Provisions Index

The policy prohibits using the Perplexity platform to generate CSAM or detailed sexual content involving minors, with no stated exceptions....

Why it matters: This provision establishes an absolute use restriction applicable to all users and directly implicates COPPA, federal CSAM statutes, and international child protection frameworks. Violation would expose users to both platform termination and potential criminal liability independent of the AUP....

View provision → Watch Perplexity AI →

The policy prohibits using the platform to generate content that provides meaningful assistance to efforts to create biological, chemical, nuclear, or radiological weapons capable of mass casualties....

Why it matters: This provision establishes a prohibited use category that aligns with US export control frameworks, including Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), as well as biosecurity statutes. The term 'serious uplift' is not defined in the document, which creates interpretive uncertainty regarding where informational content ends and prohibited assistance begins....

View provision → Watch Perplexity AI →

The policy prohibits using the platform to generate political rhetoric intended to alter political views or sow division, political advertising or propaganda, content targeting based on political ideology, disinformation, fake news, or content that could undermine election integrity....

Why it matters: This provision contains several broadly framed categories, including 'rhetoric that could unduly alter people's political views' and content that could 'sow division,' that are not defined in the document. These categories create significant enforcement discretion for Perplexity and may affect users engaged in legitimate political commentary, journalism, academic research, or civic education. The disinformation prohibition also engages emerging platform content liability frameworks including the EU Digital Services Act....

View provision → Watch Perplexity AI →

The policy prohibits using Perplexity outputs to represent AI-generated content as human-generated in contexts where such misrepresentation could deceive the recipient....

Why it matters: This provision engages FTC guidance on AI-generated content disclosure and the EU AI Act's transparency requirements for AI-generated content, particularly in contexts such as customer service, journalism, academic submission, and legal proceedings. The clause is qualified by 'in contexts where this could mislead,' which preserves some discretion regarding fictional or clearly labeled creative uses....

View provision → Watch Perplexity AI →

The policy reserves to Perplexity the right to suspend or terminate a user's access to the platform for violations of the AUP, without specifying a notice requirement, investigation procedure, or appeal mechanism in this document....

Why it matters: This provision establishes a unilateral enforcement mechanism that applies to all users, including API-dependent enterprise customers, without a documented procedural framework for notice, investigation, or appeal. For business users relying on Perplexity's API for operational workflows, the absence of stated procedural protections creates operational continuity risk....

View provision → Watch Perplexity AI →

The policy reserves to Perplexity the right to update the AUP at any time, and states that continued use of the platform after an update constitutes the user's agreement to the revised terms, without specifying a notice period or notification mechanism....

Why it matters: This provision establishes a unilateral amendment mechanism under which users are bound by revised AUP terms through continued platform use. The document does not specify a minimum notice period before updated terms take effect, which may require evaluation under GDPR consent requirements for EU users and CCPA disclosure obligations for California residents....

View provision → Watch Perplexity AI →

The policy prohibits using the platform to collect personal data without authorization, conduct surveillance, or distribute personal information about others without their consent....

Why it matters: This provision establishes a prohibited use category that interacts with GDPR, CCPA, and other privacy frameworks, and may be relevant for enterprise users who query the platform using third-party personal data without authorization. The prohibition on 'unauthorized data collection' is not further defined in the document....

View provision → Watch Perplexity AI →

The policy prohibits users from attempting to bypass, disable, or work around safety measures, content filtering systems, or platform restrictions implemented by Perplexity....

Why it matters: This provision establishes a broadly framed prohibition on circumvention of platform safety controls, which may encompass prompt injection, jailbreaking, and similar adversarial techniques. The scope of 'other restrictions' is not defined, which creates interpretive breadth. This provision interacts with the Computer Fraud and Abuse Act (CFAA) in contexts where circumvention attempts involve unauthorized access....

View provision → Watch Perplexity AI →

The document states that inputs and outputs submitted through the OpenAI API or ChatGPT Enterprise are not used to train OpenAI models by default, and that training use requires explicit customer opt-in....

Why it matters: This provision establishes the primary data use boundary for enterprise and API customers, directly affecting purpose limitation and data minimization compliance under GDPR and equivalent frameworks. The default exclusion from model training is a material operational distinction from consumer-tier ChatGPT accounts, where different terms may apply....

View provision → Watch OpenAI →

The document asserts that customers retain ownership of the inputs they submit and the outputs they receive through the enterprise and API tiers....

Why it matters: This provision establishes the ownership framework for enterprise-generated content, which is relevant to intellectual property management, downstream licensing, and data portability considerations for business customers....

View provision → Watch OpenAI →

The document states that OpenAI offers a Data Processing Addendum incorporating Standard Contractual Clauses to support GDPR compliance for customers processing EU personal data through the API or ChatGPT Enterprise....

Why it matters: This provision establishes the contractual mechanism for GDPR Article 28 processor compliance and cross-border data transfer requirements for EU/EEA customers, and is the operative instrument for organizations with EU data protection obligations using OpenAI services....

View provision → Watch OpenAI →

The document states that OpenAI can execute Business Associate Agreements with HIPAA-covered entities and business associates requiring contractual HIPAA protections for their use of OpenAI services....

Why it matters: This provision establishes that OpenAI offers BAA execution as a contractual mechanism for healthcare sector customers subject to HIPAA, which is a prerequisite for lawful processing of protected health information through OpenAI services....

View provision → Watch OpenAI →

The document states that OpenAI maintains SOC 2 Type 2 certification and applies encryption to customer data both at rest and in transit for enterprise and API service tiers....

Why it matters: This provision discloses the security assurance framework applicable to enterprise data, which is a standard due diligence reference point for vendor security assessments and regulatory compliance programs requiring documented technical safeguards....

View provision → Watch OpenAI →

The document states that OpenAI provides Standard Contractual Clauses as the legal mechanism for cross-border personal data transfers from the EU to the United States and other non-adequate countries....

Why it matters: Under GDPR Chapter V, cross-border transfers of personal data to non-adequate third countries require an approved transfer mechanism; this provision discloses that OpenAI uses Standard Contractual Clauses as that mechanism for EU-originating enterprise and API data....

View provision → Watch OpenAI →

The policy states that user-submitted queries and conversation content may be used to train and improve Perplexity's AI models, with an opt-out available through account settings....

Why it matters: This provision establishes that conversational input submitted by users during ordinary platform use may be incorporated into AI model training workflows. The opt-out mechanism's operational scope, accessibility, and technical implementation are material to compliance under GDPR and CCPA, particularly regarding whether opt-out requests are honored prospectively or also retroactively....

View provision → Watch Perplexity AI →

The policy authorizes sharing of user identifiers, device information, and inferred interest data with third-party advertising and analytics partners for ad delivery, measurement, and service improvement purposes....

Why it matters: This provision establishes data flows to third-party advertising and analytics partners, which under CCPA/CPRA may constitute a sale or sharing of personal information for cross-context behavioral advertising, triggering opt-out rights. Under GDPR, such sharing may require explicit consent or a documented legitimate interest basis....

View provision → Watch Perplexity AI →

The policy states that Perplexity collects directly provided identifiers (name, email, phone, payment details) and automatically collected data including device information, IP address, search queries, conversation history, and voice or audio data from voice features....

Why it matters: This provision establishes the full scope of personal data collection, including voice and audio data which may be subject to additional state-level protections (such as Illinois BIPA or Washington's My Health MY Data Act depending on data type) and GDPR requirements for processing biometric or sensitive personal data categories....

View provision → Watch Perplexity AI →

The policy discloses that California residents have CCPA/CPRA rights to access, delete, correct, and opt out of the sale or sharing of personal information, exercisable through Perplexity's privacy rights form....

Why it matters: This provision establishes the mechanism through which California residents may exercise statutory rights under CCPA and CPRA. The operational completeness of the privacy rights form and Perplexity's response timelines are subject to CPRA enforcement by the California Privacy Protection Agency....

View provision → Watch Perplexity AI →

The policy states that EEA and UK users' data is processed on lawful bases including consent, legitimate interests, and contractual necessity, and that cross-border transfers outside the EEA and UK are conducted using appropriate safeguards such as standard contractual clauses....

Why it matters: This provision establishes the legal framework governing EEA and UK user data, including the reliance on standard contractual clauses for international transfers. The adequacy of these safeguards and the validity of the legitimate interest basis for AI training and advertising processing are subject to evaluation by EU supervisory authorities and the UK ICO....

View provision → Watch Perplexity AI →

The policy states the service is not directed at children under 13 and that Perplexity will delete personal information if it discovers it was collected from a child under 13....

Why it matters: This provision establishes a COPPA-aligned age threshold, but relies on a reactive rather than proactive verification mechanism. The policy does not describe what age verification procedures are in place to prevent collection from users under 13 in the first instance....

View provision → Watch Perplexity AI →

The policy states that personal data is retained for as long as necessary for service delivery, legal compliance, dispute resolution, and enforcement, with extended retention permitted for legal or legitimate business reasons....

Why it matters: This provision does not specify retention periods for individual data categories, including conversation history and voice data, which creates compliance uncertainty under GDPR's data minimization and storage limitation principles and under state privacy laws requiring disclosure of retention practices....

View provision → Watch Perplexity AI →

The policy states that material changes will be communicated by email or website notice before taking effect, and that continued use of the service after changes constitutes acceptance of the updated terms....

Why it matters: The continued use equals acceptance mechanism establishes an implied consent framework for policy updates. Under GDPR, material changes to processing activities may require renewed explicit consent rather than implied acceptance through continued use, particularly for processing based on consent as the legal basis....

View provision → Watch Perplexity AI →

The policy authorizes Perplexity to share user query content and conversation history with external AI model providers in order to generate responses. These third-party providers may process the submitted content under their own terms....

Why it matters: This provision establishes that sensitive user query content and conversation history are transmitted to third-party organizations beyond Perplexity, creating a data sharing chain that extends Perplexity's privacy obligations into downstream provider relationships. Compliance teams should assess whether adequate data processing agreements govern these transfers and whether the processing basis is sufficient under applicable law....

View provision → Watch Perplexity AI →

The policy states that user queries and received responses may be used to train and improve Perplexity's AI models, with an opt-out available through privacy settings or by emailing privacy@perplexity.ai. The default position is that this use applies unless the user actively opts out....

Why it matters: This provision establishes an opt-out default for use of personal interaction data in AI model training, meaning training use proceeds unless users take affirmative action. For EU/EEA users, the adequacy of an opt-out mechanism as opposed to opt-in consent for this processing purpose may require evaluation against GDPR requirements depending on the processing basis asserted....

View provision → Watch Perplexity AI →

The policy states that when users engage voice-enabled features, Perplexity may collect audio recordings of voice queries for the purpose of processing requests. The policy does not specify a distinct retention period for voice audio data....

Why it matters: Voice audio data is a distinct and sensitive category of biometric-adjacent personal data in several jurisdictions. This provision creates compliance obligations under Illinois BIPA for voiceprint data, and may engage additional requirements in Texas and Washington, as well as heightened scrutiny under GDPR as a special category if biometric processing is involved....

View provision → Watch Perplexity AI →

The policy authorizes sharing of user identifiers, device information, and interaction data with advertising partners for targeted advertising and campaign measurement. This data sharing is distinct from sharing with AI model providers....

Why it matters: This provision authorizes sharing of personal data with advertising partners, which constitutes a sale or sharing of personal information under CCPA for California residents and requires a valid lawful basis under GDPR, typically consent for behavioral advertising. The provision engages CCPA opt-out rights and GDPR consent requirements for targeted advertising....

View provision → Watch Perplexity AI →

The policy grants California residents rights under CCPA and CPRA including access, deletion, correction, opt-out of sale and sharing, and limitation of sensitive personal information use. These rights are exercisable by contacting Perplexity....

Why it matters: This provision establishes the operational framework under which California residents can exercise statutory privacy rights. Compliance teams should verify that each enumerated right is technically and procedurally implemented, including response timelines required by CCPA and CPRA....

View provision → Watch Perplexity AI →

The policy grants EU, EEA, UK, and Switzerland-based users data subject rights under GDPR and equivalent laws, including access, rectification, erasure, restriction, objection, and data portability. Users in these jurisdictions may also complain to their local data protection authority....

Why it matters: This provision establishes GDPR data subject rights for EU/EEA, UK, and Swiss users and references the right to complain to supervisory authorities, which is a mandatory GDPR transparency requirement. The operational implementation of these rights, including response mechanisms and lawful basis documentation, is a primary compliance focus for GDPR-regulated operations....

View provision → Watch Perplexity AI →

The policy states that Perplexity's services are not directed to users under 13, that the platform does not knowingly collect personal data from children under 13, and that such data will be deleted if inadvertently collected. The policy does not describe age verification mechanisms....

Why it matters: This provision establishes COPPA compliance posture for US operations. The absence of described age verification mechanisms raises a practical question about how the under-13 restriction is enforced operationally, which is an active area of FTC scrutiny for online services....

View provision → Watch Perplexity AI →

The policy states that personal data is retained for the period necessary for service provision, legal compliance, dispute resolution, and agreement enforcement, without specifying fixed retention periods for any data category. Retention duration is described as dependent on data type and collection purpose....

Why it matters: The absence of specified retention periods for distinct data categories, including query content, voice audio, and conversation history, creates uncertainty for compliance assessments and may engage GDPR storage limitation requirements, which mandate that personal data not be retained longer than necessary for the specified purpose....

View provision → Watch Perplexity AI →

The enterprise terms establish restrictions on how the Perplexity AI platform may be used by enterprise customers and their authorized end users, prohibiting uses that violate applicable law, infringe third-party rights, or fall outside permitted commercial purposes....

Why it matters: This provision defines the operational boundaries of permissible platform use for enterprise deployments and establishes the basis on which Perplexity may suspend or terminate access for non-compliant use by the enterprise customer or its end users....

View provision → Watch Perplexity AI →

The agreement addresses ownership of intellectual property rights in content submitted by enterprise customers and in AI-generated outputs produced by the Perplexity platform, establishing the respective rights of the parties in customer inputs and service outputs....

Why it matters: This provision determines whether enterprise customers hold rights in AI-generated outputs they receive from the platform, which is operationally significant for organizations that intend to use or commercialize those outputs in products, services, or internal workflows....

View provision → Watch Perplexity AI →

The agreement reserves Perplexity's right to suspend or terminate enterprise account access under defined conditions, including violations of the acceptable use policy, non-payment, or other material breaches of the agreement....

Why it matters: This provision establishes the conditions under which Perplexity may discontinue service to an enterprise customer, which is operationally significant for organizations that have integrated the platform into business-critical workflows....

View provision → Watch Perplexity AI →

The agreement establishes caps on Perplexity's financial liability to enterprise customers for losses arising from service failures, AI output inaccuracies, or other claims under the agreement, typically limiting recovery to fees paid within a defined preceding period....

Why it matters: This provision defines the maximum financial exposure Perplexity accepts under the agreement, which is operationally significant for enterprise customers assessing the adequacy of contractual recourse relative to their reliance on the platform....

View provision → Watch Perplexity AI →

The agreement establishes mutual or one-way confidentiality obligations governing the treatment of proprietary business information exchanged between Perplexity and enterprise customers, including restrictions on disclosure and use of confidential information....

Why it matters: This provision governs how enterprise customers' proprietary business information submitted through or in connection with the platform is treated, which is operationally significant for organizations deploying the service in contexts involving trade secrets, client data, or sensitive business information....

View provision → Watch Perplexity AI →

The agreement addresses how Perplexity processes data submitted by enterprise customers and their authorized users through the platform, including any rights Perplexity holds to use query data, conversation data, or other submitted content for service operation or improvement....

Why it matters: This provision governs the scope of Perplexity's rights to use enterprise-submitted data, which is a primary compliance consideration for organizations deploying AI platforms that process employee queries, customer information, or proprietary business data....

View provision → Watch Perplexity AI →

The agreement specifies the governing law and jurisdiction for disputes arising between Perplexity and enterprise customers, typically designating a US state (likely California or Delaware) and establishing the forum for dispute resolution, which may include arbitration or litigation in specified courts....

Why it matters: This provision establishes the legal framework under which contractual disputes between Perplexity and enterprise customers are resolved, which is operationally significant for non-US enterprise customers who may face practical and legal barriers to pursuing claims in a US forum....

View provision → Watch Perplexity AI →

If a user navigates away from the page, closes the tab, or switches applications without interacting with the cookie consent banner, and has not enabled Global Privacy Control in their browser, the site automatically opts the user into all cookie categories via OneTrust's AllowAll function....

Why it matters: This provision establishes a passive consent mechanism that triggers full cookie opt-in upon page abandonment for users who have not explicitly engaged with the consent banner, which may require evaluation under CCPA and CPRA requirements for opt-out of sale and sharing of personal information for California residents....

View provision → Watch SoFi →

The site's consent management code checks for the Global Privacy Control browser signal and, if detected, executes OneTrust's RejectAll function, declining all non-essential cookie categories for that user....

Why it matters: This provision documents that SoFi's implementation recognizes the GPC signal as an opt-out instruction for unauthenticated users on public-facing pages, which is consistent with California Attorney General guidance on CCPA compliance for GPC signals....

View provision → Watch SoFi →

The policy hub page states that SoFi collects, discloses, and uses personal information received about users across its financial products and services, with detailed policies governing specific product lines including banking, lending, investing, and insurance....

Why it matters: As a financial services entity offering banking, lending, and investment products, the scope of data collection authorized across these product lines engages both GLBA nonpublic personal information requirements and CCPA personal information categories, creating distinct obligations for each data type and product context....

View provision → Watch SoFi →

The page implements a 'Your privacy options' link in the footer that, for unauthenticated users, opens the OneTrust preference center to manage consent and opt-out selections, while authenticated users are directed to their SoFi account privacy preferences in profile settings....

Why it matters: This provision documents the operational mechanism through which SoFi provides California residents and other users with the ability to opt out of sale and sharing of personal information, consistent with CCPA and CPRA requirements for accessible opt-out mechanisms....

View provision → Watch SoFi →

SoFi structures its privacy disclosures as a hub page linking to product-specific privacy policies covering distinct product lines including banking, lending, investing, insurance, and other services, rather than a single unified policy document....

Why it matters: The hub-and-spoke policy structure means that the applicable privacy terms for any given user depend on which SoFi products they use, and users of multiple products are subject to multiple overlapping policy documents with potentially different data collection, sharing, and retention terms....

View provision → Watch SoFi →

The page code checks whether a user has an active session and routes privacy preference management accordingly: unauthenticated users are directed to the OneTrust preference center, while authenticated users are directed to their SoFi account profile privacy settings....

Why it matters: This routing mechanism creates two distinct technical pathways for privacy preference management, which compliance teams should verify produce equivalent opt-out outcomes and that both pathways propagate consent signals to the same set of data sharing partners....

View provision → Watch SoFi →

The policy discloses that OpenSea collects wallet addresses and records of NFT transactions conducted on its platform, and acknowledges that blockchain transactions are publicly visible and cannot be made private through the platform's privacy controls....

Why it matters: This provision establishes that wallet addresses are treated as personal data subject to the policy's terms, while simultaneously acknowledging that on-chain activity is publicly accessible by the nature of blockchain infrastructure, which creates a practical boundary on the scope of privacy rights OpenSea can fulfill with respect to transaction data that exists on public ledgers....

View provision → Watch OpenSea →

The policy authorizes OpenSea to share user personal data including browsing activity, device identifiers, and usage data with third-party advertising partners and analytics providers for purposes including targeted advertising and platform performance measurement....

Why it matters: This provision authorizes disclosure of behavioral and device data to third parties for advertising and analytics purposes, which engages GDPR lawful basis requirements for EEA users and CCPA opt-out of sale or sharing rights for California residents....

View provision → Watch OpenSea →

The policy states that personal data may be transferred to a successor entity in connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of OpenSea's assets....

Why it matters: This provision reserves the right to transfer all collected personal data to a third party in the event of a corporate transaction, which may result in user data being governed by a different privacy policy without additional consent being obtained prior to transfer....

View provision → Watch OpenSea →

The policy provides California residents with rights under the CCPA and CPRA including the right to know, right to delete, right to correct, right to opt out of sale or sharing of personal information, and right to non-discrimination for exercising these rights....

Why it matters: This provision establishes specific procedural rights for California residents, including the right to opt out of the sharing of personal data with advertising partners, which requires OpenSea to provide a functional opt-out mechanism and to honor Global Privacy Control signals where required under California law....

View provision → Watch OpenSea →

The policy provides EEA and UK users with data subject rights under GDPR and UK GDPR including rights to access, rectification, erasure, restriction of processing, data portability, and objection to processing, and discloses the lawful bases relied upon for processing personal data....

Why it matters: This provision establishes GDPR-based rights for EEA and UK users and requires OpenSea to identify the lawful basis for each category of processing, which creates obligations around consent management, legitimate interests assessments, and response procedures for data subject requests....

View provision → Watch OpenSea →

The policy describes OpenSea's data retention practices, stating that personal data is retained for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements....

Why it matters: This provision establishes the framework under which OpenSea holds user data after account closure or inactivity, with retention periods tied to legal obligations and business purposes rather than fixed timeframes, which affects the practical scope of deletion requests....

View provision → Watch OpenSea →

The policy states that OpenSea's services are not directed to children under the age of 18 (or the applicable age of majority) and that OpenSea does not knowingly collect personal information from minors....

Why it matters: This provision establishes the age restriction applicable to the platform and the policy's scope with respect to minors, engaging COPPA obligations for users under 13 in the United States and analogous requirements under GDPR for users in the EEA....

View provision → Watch OpenSea →