DeepSeek, a Chinese AI chatbot similar to OpenAI’s ChatGPT, has rapidly become the most downloaded free app in the U.S. However, its meteoric rise has sparked significant privacy concerns—especially as the U.S. moves to ban TikTok due to its ties to the Chinese government.
Like most apps, DeepSeek requires users to accept its privacy policy upon sign-up. But few people read the fine print. According to cybersecurity expert Adrianus Warmenhoven from NordVPN, DeepSeek’s privacy policy explicitly states that user data—including conversations and generated responses—is stored on servers in China. This raises concerns about data collection, security risks, and compliance with Chinese government regulations.
What Data Does DeepSeek Collect?
DeepSeek gathers data from various sources:
1. Information You Provide
- Personal details: Username, date of birth, email, phone number, and password
- Chat history: Text, audio, prompts, feedback, uploaded files
- Support inquiries: Proof of identity or age verification when requested
2. Automatically Collected Information
- Network activity: IP address, cookies, device identifiers
- Technical details: Device model, OS, keystroke patterns, diagnostic data
- Usage data: Features accessed, interactions within the app
- Payment information
3. Information from Other Sources
- Linked accounts: If you sign up using Google or Apple
- Advertising partners: Details about purchases made through affiliated services
Why Does DeepSeek Collect Keystroke Data?
One concerning detail in DeepSeek’s privacy policy is its collection of “keystroke patterns or rhythms.” While this practice is not unique—TikTok does the same—there is little transparency about how DeepSeek uses this data.
Keystroke tracking can serve as biometric identification, distinguishing one user from another. While companies claim this is different from keylogging (which tracks exact keystrokes), it raises red flags regarding security, identity theft, and potential misuse. More concerning is the fact that DeepSeek stores all collected data on servers located in China, where tech companies are legally required to comply with national intelligence efforts.
How Is Your Data Used?
DeepSeek uses the collected data for:
- Personalization and targeted advertising
- Improving AI performance
- Notifying users about service updates
- Compliance with legal obligations
- Sharing data with its corporate group and law enforcement
Experts caution that data stored in China is subject to government access, raising fears about surveillance, misinformation, and potential misuse. Investigations by WIRED also found that DeepSeek transmits data to Chinese firms Baidu and Volces, suggesting broader data-sharing practices.
Why Should Users Be Concerned?
Most users underestimate the risks of sharing personal information with AI chatbots. DeepSeek’s compliance with China’s cybersecurity laws means that the Chinese government could access user data at any time. Additionally, the lack of transparency surrounding AI model training means user conversations could be exploited for unknown purposes.
Even beyond DeepSeek, data breaches are a growing threat. Just recently, DeepSeek suffered a “large-scale malicious attack,” prompting temporary restrictions on new user registrations. As AI platforms become more advanced, they also become prime targets for cybercriminals.
What Can You Do to Protect Your Data?
Cybersecurity experts advise users to:
- Read privacy policies carefully before using any AI platform
- Limit the personal data you share in conversations with chatbots
- Use strong passwords and two-factor authentication
- Be cautious when linking accounts like Google or Apple
However, protecting privacy shouldn’t be an individual responsibility. According to the Electronic Frontier Foundation’s F. Mario Trujillo, strong data privacy laws should apply to all AI platforms, whether Chinese-owned like DeepSeek or U.S.-based like OpenAI.
With increasing concerns over AI privacy, governments must act to enforce stricter data protection measures—before it’s too late.