DeepSeek, a Chinese AI chatbot similar to OpenAI’s ChatGPT, has quickly become the most downloaded free app in the U.S. However, its rapid rise has fueled serious privacy concerns, especially as the U.S. pushes to ban TikTok over its ties to the Chinese government.
Like most apps, DeepSeek requires users to accept its privacy policy upon signing up—yet few take the time to read it. The policy, available in English, explicitly states that user data, including chat history and generated responses, is stored on servers in China.
“DeepSeek’s privacy policy makes it clear: user data is stored in China, which raises significant concerns due to local data collection laws and government access requirements,” warns Adrianus Warmenhoven, a cybersecurity expert at NordVPN.
Here’s a breakdown of what DeepSeek collects:
Data You Provide
- Profile details (name, date of birth, email, phone number, password)
- Conversations, chat history, prompts, and uploaded files
- Information from customer service interactions (ID verification, inquiries, feedback)
Automatically Collected Data
- Internet and network activity (IP address, device ID, cookies)
- Technical details (device model, OS, keystroke patterns, diagnostic data)
- Usage behavior (features accessed, time spent on the app)
- Payment information
Third-Party Data Collection
- Linked accounts (Google, Apple, etc.)
- Information from advertisers and partners, such as purchase history
Keystroke Data: A Cause for Concern?
DeepSeek collects “keystroke patterns or rhythms,” which has alarmed privacy advocates. While TikTok also collects this type of data, platforms like Instagram do not.
Though DeepSeek has not clarified how it uses this data, similar biometric identifiers can be used for tracking or security purposes. While TikTok claims this information is only used to differentiate users rather than log specific keystrokes, concerns remain over how DeepSeek might handle this data—especially given China’s strict cybersecurity laws.
What DeepSeek Does With Your Data
Like most tech companies, DeepSeek uses collected data for standard purposes:
- Personalizing content and ads
- Improving app functionality
- Notifying users of updates
However, the policy also states that DeepSeek may share data:
- With its corporate group – Meaning other entities in its parent company can access user data
- With law enforcement – Under China’s cybersecurity laws, companies must provide data to authorities upon request
- For legal and security reasons – Including instances where DeepSeek claims to act in the “public interest”
Additionally, reports indicate that DeepSeek transmits data to Chinese tech giant Baidu and infrastructure firm Volces, raising further concerns about user privacy.
Why This Matters
Most users overlook data privacy until a breach or misuse occurs. With DeepSeek’s data stored under Chinese jurisdiction, there are concerns about potential misuse, surveillance, and censorship.
- The Chinese government has the authority to demand access to stored data.
- Unlike U.S. companies, which face regulations like GDPR (in Europe) or California’s CCPA, China’s cybersecurity laws allow extensive government oversight.
- DeepSeek’s censorship policies prevent discussion of politically sensitive topics, such as the 1989 Tiananmen Square massacre.
What You Can Do to Protect Your Data
Cybersecurity experts recommend that users be proactive about protecting their data:
- Read privacy policies carefully before accepting terms.
- Use VPNs to mask location data.
- Avoid linking personal accounts (e.g., Google or Apple) to third-party apps.
- Minimize sharing sensitive information with AI chatbots.
The Bigger Picture: Is DeepSeek Worse Than Other Tech Giants?
While DeepSeek’s privacy concerns are serious, it’s worth noting that companies like Meta, Google, and OpenAI also collect vast amounts of data. The key difference is who has access to the data and how it’s regulated.
As John Scott-Railton of the University of Toronto’s Citizen Lab explains:
“People often panic over Chinese AI apps, but major Western companies also exploit user data. The real issue is the lack of universal data privacy laws.”
F. Mario Trujillo, a staff attorney for the Electronic Frontier Foundation, argues that stronger global privacy regulations are necessary:
“Users shouldn’t have to take on the burden of protecting their data. Companies—whether Google, OpenAI, TikTok, or DeepSeek—should be required to follow stricter privacy laws.”
Final Thoughts
DeepSeek’s growing popularity makes it essential for users to understand its data practices. While AI tools offer exciting possibilities, they also present new risks. The best defense is staying informed and adopting stronger personal cybersecurity habits. However, the responsibility for data protection shouldn’t rest solely on individuals—stronger data privacy laws are urgently needed to regulate all tech giants, regardless of their country of origin.
