Third-Party Data Sharing with Analytics and Advertising Partners

What it is

Perplexity shares your personal information with outside companies that help run its business, including analytics providers and marketing services.

Why it matters (compliance & governance perspective)

Your usage data, device identifiers, and interaction history may flow to third-party analytics and advertising platforms, expanding the number of entities that hold information about your behavior.

Consumer impact (what this means for users)

Personal information including device identifiers, usage patterns, and potentially query metadata may be shared with third-party vendors for analytics and marketing purposes, meaning your data reaches entities beyond Perplexity itself.

What you can do

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Third-party data sharing engages GDPR Article 28 (processor agreements) and Article 46 (transfer mechanisms for non-EEA recipients), CCPA/CPRA disclosure and opt-out requirements for sharing personal information with third parties, and FTC guidelines on deceptive data sharing practices. Where sharing constitutes a sale or sharing for cross-context behavioral advertising under CPRA, California users have the right to opt out. (2) GOVERNANCE EXPOSURE: Medium. The policy discloses third-party sharing but does not enumerate specific third-party recipients by name or category in sufficient detail to enable full compliance mapping. The lack of a comprehensive vendor list creates due diligence risk for enterprise customers and regulatory risk under GDPR's accountability principle. (3) JURISDICTION FLAGS: EU/EEA users require that any data sharing with processors or sub-processors be governed by GDPR-compliant data processing agreements and that cross-border transfers rely on an approved mechanism. California residents have CPRA rights to know with whom their data is shared and to opt out of sharing for advertising purposes. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should request a list of Perplexity's sub-processors and confirm that each has appropriate contractual protections in place. The policy's general reference to third-party vendors without enumeration may not satisfy GDPR's transparency requirements for enterprise data processing agreements. (5) COMPLIANCE CONSIDERATIONS: Organizations should map which categories of user data flow to which third-party vendors and assess whether current user consent or notice mechanisms are adequate to support those transfers under applicable law in each relevant jurisdiction.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Query Content Used for AI Model Training medium
• Data Retention Without Specified Timeframes medium
• California Resident Privacy Rights medium
• Collection of Device and Usage Data low
• Cross-Border Data Transfers medium
• Minors and Age Restriction medium

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.