Perplexity compliance: GDPR, AI Act, DPA, training, transfers

TL;DR. Four distinct products: Enterprise Pro / Enterprise Max (no training, ZDR available, contractual); Sonar API (same enterprise posture); consumer free / Pro (training enabled by default unless opted out); Comet (agentic browser — much larger data-collection surface). Perplexity routes some workloads to underlying LLMs (OpenAI, Anthropic, plus first-party Sonar models) — terms apply transitively. Search query strings themselves are often Article 9 data in regulated sectors and most DPIAs miss this. HIPAA scope tightened February 2026.

DPO action: distinguish surfaces in your AI inventory; address transitive dependencies on OpenAI / Anthropic; treat Comet as a separate vendor evaluation.

What the tool does

Perplexity is an AI-powered answer engine. Instead of returning a list of links like a search engine, it crawls the web and synthesises a sourced answer. Buyers commonly evaluate one of four products:

1. Perplexity (free / Pro consumer) — at perplexity.ai, individual or team subscriptions
2. Perplexity Enterprise Pro / Enterprise Max — business-tier with admin controls and stronger compliance defaults
3. Sonar API — Perplexity's developer API for embedding answer-engine functionality into other products
4. Comet — Perplexity's agentic browser (separate product, separate compliance posture)

The compliance answer is meaningfully different across these surfaces. Most enterprise buyers should be looking at Enterprise Pro or Sonar API, not the consumer tier.

Data processed

• Search queries (which often contain context that is itself personal data)
• Documents uploaded for Q&A (Pro / Enterprise feature)
• Conversation history
• Files uploaded for analysis
• For Comet (browser): browsing history, page content, account credentials if sign-ins are stored

Special-category likelihood: Medium-high. Search queries are unusually revealing — a query string like "side effects of [drug] when pregnant" is itself special-category data. Free-form team usage will leak Article 9 categories regularly.

Default geographic processing: US-centric. Perplexity has been adding EU options for Enterprise tiers through 2026 — confirm current regional configuration with Perplexity sales before procurement decisions.

DPA availability

Perplexity publishes a Data Processing Addendum.

• URL: https://www.perplexity.ai/hub/legal/dpa
• The DPA is incorporated into Perplexity Pro for Enterprise Terms of Service and Perplexity API Terms of Service
• Auto-incorporation model — by accepting Enterprise / API terms, the customer accepts the DPA

Consumer tier (free / Pro individual) does NOT auto-incorporate the DPA in the same way. Consumer use sits under the standard consumer Terms with weaker processor commitments.

Subprocessor list

Perplexity publishes its subprocessor list at https://trust.perplexity.ai/subprocessors (also rendered inline on the trust portal landing page). First two listed: Amazon Web Services (cloud provider, US) and Microsoft Azure (cloud provider, US).

Notable architecture (which determines transitive subprocessing):

• Sonar models — Perplexity's first-party fine-tuned Llama derivatives running on Perplexity's own retrieval pipeline. No external LLM provider in the path.
• Agent API / Agentic Research API (launched 2026-03) — provides routed access to OpenAI, Anthropic, Google, and xAI models through a unified interface. Using this API exposes you to all four providers' terms transitively.
• AWS or Google Cloud — primary infrastructure
• Various analytics and support tooling

The multi-LLM Agent API is a genuine compliance complication: a buyer using it is in practice also accepting OpenAI's, Anthropic's, Google's, and xAI's terms transitively. Sonar-only deployments avoid this — confirm which API your integration uses.

Training-on-customer-data position

Enterprise Pro and Enterprise Max: Customer data is not used to train AI models. Zero Data Retention (ZDR) is offered. This is contractual.

Sonar API: Same posture — no training, ZDR available. Configurable file retention.

Free / Pro individual consumer tier: Default may include data being used for AI training, with opt-out available in user settings. This is the same trap as ChatGPT consumer and consumer Gemini — staff using personal Pro accounts are in a training-eligible flow unless they've actively opted out.

API log retention: Configurable on Enterprise / Sonar. Default retention period changes periodically; confirm at review time.

Enterprise / Sonar defaults are strong and on par with Anthropic / OpenAI enterprise tiers. Consumer-tier shadow use is the dominant unmanaged risk for any organisation with knowledge workers. — My read

EU / UK transfer position

Perplexity relies on Standard Contractual Clauses Module 2 (controller-to-processor) and Module 3 (processor-to-processor) for EU transfers via the DPA. The DPA explicitly names the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.0) issued by the UK Information Commissioner for transfers subject to UK GDPR. Perplexity is certified under the EU-US Data Privacy Framework including the UK Extension to the EU-US DPF — verified self-certification with the U.S. Department of Commerce as of 2026-05 (same DPF reauthorisation caveat as OpenAI and Anthropic).

EU data residency: confirm current options for Enterprise tiers. Default processing is US-resident.

Security documentation

Per the trust portal at https://trust.perplexity.ai/ (verified 2026-05-02):

• SOC 2 Type 2 — yes (Enterprise Pro platform; report available through the trust portal)
• ISO 27001 — not publicly displayed
• ISO/IEC 42001 — not publicly displayed. Notable absence given that Anthropic, OpenAI, Microsoft, and Google all hold this certification
• HIPAA — yes; BAA available for qualifying healthcare customers (Enterprise tiers only). PHI is expressly forbidden without a BAA in place per Enterprise Terms updated February 2026
• GDPR / UK GDPR — yes, addressed in the DPA
• PCI DSS — SAQ A — yes
• FedRAMP 20x Low — yes (resource available in trust portal, gated)

Perplexity's security disclosures have been less comprehensive than Google's or Microsoft's. Audit-grade documentation is available through the trust portal but typically behind a registration gate.

AI Act role + risk classification

• Role: Perplexity is a provider of an AI system (the answer engine). It is also a deployer of underlying GPAI models (OpenAI, Anthropic, etc.)
• Your role as a buyer: deployer of an AI system, with deployer obligations
• Risk tier: typical search / information-retrieval use sits at minimal or limited risk. Annex III applicability depends on what answers are being relied on for (e.g. if used in HR screening flows, high-risk obligations may apply)

Perplexity has not, as of 2026-05-01, published a comprehensive AI Act mapping for its products.

DPIA prompts (for your use case)

1. Which Perplexity surface are staff using? Free, Pro individual, Pro for Enterprise, Sonar API, or Comet — each has a different compliance posture. Don't accept "we use Perplexity" as a sufficient inventory entry.
2. Are search queries themselves a privacy concern for your sector? Legal, healthcare, HR, compliance teams — query strings often expose case-level detail that the buyer didn't realise was being transmitted.
3. Is the underlying LLM stack acceptable to you? Perplexity routes through multiple model providers depending on plan and feature. Your DPA chain runs through Perplexity to those vendors transitively.
4. Comet browser specifically: if any staff use Comet, you have a much larger data-collection surface (full browsing history, page content) than the answer-engine product. Treat Comet as a separate vendor evaluation.
5. AI Act Annex III applicability: is the answer engine being used as decision-support in any Annex III process? If yes, deployer high-risk obligations engage.

Unresolved questions / red flags

• Agent API multi-LLM dependency means a buyer's data flows through Perplexity to OpenAI / Anthropic / Google / xAI — four sets of terms apply transitively. Most procurement processes don't capture this. Sonar-only deployments avoid this — confirm which API your integration actually uses.
• No public ISO 27001 or ISO/IEC 42001 certifications. A meaningful gap relative to peers. Perplexity has SOC 2 Type 2 and FedRAMP 20x Low, but ISO is the lingua franca of EU procurement. Worth raising directly with Perplexity sales for any enterprise buyer.
• Comet browser is a separate compliance surface from the answer engine and is being rolled into Pro / Enterprise plans. Many buyers don't realise they've enabled it.
• Search query content can itself be Article 9 data in regulated sectors — the query string is a data flow most DPIAs underweight.
• EU data residency options are evolving — re-verify on each review.
• Public subprocessor list URL has shifted historically — flag if not findable.
• HIPAA BAA scope was tightened February 2026 to forbid PHI without an active BAA — relevant for any healthcare customer.
• Perplexity's web crawling has been publicly contested by major publishers — not a buyer-side compliance issue per se but a reputational one worth knowing about.

Related profiles

• OpenAI — sub-route LLM provider, terms apply transitively
• Anthropic — sub-route LLM provider, terms apply transitively

Sources checked

• Perplexity DPA: https://www.perplexity.ai/hub/legal/dpa — referenced 2026-05-01
• Perplexity Enterprise: https://www.perplexity.ai/enterprise — referenced 2026-05-01
• Perplexity Help Center "Data Collection at Perplexity" — referenced 2026-05-01
• Perplexity Enterprise Terms of Service (last updated 2026-02-06 per public sources) — checked 2026-05-01
• HIPAA / PHI restriction effective March 2026 — per public Enterprise ToS updates

For ongoing AI compliance support, work with Janus DPO-as-a-Service. For other vendors, browse the full index.