Do DeepSeek’s Privacy Policies Put Your Data at Risk?
DeepSeek, a Chinese AI chatbot akin to OpenAI’s ChatGPT, has quickly become the most downloaded free app in the U.S. However, its rapid rise has sparked serious privacy concerns, especially as the U.S. moves to ban TikTok over its ties to the Chinese government.
Like most apps, DeepSeek requires users to agree to its privacy policy upon signing up—but how many actually read it? According to Adrianus Warmenhoven, a cybersecurity expert at NordVPN, DeepSeek’s policy, available in English, clearly states that user data, including conversations and generated responses, is stored on servers in China. This raises alarms about the nature of data collection and its security under Chinese law, which mandates tech firms to cooperate with national intelligence efforts.
What Data Does DeepSeek Collect?
User-Provided Information
- Profile details: Name, birth date, email, phone number, and password
- Chat records: Text, audio, prompts, feedback, and uploaded files
- Customer interactions: Proof of identity, age verification, inquiries, and feedback
Automatically Collected Information
- Device and network activity: IP address, cookies, device model, operating system, and keystroke patterns
- Usage data: Features accessed and interactions within the app
- Payment information: Financial data related to transactions
Information from External Sources
- Third-party logins (Google, Apple)
- Advertising and partner data, including purchase history
Keystroke Patterns: A Red Flag?
DeepSeek’s privacy policy mentions collecting “keystroke patterns or rhythms,” a practice also used by TikTok but not Instagram. While the company has yet to clarify its intent, cybersecurity experts warn that such data can be used for biometric identification, raising concerns about security risks, identity theft, and surveillance. Unlike passwords, biometric data cannot be easily changed once compromised.
How Is Your Data Used?
DeepSeek’s policy outlines that collected data is used for:
- Personalization and targeted advertising
- Service improvements and feature development
- Compliance with legal obligations and public interest tasks
- Data sharing within its corporate group and law enforcement agencies
An investigation by WIRED found that DeepSeek shares user data with Chinese tech giant Baidu and the internet infrastructure firm Volces. Moreover, prompts users enter may be used to develop new AI models, increasing concerns about how personal data is leveraged beyond standard app functions.
Why Should Users Be Concerned?
Many overlook privacy policies due to their complexity. However, DeepSeek operates under China’s cybersecurity laws, which grant the government access to user data upon request. Given the lack of transparency in AI model training, personal data could be exploited in ways users never anticipated.
Additionally, DeepSeek recently experienced large-scale cyberattacks, temporarily halting new registrations. Experts warn that as AI platforms grow, they become prime targets for hackers seeking to exploit sensitive user data.
How to Protect Your Data
John Scott-Railton, a senior researcher at Citizen Lab, advises users to remain cautious. “Most companies dictate how they use your private data, and when you engage with them, you’re working for them—not the other way around.”
To safeguard personal information, cybersecurity experts recommend:
✅ Carefully reviewing app privacy policies
✅ Avoiding linking third-party accounts unnecessarily
✅ Using a VPN and enhanced security settings
A Call for Stronger Privacy Laws
While individual caution is necessary, experts argue that real protection requires legislative action. F. Mario Trujillo of the Electronic Frontier Foundation emphasizes that “intimate thoughts and queries entered into a chatbot should be protected, not exploited.”
As debates over AI-driven data collection intensify, stronger global privacy regulations are crucial—whether for DeepSeek in China, or major players like Meta and OpenAI in the U.S.
