Perplexity Promised Privacy. Google Got Your Data.
Millions of people switched to Perplexity AI because they wanted a search experience that wasn't built on surveillance. No ads. No tracking. Just answers. That was the pitch.
Today, a class-action lawsuit filed in federal court in San Francisco says otherwise.
According to the complaint, the moment you log into Perplexity's homepage, trackers download to your device. Those trackers give Meta and Google full access to your conversations with Perplexity's AI search engine. Every question you asked. Every follow-up. Every piece of context you shared to get a better answer.
One plaintiff, a Utah man filing as John Doe, says he used Perplexity to discuss his financial and tax information. He thought he was talking to a private AI assistant. According to the lawsuit, he was also talking to Meta's ad network and Google's data infrastructure.
"Incognito" doesn't mean what you think it means
The most damning allegation isn't about the default experience. It's about what happens when users actively try to protect themselves.
Perplexity offers an Incognito mode. The name implies your conversations won't be tracked or stored. The lawsuit alleges that the same trackers operate in Incognito mode as they do everywhere else. Your data still flows to Meta. It still flows to Google. The privacy toggle is cosmetic.
If this is true, it's not a bug or an oversight. It's a design choice. Someone built Incognito mode, named it "Incognito," and deployed it while trackers continued to fire in the background. That's a privacy feature that exists to make you feel safe, not to make you safe.
This pattern isn't new. We've seen it with cookie banners that don't actually block cookies. We've seen it with "Do Not Track" headers that websites ignore. But an AI search engine that markets itself as the cleaner alternative to Google? One that's simultaneously piping your data back to Google? That's a different kind of corrosive.
The AI trust equation just got harder
Here's what bothers me about this, beyond the legal specifics.
People share things with AI search engines that they would never type into Google. Medical questions they're embarrassed to ask a doctor. Legal questions about a divorce they haven't filed yet. Financial details they're trying to organize before tax season.
The implicit promise of an AI assistant is that you're having a conversation, not performing a search in front of an audience. When people talk to Perplexity, they aren't thinking about ad targeting. They're thinking about getting help.
If the allegations hold up, Perplexity exploited that trust gap. Users believed they were in a private conversation. In reality, Meta and Google were in the room the entire time. According to the complaint, they could use that data for advertising, profiling, or resale to other third parties.
Perplexity denies it flatly. Spokesperson Jesse Dwyer told reporters the company hasn't been served with any lawsuit matching the description and "cannot verify its existence or claims." Separately, Perplexity has stated: "We do not share user data with Meta or Google." Meta pointed to its policies prohibiting advertisers from sending sensitive data. Google declined to comment.
This is the consent problem, concentrated
Strip away the legal filings and the corporate statements, and you're left with a consent problem that privacy professionals deal with every day.
When a user opens an AI search engine and types a question, they're consenting to have that question processed by the AI. They are not consenting to have trackers silently installed on their device. They are not consenting to have their conversation data transmitted to third-party advertising companies. And they are certainly not consenting to all of this happening when they've explicitly toggled on a feature called "Incognito."
California privacy law is clear on this. You have to tell people what data you're collecting, who you're sharing it with, and give them a real way to opt out. Not a fake toggle. Not an Incognito button that doesn't actually stop tracking. A real mechanism that does what it says.
This is kindergarten stuff. Don't take something without asking permission. Don't say one thing and do another. Don't call something "private" when it isn't.
AI companies aren't exempt from the rules
There's a tendency in the AI industry to treat privacy as a legacy concern. Something from the pre-AI era that doesn't quite apply to this new paradigm. You hear it in the way companies talk about training data, user interactions, and the nebulous concept of "improving our services."
But the laws don't have an AI exception. The California Consumer Privacy Act doesn't care whether the data was collected by a traditional website or an AI search engine. The California Invasion of Privacy Act doesn't care whether the wiretapping involved a phone line or a chatbot. If you're collecting personal data through deceptive means, the medium doesn't matter.
Perplexity isn't a small startup experimenting in a garage. The company raised $500 million at a $9 billion valuation in December. Amazon, Nvidia, and Jeff Bezos personally have backed it. This is a well-funded company with the resources to build privacy controls that actually work. The question is whether they chose not to.
What this means if you're using AI tools for work
If you're a business leader or a privacy professional, this lawsuit should trigger a specific question: what trackers are embedded in the AI tools your employees use every day?
Most companies have gone through the exercise of auditing their martech stack. They know which cookies fire on their website. They know which third-party scripts are present. They've built consent flows around those disclosures.
But AI tools often sit outside that audit perimeter. An employee opens Perplexity in a browser tab, asks about a competitive analysis, pastes in some internal numbers to get a summary, and doesn't think twice. If the allegations in this lawsuit are accurate, that conversation just got shared with Meta's advertising platform.
This isn't theoretical risk. This is trackers firing on page load.
The fix isn't complicated, but it requires treating AI tools with the same rigor you'd apply to any other SaaS vendor. Run a privacy assessment. Check what scripts load when the tool opens. Read the privacy policy with the same skepticism you'd bring to a data processing agreement. And if the tool offers an "Incognito" or "Private" mode, test whether it actually does what it claims.
The people who get this right will win
Perplexity's problem, if the allegations are true, isn't really about trackers or lawsuits. It's about the gap between what they promised and what they built. Privacy was supposed to be their competitive advantage. If they were monetizing user data through the same channels as everyone else, they had no advantage at all. Just better marketing.
The AI companies that will earn long-term trust are the ones where the privacy controls aren't cosmetic. Where Incognito actually means incognito. Where the business model doesn't depend on quietly feeding user data to advertising networks.
We're still early. The AI industry is going to face a wave of privacy litigation. Regulators, plaintiffs' attorneys, and users are all catching up to what's actually happening behind the interface. The companies that build privacy into the architecture (not as a marketing claim, but as an engineering decision) will be the ones still standing when the dust settles.
The ones who treat privacy as a branding exercise will end up in court. Some of them already have.