DeepSeek R1: Major Privacy Concerns You Should Know Before Using It—With Evidence From DeepSeek’s Own Privacy Policy
If you’re thinking about using DeepSeek R1, you should take a closer look at its privacy policy and terms of use before diving in. While DeepSeek’s AI capabilities are impressive, its data collection, storage, and sharing practices raise serious concerns.
[Note that you can download their model and privately host it to use in a private manner; it should not be an issue, but it is, as a SaaS, Alarming!]
A. They Collect an Alarming Amount of User Data
DeepSeek gathers a wide range of user data, including Profile information (email, username, phone number); Text, audio, and uploaded files (everything you type or say to the AI); Keystroke patterns and rhythms; Device information and unique identifiers; User activity across multiple devices
Evidence Snap From DeepSeek’s Privacy Policy
⚠️What’s the issue?
- The collection of keystroke patterns and rhythms could be considered biometric data. It does not clarify how long this data is kept or whether it is anonymized, which is a significant privacy risk. Because, keystroke patterns and rhythms are often unique to an individual, much like fingerprints. This data can reveal personal identifiers such as typing speed, habitual errors, and rhythm patterns, all of which can potentially be used to create a biometric profile.
- Such collection may be in violation of privacy regulations (e.g., GDPR in the EU) unless properly disclosed and consented to.
- No mention of an option to opt out of data collection.
B. All User Data Is Stored in China
DeepSeek stores all collected data on servers located in China, which has strict data laws requiring companies to share user data with government authorities upon request.
Evidence From DeepSeek’s Privacy Policy
⚠️What’s the issue?
- All collected data is stored on servers in China, which means Chinese authorities could request access to user data at any time under local laws. And there is no mention of international safeguards for users in the US or EU.
- No clear compliance with GDPR or data protection laws in other regions.
- So, user data may be subject to Chinese government access requests, like the TikTok debate.
C. No Clear Data Retention Policy
DeepSeek states that data is kept “as long as necessary”, but doesn’t define what that means. This means your conversations, files, and other input could be stored indefinitely.
Evidence From DeepSeek’s Privacy Policy
⚠️What’s the issue?
- The policy states data is retained “as long as necessary,” but does not specify any fixed duration, So, no specific timeframe for how long user data is retained.
- No option to request permanent deletion of all personal data.
- If you stop using DeepSeek, your data may still be stored indefinitely.
D. Security Features Are Weak
Unlike other AI platforms that provide encryption, two-factor authentication (2FA), and privacy settings, DeepSeek lacks basic security measures.
Evidence From DeepSeek’s Privacy Policy
⚠️What’s the issue?
- No mention of encryption for stored user data.
- No clear two-factor authentication (2FA) support, which is fundamental.
- Vague security measures that don’t provide confidence in how user data is protected.
Now, if we compare head-to-head with other Gen-AI SaaS service’s privacy policy statements, we see it.
Clearly, Gemini cares and respects more, is that the reason that its output is not Cas OOL as others!? :). However, we must careful about any harm that it may cause
| Category | DeepSeek | ChatGPT (OpenAI) | Gemini (Google) |
|---|---|---|---|
| Data Collection and Usage | Collects profile data, user input (text, audio, files, chat history), and keystroke patterns. No clear retention or anonymization policy. | Collects user account data, user input, and technical logs. Users can opt out of data training. | Collects user data to enhance services while emphasizing compliance with GDPR and CCPA. |
| Data Sharing with Third Parties | Shares data with advertisers and analytics partners, including cross-platform tracking. No opt-out option. | Shares data with vendors and service providers but does not sell personal data. | Shares data with partners for service improvement and personalization but allows user control over preferences. |
| Data Storage and Compliance | Stores data on servers in China, subject to government access requests. No clear compliance with GDPR/CCPA. | Stores data on secure servers, but locations are unspecified. Faced privacy scrutiny in Italy. | Stores data across multiple global servers, adhering to international privacy laws. |
| User Rights and Controls | Limited user control. Users can delete accounts but cannot opt out of data collection. | Users can manage privacy settings and opt out of data training, though functionality may be reduced. | Provides comprehensive user controls, including data deletion and privacy settings. |
| Security Measures | Lacks encryption and two-factor authentication. Security measures are vague. | Implements encryption and security measures like strong passwords. | Employs strong encryption and security protocols, including regular audits. |
Where to Find the Privacy Policy and Terms of Use for Deepseek
Accessing Deep Seek’s privacy policy and terms of use is straightforward on the main site:
- Visit [chat.deeps eek.com](http://chat.deeps eek.com) (spacing added intentionally).
- Click on your profile icon.
- Go to Settings, then Profile.
- Select View Terms of Use and Privacy Policy.
At the time of analysis, the privacy policy was last updated on December 5, 2024, and the terms of use were last updated on January 20, 2025.
Be First to Comment