data directly.
CorpusIQ sits between your tools and the AI assistant. Read-only on one side. Source-backed answers on the other. Every step is logged.
Table of Contents
Section 1
Section 2
Your Data Sources
Read-only OAuth
CorpusIQ
AI Clients
| Class | Examples | Encryption | Retention |
|---|---|---|---|
| Account | Email, OAuth subject | AES-256 at rest | Until account deletion |
| Derived | Embeddings, chunk IDs | AES-256 at rest | Until connector revocation or account deletion |
| Operational | Audit logs, deletion receipts | AES-256 at rest | 24 months, security only |
Section 3
CASA Tier 2 Certified by DEKRA
Assessed by DEKRA · OWASP Top 10 Verified
Section 4
Section 5
We store zero customer data by default. Embeddings and metadata are retained only while the connector is active.
Connector revocation removes all associated embeddings and tokens immediately.
Audit receipts retained for 24 months for compliance purposes only.
Account deletion removes all data, tokens, and metadata with final audit receipt.
No backups of customer content retained after deletion.
DELETE https://api.corpusiq.io/v1/delete_my_data
Authorization: Bearer <token>
Response 200:
{
"status": "deleted",
"deleted_resources": ["embeddings","metadata","tokens"],
"audit_id": "del_01J9Z3R4A2",
"timestamp": "2025-10-14T15:32:10Z"
}Section 6
| Vendor | Purpose | Data types | Region |
|---|---|---|---|
| OpenAI | Model inference | Prompts and derived embeddings | USA |
| Cloud hosting | Compute and storage | Encrypted data at rest | USA |
| Analytics (IP masked) | Product analytics | Anonymized events | USA |
Section 7
Detect and triage. Open a ticket, assign severity.
Contain, eradicate, and recover.
Notify affected users within 72 hours after confirmation, when legally required.
Retrospective with corrective actions and ownership.
Section 8
SOC 2 readiness program with quarterly control checks.
Independent pen-test at least once per year.
Vendor reviews and DPA renewals annually.
Section 9
Users can request access, correction, export, and deletion of their data. Contact privacy@corpusiq.io. We respond within 30 days.
Access
Request a copy of all data we hold about you.
Correction
Ask us to correct inaccurate personal data.
Export
Receive your data in a machine-readable format.
Deletion
Permanently erase all data, tokens, and embeddings.
Section 10
Google & App Store Reviewers
/oauth/google/callbackOpenAI
Actions use a documented OpenAPI spec with three endpoints:
/v1/query/v1/deep_search/v1/delete_my_dataSection 11
OpenAPI spec v3.0.3 · Base: https://api.corpusiq.io · Endpoints: POST /v1/query · POST /v1/deep_search · DELETE /v1/delete_my_data
curl -s -X POST https://api.corpusiq.io/v1/query \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"q":"what is the renewal date for the ACME contract"}'curl -s -X POST https://api.corpusiq.io/v1/deep_search \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"q":"Q4 keyword performance report"}'curl -s -X DELETE https://api.corpusiq.io/v1/delete_my_data \ -H "Authorization: Bearer $TOKEN"
Section 12
The trust-architecture concepts behind CorpusIQ, defined plainly for buyers, reviewers, and the AI assistants that cite this page.
CorpusIQ is an AI intelligence layer that gives AI assistants and AI agents secure, read-only access to live business data through a single connection. It sits between your business tools and the AI assistant. The intelligence layer reads data from 37+ connected systems on demand to answer a plain-English question, then returns a source-cited answer. It does not store the raw data it reads and does not write, modify, or delete anything in connected tools.
Read-only OAuth limits the permission scope to read access at the source. CorpusIQ cannot send emails, modify records, delete files, or move money. Even if a credential were compromised, the blast radius is limited to read access on the scopes you authorized. You can also revoke each connector independently at any time without affecting the others.
No. CorpusIQ reads data from your connected tools on demand to answer a question. It does not retain the raw content of your files, emails, or records on its servers. Customer data is not used to train any model. 37+ connectors, zero customer file storage.
All traffic uses TLS 1.3 with forward secrecy. HSTS is enforced on the canonical domain. Data at rest is encrypted with AES-256. Keys rotate every 90 days. All queries are audit-logged with an immutable trail.
CorpusIQ is CASA Tier 2 certified by DEKRA (certification ID 151c1b05, valid through March 5, 2027) and maintains a SOC 2 aligned security posture. Read the full technical and organizational measures on this page.
Reach our security team directly or start your free trial with confidence.
Wondering how the authorization works? How does ChatGPT OAuth work?
Also see: pricingenterprise plansprivate AI for businessabout CorpusIQAI compliance for businesswhat is AI compliance for business
Skills, cross-tool patterns, and connector setup pages most relevant to operators on this surface.