Plain-English risk rating: 4 of 5 (Consumer Perplexity) / 2 of 5 (Enterprise Perplexity)
Consumer Perplexity sits at 4 of 5 — higher than the other consumer-tier AI products in this database. Two reasons: training-on-by-default like the rest, AND a pending class-action lawsuit filed April 1, 2026 alleging that hidden trackers transmit full user conversation transcripts to Meta and Google even when users enable Perplexity's "Incognito" mode. The lawsuit is unresolved (as of this profile's verification date) and Perplexity has not publicly confirmed or denied the technical claims, but the allegations describe a specific, technically-testable pattern of behaviour that goes well beyond standard analytics. Until this is resolved through litigation or independent technical disclosure, we recommend treating consumer Perplexity as higher-risk than ChatGPT, Claude, or Gemini consumer tiers.
Enterprise Perplexity (Enterprise Pro, Enterprise Max, Sonar API with ZDR) sits at 2 of 5 — comparable to Microsoft 365 Copilot. The Enterprise terms explicitly exclude training, the Sonar API supports Zero Data Retention, and Perplexity has achieved SOC 2 Type II certification. The Enterprise tier is in a different risk class than the consumer product.
Recommended for
- Sole proprietor: Use the Sonar API with ZDR if you can integrate it, OR opt out of training in consumer settings AND assume the tracker allegations are accurate (i.e., don't share anything you wouldn't share with Meta's ad targeting system). For most sole proprietors, ChatGPT, Claude, or Gemini consumer with opt-out are lower-risk alternatives for general search-and-summary use
- Small team (2-10 people): Enterprise Pro for shared-team usage; pricing is custom but generally competitive with ChatGPT Business / Claude Team
- Regulated industry: Enterprise Pro or Enterprise Max with a signed BAA (Perplexity supports BAAs for some enterprise customers, but not as a self-serve option — requires enterprise contracting). API with ZDR for developers
- The honest answer for most 1-10 employee businesses: Perplexity's search-grounding is genuinely better than ChatGPT or Claude for certain research tasks, but the consumer-tier risk profile is currently the worst in this database. If you specifically want Perplexity's search capability for a small business, the Enterprise tier is the right path. The Pro tier at $20/month for individual use is harder to recommend right now given the pending lawsuit
Data retention default
- Free, Pro, Max: Conversations retained while account is active. Deleted conversations retained for 30 days, then removed
- Enterprise Pro and Enterprise Max: Admin-configurable retention; data not used for training; integrates with org-level controls
- Sonar API (standard): Retention per API terms
- Sonar API (with ZDR): No data retention beyond what's needed to return the result
Training opt-out
Consumer tiers (Free, Pro, Max) — TRAINING IS ON BY DEFAULT. Same pattern as the other consumer AI products. Opt-out is at Account Settings → Preferences → AI data retention toggle → off.
Important quirks specific to Perplexity:
- Opt-out applies to logged-in sessions only. Unregistered/guest use is governed by separate analytics terms
- Opt-out applies only to future data. Data already used in training is not removed retroactively
- The opt-out toggle does not affect the third-party tracker behaviour alleged in the April 2026 lawsuit (if those allegations are accurate, opting out of training does not stop conversation transcripts from being shared with Meta and Google)
Enterprise tiers — TRAINING IS CONTRACTUALLY EXCLUDED BY DEFAULT. No user-side toggle needed. Enterprise data is never used for AI model training per the Enterprise Terms of Service.
Third-party AI providers: Perplexity uses third-party models (OpenAI, Anthropic) for some features. Perplexity's agreements with these providers prohibit those providers from using Perplexity data for their own model training. This is a contractual protection, not a technical one, but it appears to be in place.
Zero Data Retention availability
- Sonar API: ZDR available; this is the most privacy-protective way to use Perplexity programmatically
- Enterprise Pro / Enterprise Max: Effectively achieves no-training and configurable retention, though not labelled "ZDR" in the same way as the API
- Consumer tiers: Not available
Plan tiers and pricing (as of early 2026)
| Tier | Price (USD) | Training on your data? | Suitable for |
|---|---|---|---|
| Free | $0 | Yes, unless opted out | Personal search; questionable given lawsuit |
| Pro | $20/month | Yes, unless opted out | Personal; questionable given lawsuit |
| Max | $200/month | Yes, unless opted out | Heavy individual use; same caveats |
| Enterprise Pro | Custom (typically $40-60/user/month range based on industry reports) | No — contractually excluded | Small to mid-size teams |
| Enterprise Max | Custom (higher tier) | No — contractually excluded | Larger organisations needing advanced controls |
| Sonar API | Pay-per-token | No, by default; ZDR available | Developers building applications |
Jurisdiction
- Primary processor: Perplexity AI, Inc., San Francisco, California, USA
- Cloud infrastructure: Primarily AWS
- Data processed in the United States by default. Enterprise customers may negotiate residency
- Subject to California privacy law (CCPA/CPRA) — directly relevant to the pending April 2026 lawsuit
Breach history (public incidents and allegations)
April 1, 2026 — Class-action lawsuit alleging hidden third-party trackers (UNRESOLVED)
Case: Doe v. Perplexity AI Inc., Meta Platforms, Inc., and Alphabet Inc. (Google) — 3:26-cv-02803, U.S. District Court for the Northern District of California.
The 140-page complaint alleges that Perplexity embedded "undetectable" tracking software in its website that transmits full transcripts of user conversations to Meta and Google upon visiting the homepage. The complaint specifically alleges:
- Tracking software activates as soon as users log into Perplexity's homepage
- Full conversation transcripts (described as including sensitive content such as family finances, tax obligations, investment strategies, and health information) are transmitted to Meta and Google
- Data sharing persists even when users enable Perplexity's "Incognito" mode, which is explicitly marketed as a privacy feature
- Meta and Google then use this data for targeted advertising and resell it to additional third parties
- Behaviour alleged to violate California privacy laws including the state's "wiretapping" statute
The plaintiff is identified as a Utah resident filing under "John Doe" and seeks to represent a class of all affected Perplexity users.
Perplexity spokesperson Jesse Dwyer responded to Bloomberg: "We have not been served any lawsuit that matches this description, so we are unable to verify its existence or claims." Meta directed inquiries to its Facebook help page, noting that sharing sensitive information violates its policies. Google had not publicly responded as of April 1, 2026.
As of the verification date of this profile (May 22, 2026), the lawsuit is in early procedural stages. The technical claims are testable: if accurate, third-party security researchers should be able to confirm or refute them by monitoring network traffic from a Perplexity session. We are not aware of independent technical confirmation either way at this date.
Sources: Bloomberg (April 1, 2026); Insurance Journal; Claims Journal; Tom's Guide; Evermx case tracker; mlq.ai analysis
Documented Android app vulnerabilities (ongoing 2024-2026)
Independent security researchers have documented vulnerabilities in the Perplexity Android app related to session handling and credential storage. These have been progressively patched, but the pattern (multiple vulnerabilities surfacing in the mobile app over time) suggests that privacy and security may not be architected as deeply into the consumer mobile product as Perplexity's marketing implies. We are not aware of any public breach incident traceable to these vulnerabilities — but the existence of the vulnerabilities themselves is relevant to the risk picture.
Source: Anonyome research analysis (April 2026)
Note on infrastructure breaches: No public confirmed breach of Perplexity's core infrastructure (model serving, training pipeline, customer data stores) has been reported as of May 2026. The incidents above are application-layer and contractual/legal rather than infrastructure-level.
Note on the CEO's stated browser strategy: Perplexity's CEO has publicly discussed building a Perplexity-branded browser specifically to enable data collection "even outside the app." This is documented company strategy, not a breach or allegation, but it indicates a trajectory toward broader behavioural tracking. SMB owners using Perplexity should factor this into long-term vendor selection decisions — the privacy posture may continue to evolve in directions that reduce user control.
What this means in plain English for SMB owners
Three honest takeaways:
- The April 2026 lawsuit is unresolved but the allegations are specific and serious. Until either the case resolves or independent researchers confirm or refute the technical claims, treat consumer Perplexity (Free, Pro, Max) as if your conversations may be visible to Meta and Google's advertising systems. If you would not type something into a Facebook post, don't type it into consumer Perplexity right now.
- Enterprise Perplexity is a different product with substantially better defaults. If you want Perplexity's search-grounding capability for business use, the Enterprise tier with proper contracting is the right path. Do not use Pro for client work that you would not use a Meta product for.
- Perplexity's strength is search-grounded answers — that is genuinely better than ChatGPT or Claude for certain research tasks. For an SMB owner doing competitive research, market analysis, or technical research that needs recent web sources, Perplexity Enterprise is a legitimate choice. For general AI assistant work (drafting, brainstorming, analysis of your own content), ChatGPT Business or Claude Team are lower-risk choices.
Sources
- Perplexity Help Center: Third-party model providers training: https://www.perplexity.ai/help-center/en/articles/10354963-are-third-party-model-providers-training-on-my-data (verified 2026-05-22)
- Perplexity Security Hub: SOC 2 Type II announcement (April 2025)
- Anonyome: Perplexity AI data privacy analysis (April 2026)
- Cape: Perplexity AI Data Privacy Policy (April 2026)
- mePrism: Perplexity opt-out guide (2026)
- Spellbook: Is Perplexity Private for Lawyers (April 2026)
- Spellbook: Perplexity vs ChatGPT privacy comparison (April 2026)
- Paubox: Is Perplexity AI HIPAA compliant 2026 update (April 2026)
- Heydata: Perplexity AI data protection risks
- Bloomberg: Perplexity AI Machine Accused of Sharing Data With Meta, Google (2026-04-01)
- Claims Journal / Insurance Journal coverage of Doe v. Perplexity (2026-04-01/02)
- Tom's Guide: Perplexity 'incognito mode' lawsuit (2026)
- Evermx case tracker: Case 3:26-cv-02803, Northern District of California
- Modemguides: Perplexity AI lawsuit user data sharing analysis (April 2026)
Related on AI Leakage
- Compare all 29 AI tools in the risk directory — see how Perplexity stacks up against the rest, tier by tier.
- Take the 5-minute “Am I Leaking?” check — a personalised view of your business’s AI exposure.
- Check a prompt before you paste it — our free Data-Safe Prompt Rewriter.
- Shadow AI vs AI leakage — why even approved tools like Perplexity can leak data.
- Get plain-English AI Leakage Alerts — we email you when an AI tool you use changes its data policy or has an incident.
- Get the free AI Acceptable Use Policy template — a plain-English policy with the tool-by-tool risk guide built in.