Perplexity has quickly become a go-to AI-assisted search tool, processing 100 million+ queries each week. If you use it regularly, it’s reasonable to know what happens to your prompts, uploaded files, generated images, and other personal data behind the scenes, and how much of that activity you actually control.
We’ll break down the Perplexity AI data privacy policy so you can track what information is collected, how it’s handled, and what the key risks are. We’ll also discuss the steps you can take to safeguard your personal data when using conversational AI tools.
Understanding Perplexity and Its Privacy Model
Perplexity is an AI-powered research tool that pulls information from across the web and turns it into conversational answers. It’s an alternative to traditional search, helpful for everyday problem-solving with quick queries, as well as deeper research and brainstorming.
The privacy policy of Perplexity AI is designed around major privacy and data protection laws, including the CCPA and GDPR, which direct it not to sell or share personal information. If applicable, individual users can also enforce their GDPR rights, such as data access and deletion.
Aligning with these data privacy frameworks helps Perplexity follow industry best practices for secure and confidential data handling. Still, it’s just as important to see how it collects, stores, or uses user data in day-to-day use.
What Information Does Perplexity AI Collect?
The data Perplexity collects depends on how you use the service. By default, your prompts (and any personal context written in) are automatically collected and processed as part of the service. If you’re using the Perplexity mobile app, you may also expose additional technical data, such as your location history and device usage patterns.
Broadly, Perplexity’s data collection practices can be studied for three user categories:
- Individual plan users
- Enterprise and API users
- Perplexity Comet browser users
1. Individual Plan Users
If you’re on an individual plan (Free, Pro, or Max), Perplexity can typically collect the following information as you engage with the service:
Category | Data Collected |
Contact details |
|
Account info |
|
| |
Service interactions |
|
Other provided info |
|
Device info |
|
Usage data |
|
Additionally, the company may obtain user information from various third-party sources, such as Google Analytics, marketing companies, and your underlying Google or Apple account.
If you choose to sync a personal email or calendar, Perplexity may access limited data, such as contacts, appointments, or messages, to deliver its Email Service Information features.
2. Enterprise and API Users
Perplexity Enterprise users have broader controls to manage data privacy settings. These include limiting data retention, restricting access at the workspace level, and managing sharing permissions within the organization. Perplexity also explicitly states that enterprise data is never used to train or fine-tune its AI models.
For developers using the Perplexity Sonar API, the company maintains a Zero Data Retention policy under its Perplexity API privacy policy, meaning it doesn’t store prompts and responses sent through the API. The only information collected is essential metrics, such as:
- Number of tokens processed
- AI model used
- Request timestamp and duration
- API key identification for billing purposes
3. Perplexity Comet Browser Users
Perplexity’s AI-powered web browser, Comet, also has its own data collection practices that differ from the core AI service. According to the Perplexity Comet privacy policy, the collected data depends on enabled features and settings, and is stored locally on the user’s device. Comet may collect:
- Browsing and interaction data: This includes visited URLs, page content, search queries, downloads, cookies, and site permissions. Browsing data is not collected in Incognito Mode.
- Profile and sync data: If syncing is enabled, data like saved passwords, bookmarks, payment methods, and location can be collected.
- Technical data: It includes your device's operating system, hardware specs, crash reports, and IP address. Some technical data is collected even in Incognito Mode.
- Preferences and settings: This covers your browser settings, including privacy and ad-blocking choices.
How Perplexity AI Uses Your Data
Perplexity uses the information it collects primarily to operate and maintain its services. This includes processing your prompts to generate answers, maintaining your account, facilitating payments, and enhancing user experience.
Let’s address the two key concerns:
- Whether your data is shared with third parties
- Whether it’s used to train their AI models
1. Is Your Perplexity AI Data Shared With Third Parties?
Yes, Perplexity may disclose your information to outside parties under specific scenarios.
The company doesn’t sell, trade, or share your personal information in the traditional sense, but the Perplexity privacy policy enables sharing with trusted partners, such as:
- Service providers who help operate the platform, such as payment processors, customer support tools, or infrastructure services
- Business partners who offer promotions or discounted access to Perplexity
- Advertising and analytics partners who deliver personalized ads across the platform
Perplexity is also subject to regulations like the CLOUD Act and the Electronic Communications Privacy Act (ECPA), which give law enforcement the right to demand access to data, even from servers overseas.
While government access is bound by lawful requests, privacy-conscious users consider data sharing with advertisers and partners a serious concern. Each additional party involved expands the attack surface, increasing the risk of misuse, unauthorized tracking, or data breaches beyond your control.
2. Is Your Data Used for Training AI Models?
Unless you’re an Enterprise user or developer, Perplexity may use data such as search queries to “train AI models and improve the quality of search results.”
For Free, Pro, or Max plan users, Perplexity AI data usage for training is enabled by default, but you can opt out by turning off the AI data retention toggle in your Account Settings under the Preferences tab. Opting out applies only to future data, so data already used in training may not be deleted.
Even though Perplexity uses third-party AI providers like OpenAI to power some features, it states that your data isn’t passed on to these providers for their own model training.
Bonus: Read our privacy policy guides for other AI providers:
How Long Does Perplexity Retain Your Data?
Under Perplexity AI’s data retention policy, your account and personal information is retained as long as your account is active. If you delete your account, Perplexity removes your data from its servers within 30 days. You can request full account and data deletion by filling out this form.
According to the Perplexity AI privacy policy, your search history and chats are kept in your account until you manually delete them. However, uploaded files and images are automatically deleted after 30 days for regular users and seven days for enterprise users.
Perplexity offers an Incognito mode for more private temporary chats. These conversations aren’t stored in your normal account history and automatically expire after about 24 hours. On the web client, you can toggle the mode using Cmd/Ctrl + ;.
Certain data may be retained longer where required by law, to resolve disputes and enforce terms or other safeguards. This can include information about:
- Financial scams
- Professional malpractice
- Criminal convictions
Perplexity AI’s data usage policy also notes that your information is typically de-identified or anonymized when used for analysis or service improvement.
Perplexity AI: Security Limitations To Be Aware Of
Despite a standard privacy policy, Perplexity has had several documented security issues that raise broader questions about the company's data collection and processing policies.
Security experts at Singapore-based mobile security company Appknox found several technical vulnerabilities in Perplexity’s Android app. One critical gap was hardcoded secrets in its code, which could expose sensitive information like passwords and API keys if exploited.
Perplexity has also faced allegations for large-scale scraping of public forums without explicit authorization, most notably from Reddit. Independent security audits have also highlighted issues with the Comet browser, including the risk of prompt injection that could let bad actors manipulate the AI, leading to phishing-type attacks.
Overall, like any platform that processes large volumes of user input, Perplexity can be an attractive target for attackers, although no public breaches have occurred as of February 2026.
How To Stay Protected When Using Perplexity
A few basic practices can help reduce exposure risks when using Perplexity:
- Avoid entering sensitive information
- Limit cookies and tracking
- Stay logged out unless necessary
1. Avoid Entering Sensitive Information
Perplexity works best when it’s used for general research and information discovery. Like most AI tools, it isn’t designed to function as an end-to-end private space. So, avoid entering any identifying detail in your prompts, such as:
- Home or office addresses
- Account credentials
- Work documents
- Legal or medical details
If necessary, you can frame your queries using analyzed wording. For example, you can use terms like “a suburban area” instead of mentioning a specific location.
2. Limit Cookies and Tracking
Perplexity may collect interaction data through cookies, browser storage, and other tracking technologies. You can limit this type of data collection by adjusting your browser cookie and tracking settings.
The steps vary depending on your browser. For Google Chrome on desktop, go to Settings>Privacy and security>Third-party cookies and enable Block third-party cookies. In the same window, you can also enable the Send a “Do Not Track" request with your browsing traffic option to discourage sites from tracking you. However, not all sites may honor this request.
3. Stay Logged Out Unless Necessary
Perplexity can be used without creating or signing into an account, which limits how much activity is collected and tied to a specific user profile. Signing in enables saved history, syncing across devices, and paid features, but it also means more data is associated with your account.
Staying logged out may be suitable for sensitive searches or research, particularly if you don’t need personalization features.
4. Secure Your Mobile Network
Most privacy discussions for services like Perplexity focus on app-level settings, such as the permissions you grant, the data you enter, and the toggles you adjust. What many don’t realize is that a large part of data exposure risks comes from outside the app, particularly through the mobile carrier.
The largest U.S. carriers, including Verizon, AT&T, and T-Mobile, have a history of collecting, and sometimes even selling, the metadata of your online activity. This can include your location and access patterns when using apps like Perplexity.
Most carriers use weak encryption and outdated protocols to route your calls and SMS, which leads to repeated attacks that drive data and identity theft. Learn more about the breadth of these attacks in our data breach timeline.
Securing your apps is only effective if the pipeline carrying the data is also secure. That’s why switching to a privacy-native mobile carrier like Cape is essential. Cape minimizes data collection at the network level, offering a unique infrastructure that reduces exposure of your phone-linked identifiers.
Why Cape Is the Carrier of Choice for Privacy-Minded Users
Carriers have long built their business on data collection—tracking where you go, who you talk to, and how you use your phone. That data creates vulnerabilities, from breaches to surveillance, while leaving customers with little control.
Cape is different. We’re a privacy-first carrier that protects your identity at the network level without compromising on essentials like speed, coverage, or reliability. By design, we don’t collect the kinds of personal data that can be misused or exposed.
Cape’s Built-In Security Features
Here are some of the most advanced security features embedded into Cape:
- Minimal Data Collection and Retention: Cape doesn’t ask for your name, address, or Social Security number. We collect only what’s required to provide service—and keep it for the shortest time possible.
- Identifier Rotation: Traditional carriers use a fixed International Mobile Subscriber ID (IMSI), making your device trackable. Cape automatically rotates your IMSI every 24 hours, which makes tracking a lot more harder.
- Secondary Numbers: Many services ask for your phone number, but sharing it exposes you to spam, scammers, data brokers, and a variety of other risks. VoIPs, on the other hand, don’t work with 2FA, cost extra, and aren’t encrypted. Cape gives you two free SMS/MMS lines that are end-to-end encrypted.
- Disappearing Call Logs: Most U.S. carriers store your call and text metadata for years, sometimes indefinitely. Cape is built to forget, so call data records (CDRs) are deleted after just 24 hours.
- Last-Mile Encrypted Texting: Unencrypted SMS can expose OTPs and sensitive data. Cape encrypts and routes SMS/MMS through the app, so intercepted messages remain unreadable. Currently available on iPhone; Android coming soon.
- SIM Swap Protection: Cape nullifies the threat of SIM swapping by completely removing humans from the loop. During signup, you receive a 24-word phrase that generates a private key tied to your number. Only you, not even Cape, can move your number to a new device or carrier.
- Network Lock: Legacy protocols like SS7 enable tracking and interception. Cape verifies your device’s physical location before network attachment and automatically blocks suspicious connections.
- Encrypted Voicemail: Traditional voicemail systems are outdated, unencrypted, and another security hole bad actors can exploit to gain access to your sensitive information. Cape encrypts all voicemails, ensuring only you can access them.
- Secure Global Roaming: While roaming, your phone connects to local telecom providers to enable service that’s prone to interception. Cape provides you with peace of mind by routing your traffic through our U.S.-based mobile core to keep your identity and communications private.
- Private Payment: Cape doesn’t ask for your name or billing address. Payments are tokenized through Stripe, with financial records stored completely separate from your account information, so your identity can’t be linked to your subscription.
Switch to Cape: Coverage You Expect, Privacy You Deserve
If you’re ready to make a switch from legacy telcos to America's privacy-first mobile carrier, visit cape.co/get-cape and test out Cape in practice for just $30 for your first month. You get up to 15 GB per month of international roaming, included in your monthly plan.
In addition to all the features listed above, you can further enhance your privacy and security with Proton. Our partnership with this technology leader allows you to get Proton Unlimited or Proton VPN Plus for only $1 for the first six months.
Disclaimer: Privacy policy details can change over time. Please visit https://www.perplexity.ai/ for the latest policy details across Perplexity services.
