Privacy Policy

Effective date: October 2025

CorpusIQ LLC operates a ChatGPT app that connects securely to your iCloud Mail and iCloud Drive, transforming your content into private, searchable memory. This document provides the comprehensive privacy and data protection details for regulatory and platform review (Apple, OpenAI).

Summary

Encrypted embeddings only. No raw text or files stored.
30-day active memory by default.
12-month DeepSearch archive (extendable to 24–36 months).
Instant deletion option at any time.

Information Collected

Account identifiers (Apple OAuth subject, email).
Transformed text embeddings and metadata.
Operational telemetry (sync timestamps, token counts, error metrics).

Use of Information

Provide semantic search and context retrieval across authorized iCloud data.
Maintain sync, reliability, and error correction.
Monitor performance for service stability.

Data Storage & Security

TLS 1.3 for transport, AES-256 for data at rest.
User-isolated namespaces and role-based access control.
No raw content logging. All admin access is audited.
Secrets stored in managed vault with quarterly rotation.

Retention & Deletion

Active memory retains embeddings for 30 days. Afterward, they move to an encrypted archive available to DeepSearch for 12 months by default. Extended plans support 24 or 36 months. Enterprise clients can define custom retention. Users can delete all data instantly via API or in-app control.

DELETE https://api.corpusiq.io/v1/delete_my_data
Authorization: Bearer <token>

Deletion erases embeddings, metadata, and access tokens, then writes an immutable audit receipt. Confirmation email sent within minutes.

User Rights

Right to access stored embeddings and metadata.
Right to deletion without delay.
Right to revoke Apple access and disconnect iCloud services.
Right to portability via JSON export.

Requests: privacy@corpusiq.io

Third-Party Processing

Apple: Provides iCloud access under user consent. No data shared beyond Apple’s OAuth scope.
OpenAI: Executes ChatGPT inference. Receives only prompt context, not raw files.
No advertising, no resale, no third-party training use.

International Transfers

Primary processing occurs in the United States. EU data subjects can request EU-only storage. Standard Contractual Clauses apply for lawful cross-border transfers.

Children’s Data

CorpusIQ is not directed at individuals under 16. Accounts detected as minors are deleted.

Changes to This Policy

Updates are versioned and archived. Substantial revisions trigger user email notifications.

Contact

Controller: CorpusIQ LLC
10458 E Jomax Rd, Ste 102
Scottsdale, AZ 85262 USA
Email: privacy@corpusiq.io