Is Perplexity Safe? What It Does With Your Data
Is Perplexity safe? Not dangerous, but not truly private: by default your queries can help train its models. The setting to switch off and the real fix that holds.
Is Perplexity safe? It isn't a dangerous tool in itself, but it isn't a truly private one for consumer accounts (Free, Pro, Max) either. By default, your search queries and interactions can be collected, retained and used to train its AI models and improve answer quality — and this behavior is on out of the box. A setting lets you switch off that retention, but it doesn't cover everything, and whatever you type still reaches Perplexity's servers. The only guarantee is about the content: don't entrust sensitive data to it in the clear.
What Perplexity does with your data
Perplexity is a conversational search — an answer engine: you type a question or paste text, it queries an AI model and then the web to compose a reply. So everything you enter — prompts, uploaded files, generated output — passes through its servers, whether you're signed in or not. According to an analysis of its privacy policy, the data collected goes well beyond the query itself.
- Contact details: name, address, phone number.
- Account information: username, email, password.
- Payment data (for subscriptions).
- Service interactions: prompts, uploaded content, generated responses.
- Device information: type, operating system, IP address, location.
- Usage data: browser type, timestamps, click patterns.
Switching off “AI data retention”: the setting in practice
The key setting is the “AI data retention” toggle. To switch it off:
- 1Open your account settings (your profile).
- 2Go to the Preferences tab.
- 3Switch “AI data retention” to off — Perplexity then stops using your searches to train its models.
Mind the limits. The opt-out applies only to future data: anything already used for training may not be deleted. It also doesn't stop the baseline collection needed to run the service (technical tracking, logs). And it's available only to signed-in users: without an account you can't opt out of your queries being used for AI, and Perplexity still collects IP address, device info, location, and sets cookies.
Business model, Comet and the gray areas
Perplexity's business model has fueled criticism: executives have acknowledged wanting to extend data collection beyond the app — notably through the Comet browser — to better target advertising, an approach compared to that of ad-funded browsers. Comet can collect visited URLs, page content, queries, downloads, cookies and site permissions (except in Incognito mode), and in 2025 it drew several security alerts documented by researchers: prompt injection, local-data exfiltration. For specifics, the Perplexity Help Center (Data Privacy & Security) and the Comet Browser Help Center spell out the uses.
Good news for developers: the Sonar API applies a Zero Data Retention policy. Perplexity states it retains no data sent through the API and doesn't use it to train its models; only billing metrics are collected — token counts, model used, timestamps, API key identifier — with no prompt or response content.
| You assume | The reality |
|---|---|
| “Perplexity is private by default” | Your queries can feed training, on out of the box |
| “Switching the option off erases my data” | The opt-out only covers the future; the past may stay |
| “Without an account, I'm not tracked” | IP, device, location and cookies are collected anyway |
| “My consumer account = the same guarantees as Enterprise” | Enterprise and Sonar API don't train; consumer accounts do |
The fix: anonymize before sending
Since everything you type reaches Perplexity's servers and the setting covers neither the past nor the technical collection, the only guarantee is about the content: if the query contains no sensitive data in the clear, neither collection nor training exposes anything usable.
- Switch off “AI data retention”: it's good basic hygiene.
- Never enter health, legal, financial, business secrets or API keys in the search bar.
- Replace sensitive data with reversible tokens before pasting, then restore the real values in the answer.
That's exactly what ONYRI Sanitize is for: the engine replaces sensitive data with reversible tokens before sending; detection and the mapping stay in your browser, and only anonymized text reaches Perplexity. Whether the query is collected, retained or used for training, the tool only finds tokens — never your real information.
Frequently asked questions
- Is Perplexity safe with your data?
- Perplexity isn't a dangerous tool, but it isn't truly private for consumer accounts: by default, your queries can be collected, retained and used to train its models. You can switch off “AI data retention,” but whatever you type still reaches its servers — the only guarantee is not entering sensitive data in the clear.
- How do I stop Perplexity from using my searches for training?
- Open your account settings, go to the Preferences tab and switch “AI data retention” to off. Perplexity then stops using your searches to train its models, but only for future data: what was already used may not be deleted, and the baseline technical collection remains.
- How do I use Perplexity without exposing my sensitive data?
- Switch off “AI data retention” to limit retention, but above all anonymize the sensitive data before sending: an engine replaces it with a reversible token in your browser, and Perplexity never receives the real information. You then restore the original values in the answer.
Sources & references
- Detailed analysis of Perplexity's privacy policy: model training on by default, the “AI data retention” toggle in Preferences, opt-out limits, Enterprise case and the Sonar API — Cape
- Security press investigation into Perplexity's data-collection strategy and the Comet browser built to track user activity and serve ads — Malwarebytes Labs
- Official Perplexity documentation (Sonar API): Zero Data Retention policy and no use of customer data for training — Perplexity (developer docs)
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt