Perplexity AI may engage third-party companies (subprocessors) to help it deliver services, and is typically required to notify business customers before adding new subprocessors. Customers may have a limited period to object.
This analysis describes what Perplexity AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Subprocessors are downstream vendors who also access or process personal data. The terms governing how and when customers are notified of new subprocessors affect whether businesses can maintain adequate oversight of their data supply chain.
Interpretive note: The actual subprocessor clause text was unavailable due to document truncation; the analysis reflects standard DPA structure and the document's stated subject matter.
Personal data processed through a business's Perplexity AI integration may be shared with third-party subprocessors. The DPA's notice mechanism determines whether the customer business has a meaningful opportunity to object before that sharing occurs.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
RedCard. We share information with our financial partners to operate the Target RedCard program.
Monitoring
Perplexity AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: GDPR Article 28(2) and (4) require that processors obtain controller authorization before engaging subprocessors and that subprocessors are bound by equivalent data protection obligations. A notice-and-objection model (rather than prior written consent for each subprocessor) is permitted under GDPR but requires a clear objection window and escalation path. (2) GOVERNANCE EXPOSURE: Medium. If the DPA uses a general authorization model with notice rather than specific prior consent, customers have limited ability to block subprocessor additions before they take effect. This is common in cloud and SaaS DPAs but creates operational tension for customers with strict vendor approval processes. (3) JURISDICTION FLAGS: EU/EEA customers face heightened exposure if subprocessors are located in third countries without an adequacy decision, requiring reliance on SCCs or binding corporate rules. UK customers must separately assess UK GDPR transfer requirements post-Brexit. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should request the current subprocessor list at contract execution and establish an internal process to review subprocessor change notifications within the objection window specified in the DPA. The DPA should specify the consequences if Perplexity AI adds a subprocessor over a customer's objection, typically allowing contract termination. (5) COMPLIANCE CONSIDERATIONS: Customers should map all subprocessors disclosed by Perplexity AI into their own records of processing activities and assess each subprocessor's security posture and geographic location. Transfer impact assessments may be required for subprocessors in jurisdictions without EU adequacy decisions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Subprocessors are downstream vendors who also access or process personal data. The terms governing how and when customers are notified of new subprocessors affect whether businesses can maintain adequate oversight of their data supply chain.
Personal data processed through a business's Perplexity AI integration may be shared with third-party subprocessors. The DPA's notice mechanism determines whether the customer business has a meaningful opportunity to object before that sharing occurs.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Perplexity AI.