DeepSeek, a Chinese AI chatbot rivaling OpenAI’s ChatGPT, has quickly become the most downloaded free app in the U.S. However, its rapid rise has raised serious privacy concerns, particularly as the U.S. pushes to ban TikTok over its Chinese ties.
Like many apps, DeepSeek requires users to accept its privacy policy upon signup—though most never read it. Cybersecurity expert Adrianus Warmenhoven from NordVPN warns that “DeepSeek’s privacy policy explicitly states that user data, including conversations and generated responses, is stored on servers in China.” Given China’s privacy laws and government oversight, this presents significant risks.
What DeepSeek Collects
DeepSeek’s privacy policy reveals the following data collection practices:
1. Information You Provide
- Profile details: name, birthdate, email, phone number, password
- Chat data: text, audio, chat history, uploaded files, and user prompts
- Support interactions: ID verification, inquiries, feedback
2. Automatically Collected Information
- Network activity: IP address, device ID, cookies
- Technical details: device model, OS, system language, keystroke patterns
- Usage data: features accessed
- Payment information
3. Information from Other Sources
- Linked accounts: Google, Apple, or other third-party logins
- Ad partners: data on purchases and interactions
Keystroke Patterns: A Hidden Risk?
DeepSeek collects “keystroke patterns or rhythms,” which could be used for biometric identification. TikTok employs similar methods, though DeepSeek has not clarified its exact purpose. Unlike keylogging, which records actual keystrokes, biometric keystroke tracking distinguishes users based on typing behavior. While many companies use this technology, storing such data on servers in China increases risks of government access.
What Does DeepSeek Do With Your Data?
DeepSeek states it collects user data to personalize experiences, provide targeted ads, and notify users of service changes. However, it also discloses that its “corporate group” can access this data and share it with law enforcement.
NordVPN’s Warmenhoven raises concerns: “DeepSeek’s privacy policy confirms that all collected user data is stored in China, raising questions about how this data could be used beyond just running the app. Many users accept terms without understanding the implications.”
A WIRED investigation found that DeepSeek shares data with Baidu and the Chinese internet firm Volces. The policy also suggests that user prompts could be used to train future AI models.
Why Should You Be Concerned?
Reading privacy terms is tedious, but ignoring them can be dangerous. Chinese cybersecurity laws mandate that companies must provide government access to data upon request. This raises concerns about how AI models are trained and how personal data might be exploited.
Potential risks include:
- Identity theft
- Financial fraud if payment details are exposed
- Government surveillance and propaganda concerns
- AI misuse for deepfake or social engineering attacks
What Can You Do to Protect Your Privacy?
John Scott-Railton from the University of Toronto’s Citizen Lab advises: “Most tech companies define how they use your private data. Users should remain vigilant and understand they are often providing free labor for these AI models.”
Cybersecurity experts recommend:
- Reviewing privacy policies before accepting terms
- Using strong passwords and enabling multi-factor authentication
- Avoiding unnecessary sharing of personal details in AI chats
The Need for Stronger Privacy Laws
F. Mario Trujillo from the Electronic Frontier Foundation argues that “intimate thoughts and questions typed into AI chatbots should be protected.” He calls for stronger privacy regulations to apply universally, whether for DeepSeek, Google, OpenAI, or TikTok.
At the end of the day, safeguarding user privacy shouldn’t be an individual responsibility alone. Governments must enforce stricter data protection laws to prevent misuse by tech giants, whether in China or the U.S.
