Perplexity announced SOC 2 Type II compliance for its Enterprise Pro platform, independently validating security practices and confirming the platform meets the highest data protection standards. Alongside adherence to GDPR and PCI DSS frameworks.
Enterprise Pro offers access to Security Hub, a centralised admin command centre giving organisations complete control over how Perplexity is used across teams. User management capabilities enable admins to set permissions for file uploads and downloads, shared content management for Threads, Pages and Spaces, data integrations and connectors for external sources like Google Drive, Microsoft OneDrive and SharePoint, AI model enablement decisions, and internal knowledge base access management.
The platform combines Single Sign-On with Multi-Factor Authentication and short-lived session credentials while maintaining formal agreements with all third-party model providers ensuring they cannot access or use customer data for training purposes.
Perplexity automatically deletes files attached to threads after seven days, with only files uploaded to Spaces avoiding automatic expiration. All data receives enterprise-grade encryption both at rest and in transit, with administrators able to enforce incognito mode disabling search history and receive real-time activity alerts for file uploads and downloads.
Enterprise Pro's integration with DeepSeek R1 uses only the open weights version running directly on Perplexity servers in the United States, ensuring queries stay within the Perplexity ecosystem without exposure to DeepSeek or external infrastructure. The platform runs on AWS secure cloud infrastructure with built-in physical security, network protection and industry-leading compliance certifications.
Security measures include a Vulnerability Disclosure Programme for external security researchers, short-lived authentication and just-in-time access requiring security approval for production data access, and a Bug Bounty Programme through private inviteation only.
Perplexity's SOC 2 Type II compliance addresses critical enterprise AI adoption barriers through verified security standards and comprehensive data protection frameworks. Organisations benefit from transparent third-party agreements preventing customer data usage for AI training while accessing advanced search capabilities. The platform supports regulatory compliance requirements through GDPR and PCI DSS adherence combined with detailed audit logging and real-time monitoring capabilities. Enterprise customers can deploy AI-powered research tools without compromising sensitive information security or regulatory obligations.