DeepSeek, a Chinese AI chatbot similar to OpenAI’s ChatGPT, has surged to become the most downloaded free app in the U.S. However, its rapid rise has triggered serious privacy concerns, especially as the U.S. pushes to ban TikTok due to national security risks.
Like most apps, DeepSeek requires users to accept its privacy policy before gaining access—but how many truly read it? According to Adrianus Warmenhoven, a cybersecurity expert at NordVPN, DeepSeek explicitly states that user data, including chat history and interactions, is stored on servers in China. This raises red flags about data collection, external data sourcing, and privacy risks under China’s cybersecurity laws.
What Data Does DeepSeek Collect?
DeepSeek gathers an extensive range of user information, categorized as follows:
1. Information You Provide
- Profile details (name, date of birth, email, phone number, password)
- Chat content, including text, audio, and uploaded files
- Communication data (customer support inquiries, proof of identity)
2. Automatically Collected Information
- IP address, device identifier, cookies, and network activity
- Device model, OS, keystroke patterns, system language, and diagnostics
- User activity, such as features used within the app
3. Data from External Sources
- Linked accounts like Google or Apple logins
- Advertising partners sharing purchase history and user interactions
Keystroke Monitoring: A Red Flag?
One particularly alarming aspect of DeepSeek’s privacy policy is its collection of “keystroke patterns or rhythms.” While not uncommon (TikTok also collects similar data), the practice raises concerns about biometric profiling.
TikTok has claimed this data is used to differentiate users rather than log specific key inputs. However, with DeepSeek’s data stored in China, there are broader implications. China’s cybersecurity laws require tech firms to cooperate with national intelligence efforts, fueling fears of data misuse and potential propaganda control—especially since DeepSeek blocks inquiries about sensitive topics like the 1989 Tiananmen Square massacre.
Nicky Watson, co-founder of Syrenis, warns that biometric data is uniquely vulnerable, as it cannot be changed like passwords in case of a security breach. Risks include identity theft, fraud, and unauthorized surveillance.
How DeepSeek Uses Your Data
DeepSeek’s privacy policy states that collected data is used for:
- Personalizing user experiences and advertisements
- Service updates and security improvements
- Compliance with legal obligations and “public interest” actions
- Data sharing with its corporate affiliates and law enforcement
Cybersecurity experts stress that data storage in China raises significant concerns. WIRED’s investigation found that DeepSeek transmits data to major Chinese firms, including Baidu and Volces, and may use user interactions to refine its AI models.
John Scott-Railton, a senior researcher at the Citizen Lab, warns that users should recognize they are providing valuable data to companies, often without fully understanding how it is used.
Why Should You Be Concerned?
Data privacy often takes a backseat in the excitement of new technology, but with AI models increasingly reliant on user data, risks are mounting. DeepSeek operates under Chinese cybersecurity laws, which grant the government access to stored data. This, combined with the uncertainty of how AI models are trained, makes personal data more susceptible to misuse or exploitation.
Additionally, cyberattacks are a growing threat. Just recently, DeepSeek reported “large-scale malicious attacks,” prompting temporary registration restrictions. As AI systems advance, they also become prime targets for hackers, increasing the likelihood of data breaches.
How Can You Protect Your Data?
Cybersecurity experts recommend the following:
- Scrutinize privacy policies before using new AI tools
- Use encrypted communication services for sensitive discussions
- Limit personal information shared with AI chatbots
- Enable strong authentication measures and monitor account activity
However, experts argue that responsibility shouldn’t fall solely on users. F. Mario Trujillo of the Electronic Frontier Foundation stresses the need for strong, universal data privacy laws to protect users from unnecessary data collection and misuse.
Whether it’s DeepSeek, OpenAI, Meta, or TikTok, unregulated data practices pose a global privacy risk. Without stronger laws, users remain vulnerable to corporate overreach and government surveillance.
