Perplexity vs ChatGPT: Privacy and Legal Compliance Compared

Artificial intelligence (AI) tools are now prevalent in legal workflows. When law firms adopt AI tools, legal professionals must ensure that the AI system safeguards sensitive client information. An evaluation of the privacy measures implemented by Perplexity and ChatGPT will help determine which of the two best meets the privacy and security requirements of lawyers.

This guide compares the privacy policies of Perplexity and ChatGPT, focusing on how each platform handles user data protection, compliance with data protection regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and their privacy practices for safeguarding legally privileged information.

Key Takeaways

• Perplexity’s Free and Pro and ChatGPT’s Free and Plus plans store user data for analytics and lack strong enterprise-level confidentiality protections, making them unsuitable for handling privileged legal data.
• ChatGPT and Perplexity Enterprise/API versions offer encryption, no data training, and compliance with system and organization Controls 2 (SOC 2) and GDPR, for stronger privacy and data protection than either’s Free and Plus versions.
• For legal professionals, opt for a legal-specific tool such as Spellbook for the strongest confidentiality and privacy safeguards.

Perplexity vs ChatGPT Privacy: At a Glance

Both Perplexity and ChatGPT handle user data differently. Below is a brief comparison of their privacy features and compliance practices:

‍

‍

How Each AI Handles Your Data Inputs

Both platforms collect user inputs to improve their systems. Here’s how Perplexity and ChatGPT process and store user data.

Perplexity AI

Perplexity stores queries for analytics and may aggregate data to improve service performance. 

Regarding Perplexity’s privacy features and the confidentiality of data used for enterprise purposes, Perplexity Enterprise Pro and the Sonar API explicitly offer a Zero Data Retention (ZDR) Policy and state that enterprise data will never be used to train AI models. Both the Enterprise Pro subscription and the Sonar API provide confidential safeguards, including ZDR, SOC 2, DPA, and configurable file retention settings.

ChatGPT (OpenAI)

ChatGPT’s Free and Plus versions store user inputs to improve model performance, unless the user disables the Chat History & Training’ feature. This feature allows users to control how data is used through user permissions. However, these versions may still collect data for performance enhancement, not training, purposes, which may violate privacy.

Note: When chat history is disabled, the system retains new conversations for 30 days. It reviews them only when necessary to monitor for abuse, and then permanently deletes them.

However, recent legal challenges (such as the NYT lawsuit) have temporarily required OpenAI to retain some consumer and standard API data indefinitely, even after a user deletes it, for legal compliance purposes. This uncertainty further undermines the security of Free/Plus plans.

The Enterprise and API versions of ChatGPT offer stronger privacy protections compared to the Free and Plus models. ChatGPT Enterprise employs encryption in transit and at rest and secure data storage protocols, ensuring that user interactions remain private and anonymized.

Legal Risk: How Safe is Your Privileged Information?

Entering sensitive client data into a public AI tool could jeopardize the attorney-client privilege if the data is not properly secured.

Risk Profile of Perplexity AI

Free/Pro versions are high risk. Queries are processed and stored for service improvement and analytics, exposing users to risks of data breaches and unauthorized access. These tiers lack the necessary compliance and contractual guarantees for privileged data. Data is encrypted in transit, and users must opt out of model training. A lack of privacy safeguards means that Perplexity is not suitable for handling privileged legal data.

Enterprise Pro/API versions are low risk. They are designed for highly sensitive, confidential, and proprietary data with a strong legal and technical framework for confidentiality and configurable data retention policies. Perplexity Enterprise Pro or Sonar API versions provide contractual confidentiality terms and security guarantees required to handle privileged client information securely.

Risk Profile of ChatGPT

ChatGPT’s privacy features depend on the plan. The Free and Plus versions of ChatGPT store user data, which could be shared internally for model improvement, potentially exposing privileged information. Avoid ChatGPT Free/Plus/Pro for privileged legal data due to default data processing and retention for abuse monitoring, and the lack of comprehensive enterprise compliance and contractual terms.

ChatGPT Enterprise offers stronger security protections and privacy safeguards than both Perplexity and ChatGPT’s Free and Plus versions. Its Enterprise plan offers comparable enterprise-grade safeguards (SOC 2, ZDT, DPA) to Perplexity Enterprise Pro. 

Security Architecture: Consumer vs Enterprise AI

Before engaging with any AI tool, review its transparency regarding user data use and ensure compliance with privacy policies. Perplexity and ChatGPT offer different levels of security architecture depending on the version used.

Perplexity

Perplexity Free/Pro individual versions use the standard Hypertext Transfer Protocol Secure (HTTPS) encryption. However, they lack SOC 2 compliance, ISO 27001 certifications, and enterprise-grade security protocols. Without granular administrative controls or data-retention compliance measures, the Perplexity Free/Pro versions are not designed for environments that require audited data handling.

The Enterprise plans offer security features the individual plans lack, including data protection, configurable file retention, compliance certifications, and administrative controls, making it suitable for confidential and privileged data.

ChatGPT

ChatGPT Enterprise implements encryption in transit and at rest and complies with SOC 2 Type II, GDPR, and other data protection laws, processing personal data securely without violating privacy laws. Free and Plus versions lack enterprise-grade protections, and users share infrastructure with public traffic, posing a risk to confidentiality.

Integration With Secure Ecosystems

Integration with a secure ecosystem can significantly enhance data protection.

ChatGPT in Microsoft 365 vs Standalone OpenAI Use

Microsoft 365 Copilot runs on Azure OpenAI, offering a tenant-bound data environment with enterprise authentication and no external model training. This ecosystem integration provides additional security for user data, storing minimal personal data to prevent unauthorized access or data breaches.

Learn more: Copilot vs ChatGPT privacy.

Perplexity’s Lack of Ecosystem-Level Integration

Perplexity’s Free versions operate as standalone tools that do not integrate with secure enterprise ecosystems. Organizations using them cannot enforce audit compliance or data retention policies, making them less suitable for handling privileged legal data.

Perplexity Enterprise plan offers Connectors that enable secure, continuous syncing with enterprise file storage. Perplexity Enterprise Pro offers dedicated Audit Logs (tracking login attempts, data modifications, and config changes) and configurable data retention policies. The presence of SOC 2 Type II certification, ZDT guarantees, Audit Logs, and configurable retention makes the Enterprise tier more suitable for handling privileged data.

Comparing Version Tiers and Privacy Features

ChatGPT Enterprise and Perplexity Enterprise Pro both offer the strongest privacy and security features on the market, making them equally suitable for handling highly sensitive and privileged legal data. The Free and Plus versions of both platforms lack these enterprise-grade safeguards.

‍

‍

Alternative: Why Spellbook is Built for Lawyers

For legal professionals handling privileged information, Spellbook is a privacy-first AI platform that meets the stringent requirements of the legal industry. With no data training and SOC 2-compliant hosting, Spellbook handles sensitive data with strict confidentiality and in accordance with established privacy guidelines.

• Zero Data Retention and complete control over document data
• Seamless integration with Microsoft Word for enhanced security and workflow management
• Spellbook is trained on legal datasets and offers features such as contract review, redlining, and clause libraries to streamline legal workflows.

Legal professionals leverage AI directly within their existing, secure workflow without uploading or copying documents to an external website. For lawyers, Spellbook provides a secure solution that meets data protection laws for trust and legal compliance. 

Try Spellbook today.

Frequently Asked Questions

Does Perplexity AI and ChatGPT Store My Prompts?

Yes, but data handling depends on the plan. All Free/Pro/Plus tiers store prompts for various durations (analytics, abuse monitoring). Both ChatGPT Enterprise/API and Perplexity Enterprise Pro/API provide a Zero Data Training (ZDT) guarantee, meaning enterprise inputs are contractually exempt from model training. All free tiers should be treated as non-private.

Can I Prevent OpenAI from Using My Data for Training?

Yes, via controls or plan upgrade. In Free/Plus/Pro, you must actively disable the 'Chat History & Training' setting. However, the most secure way is to use the Enterprise/API versions, where ZDT is guaranteed by default and governed by legal agreements. Note that disabling history in Free/Plus still results in 30-day data retention for abuse monitoring.

Does Perplexity Offer an Enterprise Version with Data Protection?

Perplexity Enterprise Pro offers Zero Data Retention (ZDR) and is SOC 2 Type II Certified, providing comprehensive legal data agreements and a secure environment. It is suitable for confidential legal work and offers enterprise-grade protections that are comparable to ChatGPT Enterprise.