DeepSeek, a Chinese AI chatbot similar to OpenAI’s ChatGPT, has skyrocketed to the top of app store charts in the U.S. However, its rise comes with significant privacy concerns—especially as the U.S. moves to ban TikTok over data security fears linked to the Chinese government.
Like most apps, DeepSeek requires users to agree to its privacy policy before accessing its services. Yet, few actually read the fine print. According to cybersecurity expert Adrianus Warmenhoven of NordVPN, DeepSeek’s privacy policy explicitly states that user data—including conversations and generated responses—is stored on servers in China. This raises red flags, as Chinese cybersecurity laws could grant the government access to this information.
What Data Does DeepSeek Collect?
DeepSeek gathers data through three primary categories:
1. Information You Provide:
- Personal details: Date of birth, username, email, phone number, password
- User-generated content: Chat history, text, audio, uploaded files, feedback
- Contact information: Proof of identity or age, support inquiries
2. Automatically Collected Information:
- Internet activity: IP address, device identifier, cookies
- Technical data: Device model, operating system, keystroke patterns, system language
- Usage tracking: Features accessed, interaction patterns
- Payment details: Data related to transactions
3. Information from Other Sources:
- Linked accounts: Data from Google, Apple, or other third-party sign-ins
- Advertising partners: Purchase history and behavioral tracking
What Are “Keystroke Patterns or Rhythms”?
DeepSeek’s privacy policy mentions collecting “keystroke patterns or rhythms,” a form of biometric identification. This is similar to TikTok’s data collection practices but absent from platforms like Instagram. While TikTok insists this tracking identifies users based on typing cadence rather than specific keystrokes, concerns persist.
Nicky Watson, co-founder of Syrenis, warns that biometric data collection carries significant risks, including identity theft and impersonation. Unlike passwords, biometric data cannot be reset if compromised. DeepSeek’s data is stored on Chinese servers, meaning it falls under the jurisdiction of the country’s cybersecurity laws, which require companies to cooperate with national intelligence efforts.
How Does DeepSeek Use Your Data?
DeepSeek states that it utilizes user data for:
- Personalized advertising and service improvements
- Legal compliance and public interest tasks
- Data sharing with its corporate affiliates and law enforcement agencies
WIRED’s analysis found that DeepSeek transmits data to Chinese firms like Baidu and Volces. Additionally, its policy suggests that user prompts may be used to develop new AI models, raising further privacy concerns.
Why Should You Care About Data Privacy?
Ignoring privacy policies can be risky. DeepSeek, like other AI platforms, operates in a legal landscape where Chinese government access to user data is a real possibility. With AI models rapidly evolving, users have little visibility into how their data is used—or misused.
Additionally, cyberattacks are an ever-present threat. If DeepSeek’s servers are breached, sensitive user data—including personal details and financial transactions—could fall into the wrong hands. Just recently, DeepSeek faced “large-scale malicious attacks,” forcing temporary restrictions on new sign-ups.
How Can You Protect Your Data?
According to cybersecurity experts, users should take a proactive approach to digital privacy:
- Read privacy policies before using new apps.
- Limit personal data sharing—avoid linking accounts when possible.
- Use strong security measures, such as VPNs and unique passwords.
However, personal vigilance alone isn’t enough. As F. Mario Trujillo of the Electronic Frontier Foundation argues, governments must enact stronger data protection laws to safeguard users from exploitative data collection—whether by Chinese apps like DeepSeek or American tech giants like Meta and OpenAI.
Final Thoughts
The rise of AI chatbots like DeepSeek presents both opportunities and risks. While AI enhances user experiences, the cost of convenience may be personal data security. Users must weigh these risks carefully before entrusting AI platforms with their information.
