Do DeepSeek’s privacy practices worry you? They should. The Chinese AI chatbot, comparable to OpenAI’s ChatGPT, has quickly become the most downloaded free app in the U.S. However, its rapid rise has fueled concerns over data security—especially as the U.S. moves to ban TikTok due to its links to the Chinese government.
Like most apps, DeepSeek requires users to accept its privacy policy. But how many actually read it? Cybersecurity expert Adrianus Warmenhoven from NordVPN points out that DeepSeek’s English privacy policy explicitly states that user data, including conversations and responses, is stored on servers in China. This raises concerns about how data collection—ranging from user-provided details to third-party sources—could be exploited in a jurisdiction with different privacy laws.
What Data Does DeepSeek Collect?
User-Provided Information
- Profile details: Date of birth, username, email, phone number, password
- Conversations: Chat history, text, audio, prompts, uploaded files, and feedback
- Contact details: Identity verification, inquiries, and support requests
Automatically Collected Information
- Internet and device data: IP address, cookies, system language, and device model
- Keystroke patterns or rhythms
- Usage analytics: Features accessed, app interactions, and performance metrics
- Payment details
Third-Party Data Collection
- Linked accounts: Google, Apple, and other login providers
- Advertising partners: Data on user purchases and behaviors
Keystroke Data: Why Does It Matter?
DeepSeek’s privacy policy states that it collects “keystroke patterns or rhythms.” While this might seem minor, it’s a method of biometric identification used to differentiate users. TikTok collects similar data, while Instagram does not. However, the extent to which DeepSeek uses this data remains unclear.
Many tech companies include broad biometric data policies, but DeepSeek’s data is stored in China, where strict cybersecurity laws require tech firms to cooperate with national intelligence. This raises fears about surveillance and censorship—especially since DeepSeek restricts queries about sensitive topics like the 1989 Tiananmen Square massacre.
Cybersecurity expert Nicky Watson warns that biometric data presents unique risks, including identity theft and fraud. Unlike passwords, which can be changed, biometric identifiers are permanent, making them high-stakes targets for cybercriminals.
How DeepSeek Uses Your Data
DeepSeek uses collected data to:
- Personalize advertising and notifications
- Improve its AI models
- Comply with legal obligations, including sharing data with law enforcement
- Allow access to its “corporate group”
WIRED’s analysis found that DeepSeek transmits data to Baidu and Volces, major Chinese tech firms. This suggests that user interactions could be used for AI training, raising additional privacy concerns.
Why Should Users Be Concerned?
Most users don’t read privacy policies, making them vulnerable to hidden data collection practices. Under China’s cybersecurity laws, DeepSeek is required to provide data to the government upon request. The lack of transparency in AI training models adds to these concerns, as personal data could be exploited in unpredictable ways.
Additionally, cyberattacks are a growing risk. Just recently, DeepSeek experienced “large-scale malicious attacks,” forcing it to restrict new registrations. As AI platforms evolve, they become prime targets for hackers seeking user data or system vulnerabilities.
Can Users Protect Their Data?
John Scott-Railton of the University of Toronto’s Citizen Lab warns that users should not single out DeepSeek—most tech giants dictate how personal data is used. However, experts advise taking proactive steps:
- Read privacy policies before agreeing to them
- Limit the personal information you share
- Use VPNs and privacy-focused browsers
While users can take precautions, the real solution lies in stronger data privacy laws. As F. Mario Trujillo of the Electronic Frontier Foundation notes, personal conversations and queries should not be exploited. Comprehensive regulations should protect users—whether they’re using DeepSeek, OpenAI, or Meta.
Ultimately, safeguarding privacy should not be an individual burden. Stricter data laws would protect users from exploitative policies, regardless of whether the app is Chinese or American.
