**DeepSeek’s Privacy Policy Sparks Major Concerns Regarding User Data and Safety**
U.S.-based technology firms frequently face criticism for amassing extensive user data, yet the privacy practices of the China-based AI startup DeepSeek render even industry giants like Meta, Google, and OpenAI appear modest by comparison.
Lately, DeepSeek has attracted considerable attention within the tech sector due to its open-source AI model, which numerous experts assert competes with — or even exceeds — OpenAI’s offerings at a significantly reduced price. Though the cost-effectiveness of DeepSeek R1 is enticing, the real cost could manifest in user privacy and security threats.
An examination of DeepSeek’s privacy policy uncovers several concerning aspects that users must thoughtfully assess before utilizing the platform.
—
### **Data Collected by DeepSeek Is Regulated by Chinese Legislation**
The privacy policy of DeepSeek explicitly states: *”The personal information we collect from you may be stored on a server located outside of the country where you reside. We keep the information we gather on secure servers situated within the People’s Republic of China.”*
Furthermore, the policy indicates that user data may be disclosed to *”adhere to applicable laws, legal proceedings, or government demands.”* This situation raises considerable apprehensions, particularly in light of China’s cybersecurity regulations, which facilitate government access to data held by private firms.
The scenario mirrors the ongoing discussions related to TikTok, which has been under scrutiny for privacy, national security, and watching concerns. Similarly, DeepSeek’s practices trigger warnings about the risk of a foreign adversary accessing sensitive data belonging to U.S. users. While users are now familiar with significant data collection practices in U.S. tech companies, the regulatory climate in China adds another level of danger.
Moreover, several users have reported cases of censorship while using DeepSeek’s AI, specifically regarding topics critical of the Chinese regime or referencing events such as Tiananmen Square.
—
### **DeepSeek Gathers Vast Amounts of Data — Including Keystrokes**
DeepSeek’s data gathering methods surpass what most users might anticipate. The company collects a diverse array of information, including *”text or audio input, prompts, uploaded files, feedback, chat histories, or other content that [the user] provide[s] to our model and Services.”*
Yet, it doesn’t end there. DeepSeek also acquires device-specific data, such as *”device model, operating system, keystroke patterns or rhythms, IP address, and system language.”*
While prominent companies like Google, Meta, and OpenAI also collect considerable amounts of data, none explicitly acknowledge monitoring keystrokes in their privacy policies. This differentiation is particularly worrying, especially considering that DeepSeek transmits all gathered data to servers based in China.
—
### **Indefinite Data Retention: A Significant Concern**
DeepSeek’s privacy policy asserts that user information is kept *”for as long as necessary to deliver our Services and for the additional purposes specified in this Privacy Policy.”* Put simply, there is no definitive timeframe regarding how long your data could be stored.
For perspective, Google’s Gemini AI retains data for as long as three years, while OpenAI maintains deleted information for between 30 to 90 days, based on the service utilized. Conversely, Meta employs an indefinite data retention approach in the U.S. — a practice that has already stirred concerns among privacy advocates.
DeepSeek’s vague data retention timeline is particularly alarming, given the potential for user data to be accessed by the Chinese authorities. The absence of a specified timeframe for data deletion amplifies the risk of exposure to security compromises or misuse.
—
### **Unresolved Inquiries Regarding Security and Openness**
DeepSeek’s privacy policy leaves numerous vital questions unanswered. For example, there is no indication as to whether the company encrypts user data during storage or transmission. Additionally, the policy lacks details concerning the measures in place to avert unauthorized access to its servers.
Another striking deficiency is whether users can decline the use of their data for training DeepSeek’s AI models. While companies like Google and Meta have faced similar backlash regarding their data practices, DeepSeek’s lack of transparency is particularly disconcerting given the geopolitical ramifications of its data storage and sharing practices.
It is important to highlight that any data exchanged with DeepSeek’s chatbot might not only be accessible to the company, but also to the Chinese government. This reinforces the necessity of exercising caution when engaging with the platform.
—
### **The Conclusion**
DeepSeek’s rapid emergence as a rival to OpenAI has been marked by considerable privacy and security concerns. From its extensive data collection processes to its lack of transparency regarding data retention and security protocols, the company’s policies raise considerable issues about user protection.
While the appealing cost and capabilities of DeepSeek’s AI models may attract users, they must carefully evaluate the potential risks to their privacy and security. Mashable has contacted DeepSeek for clarification about its policies and will refresh this story as additional information becomes accessible.