What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This DPA engages GDPR Article 28 (processor contracts), Article 46 (transfer mechanisms), and the UK GDPR equivalent provisions, as well as CCPA service provider obligations under California Civil Code Section 1798.100 et seq. The primary enforcement authorities are EU data protection authorities (including the Irish DPC given Perplexity's EU establishment considerations), the UK Information Commissioner's Office, and the California Attorney General. Where the DPA's sub-pr…

How does Perplexity AI's Perplexity Data Processing Addendum affect users?

The agreement establishes that Perplexity processes personal data only as a service provider acting on customer instructions, which means enterprise customers retain primary responsibility for determining the lawful basis for processing. Under these terms, customers receive advance notice of sub-processor changes and may object within the contractually defined period, though the document reserves Perplexity's right to proceed with changes if no valid objection is raised. You can submit data sub…

How often is Perplexity AI's Perplexity Data Processing Addendum updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Perplexity AI updates this document?

Yes. Monitor subscribers ($19/month) can add Perplexity AI to their watchlist and receive same-day email alerts whenever this document or any other Perplexity AI document changes.

CA-D-000763

Perplexity Data Processing Addendum

Perplexity AI

Last change detected May 18, 2026 Data processing addendum

SHA-256: 63330764edf10647a51… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Perplexity AI ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

This is Perplexity AI's Data Processing Addendum, a contract that governs how Perplexity handles personal data when enterprise customers and API users use its AI search and answer platform. The DPA establishes Perplexity as a data processor acting on customer instructions, requires it to implement security measures, and authorizes it to use sub-processors with advance notice to customers and a defined objection window. The document also incorporates Standard Contractual Clauses to address transfers of EU personal data to the United States.

Technical / Legal Breakdown

This Data Processing Addendum (DPA) governs the processing of personal data by Perplexity AI on behalf of enterprise and API customers, establishing Perplexity as a data processor and the customer as a data controller under applicable data protection law, including the GDPR and equivalent frameworks. The agreement states that Perplexity will process personal data only on documented instructions from the controller, will implement appropriate technical and organizational security measures, and will assist controllers in fulfilling data subject rights requests. The DPA incorporates Standard Contractual Clauses (SCCs) for international data transfers from the EU/EEA to third countries, and authorizes Perplexity to engage sub-processors subject to a notification mechanism that permits customer objection within a specified period. The document engages GDPR Articles 28, 46, and related provisions, UK GDPR, and CCPA business-to-business service provider obligations; compliance exposure is jurisdiction-dependent and varies based on customer data handling practices and the nature of personal data processed through the Perplexity platform. Material compliance considerations include the adequacy of sub-processor controls, the scope of processing instructions, and the mechanisms provided for cross-border data transfer validation.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 18, 2026

low

What changed Perplexity AI's Data Processing Addendum underwent a minor formatting change on May 18, 2026. The change involved correcting the capitalization of 'Linkedin' to 'LinkedIn' in a footer navigation link. This is a stylistic correction with no operational impact on data processing terms, consumer rights, or privacy obligations.

Why this matters This change does not affect consumer rights, data processing practices, privacy protections, or contractual obligations. The detected change is a stylistic correction to proper noun capitalization in footer navigation and has no operational significance for data governance or privacy.

View full change record →

Recent Provision Changes May 18, 2026

7 provisions unchanged.

View full change record →

High — 1 provision

Standard Contractual Clauses for International Data Transfers Compare →

This provision incorporates the European Commission's Standard Contractual Clauses as the legal mechanism for transferring EU/EEA/UK personal data to Perplexity's US-based infrastructure, in the absence of an adequacy decision covering that transfer.

Added May 20, 2026 Standard Seen across 284 platforms

Medium — 6 provisions

Data Processor Designation and Processing Instructions Compare →

This provision designates Perplexity as a data processor and restricts its processing of personal data to documented instructions from the customer acting as controller, with an exception for legally required processing.

Added May 20, 2026 Standard Seen across 284 platforms
Sub-Processor Authorization and Objection Mechanism Compare →

This provision authorizes Perplexity to use sub-processors to fulfill its service obligations, requires advance notice of sub-processor changes, provides a customer objection window, and permits termination if an objection cannot be resolved.

Added May 20, 2026 Standard Seen across 284 platforms
Security Measures and Data Breach Notification Compare →

This provision requires Perplexity to maintain technical and organizational security measures proportionate to the risk of processing, and to notify customers without undue delay upon discovering a personal data breach involving customer personal data.

Added May 20, 2026 Standard Seen across 284 platforms
Data Subject Rights Assistance Compare →

This provision requires Perplexity to provide technical and organizational assistance to enable enterprise customers to fulfill data subject rights requests, including access, rectification, erasure, restriction, portability, and objection, to the extent feasible given the nature of the processing.

Added May 11, 2026 Standard Seen across 284 platforms
Audit Rights Compare →

This provision grants enterprise customers the right to audit Perplexity's compliance with its DPA obligations, either directly or through a mandated third-party auditor, and requires Perplexity to provide supporting documentation and access.

Added May 20, 2026 Standard Seen across 284 platforms
Return or Deletion of Data Upon Termination Compare →

This provision requires Perplexity to either return or delete all customer personal data upon termination of the agreement, subject to any applicable legal retention requirements, at the customer's election.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 1 provision

Confidentiality of Processing Compare →

This provision requires Perplexity to ensure that all personnel with access to customer personal data are bound by confidentiality obligations, either contractual or statutory.

Added May 20, 2026 Standard Seen across 284 platforms

Monitoring

Perplexity AI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Standard Contractual Clauses for International Data Transfers and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 18, 2026 00:09 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000763

Version ID CA-V-002698

Source URL https://www.perplexity.ai/hub/legal/dpa

Wayback Machine View external archival references →

SHA-256 63330764edf10647a51ca197723ef717b3e1db5fabfb778068184b91e31fc670

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Perplexity Data Processing Addendum

May 18, 2026

Recent Provision Changes May 18, 2026

Monitor governance changes across the platforms you rely on.