· Yvette Schmitter · Technology · 8 min read
What Just Happened
2025 Week 5, The Week That DeepSeek Happened
The Cliff Notes
DeepSeek took the world by storm and achieved breakthrough results with significantly fewer (but not exactly frugal) resources. They made it open source and free. An interesting plot twist in the global AI race while major tech companies invested billions in advanced chips, DeepSeek achieved breakthrough results without that.
The Plot Thickens
Yes, the AI model is at least on par with (and some would argue even more advanced than) OpenAI’s ChatGPT or Anthropic’s Claude. But there’s a serious catch. DeepSeek is sending user data to China which is unequivocally expressed clearly in the English-language DeepSeek privacy policy. “We store the information we collect in secure servers located in the People’s Republic of China.”
All information that you share with DeepSeek (“user input”) is stored. This is a broad category and will likely cover your chats with DeepSeek via its app or website. “We may collect your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and Services,” the privacy policy states. However, within DeepSeek’s settings, it is “possible” to delete your chat history. Here’s the rub, while you delete your chat history – they still collected the data, sitting in China, on Chinese servers not subject to US laws.
As outlined in the policy this is stored:
- Your DeepSeek prompt and chat history
- Any files you upload - any files
- Your email address
- Your date of birth
- Your phone number
- Your device info
- Your IP address
- Any communications you have with DeepSeek
- And the one that is potentially most concerning, keystroke patterns
So, why is keystroke pattern concerning? What does that mean, keystroke patterns? DeepSeek captures your keystroke patterns so if I’m trying to mimic you, I have to mimic how you type on a computer. That’s a significant RED FLAG privacy concern. Why do they need that and what is it going to be used for? Let’s use a relatable and real-world example. DeepSeek captures the things that you type and typed before you even hit SUBMIT. It’s captured. How many times have you started writing your prompt in the prompt window, revised it and even sometimes just deleted the whole thing to start from scratch? In this example, if you start typing in the prompt window a question but deleted and never hit submit, it’s still captured by DeepSeek. And this is keystroke capture.
The Ripple Effect
There are a lot of inherent problems with how DeepSeek will use your data, but most concerning is even before you hit submit its stored on a server, in China, so subject to Chinese law not US law, collecting way more information you think and probably more than even that. And China has some remarkable legal requirements under its cybersecurity and privacy laws, including laws that demand tech companies cooperate with national intelligence efforts. The difference between DeepSeek vs Claude or ChatGPT is this - DeepSeek is a black hole for your data and privacy. Absent of international ethical use laws and frameworks, it’s figuratively and literally the wild west. Companies can, will, and are doing whatever is in their best interests. DeepSeek is subject to government access under China’s cybersecurity laws, which mandate that companies provide access whenever the Chinese government demands it. We don’t know how many AI models are trained or how they operate, and that’s concerning, too, especially if your data could be misused or maliciously exploited. And for sure you don’t want your identity stolen or your bank account information in the wrong hands. Right?
On January 28, 2025, DeepSeek faced “large-scale malicious attacks”, which forced the company to temporarily limit new registrations. Wiz Research discovered an exposed ClickHouse database belonging to DeepSeek. The database, accessible without authentication, contained over a million log entries including chat histories, API keys, and sensitive backend data. More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world.
Your Next Move
First, remember, not just with DeepSeek but with any similar platform, when you use their services you’re doing work for them, under the guise of them helping you. REMEMBER, they are not working for you and your use of their platform is rigged to work for them and them alone. Second, safeguarding your data not just from DeepSeek but as well as all platforms is uber critical. Don’t be sheep and blindly provide your personal or other data wherever you go grazing from one platform to another giving them your personal life details and data. Be proactive when it comes to your digital footprint and cybersecurity. Which means, before clicking ACCEPT, actually read (with scrutiny) all terms and conditions of any platform you engage with so you clearly understand where your data is stored, how it’s being used, and who has access to it.
Downloading the app and not reading these terms of service and just starting to use it is a very significant risk. You don’t reach number one on the AppStore by being run locally; you reach number one on the App Store by people who don’t understand what running locally means!
Here’s a very serious scenario to consider: due to DeepSeek’s ownership of output aspect being so ambiguous, what would happen if DeepSeek asserts ownership over a startup idea that came out of a DeepSeek output? It’s not clear how or where this could even be litigated, but the point here is that this could be a possibility and therefore concerning with such broad terms of service.
We don’t mean to be alarmist or assigning malice or blame or kudos, but companies are of course self-serving. Knowing that makes DeepSeek’s terms of service exceptionally concerning because it’s very, very invasive.
See below for a comparison of terms and conditions between DeepSeek and OpenAI At Fusion Collective we have a lot of problems with OpenAI’s terms and conditions, so this is by no means an endorsement. This our way to show you the level of crazy with DeepSeek vs something we already have issues with. Truthfully, there’s only so much the end user can do because without strong data privacy laws that apply to ALL companies. The onus to keeping your data safe and protecting your privacy falls squarely on you. All the risk is yours if things go sideways. So, manage your data and privacy like you own it – because you do.
| Terms and Conditions Theme | DeepSeek | OpenAI |
|---|---|---|
Data Privacy | Retains broad rights to review user inputs and user outputs to monitor compliance, including maintaining databases of “illegal content features Even after account deletion it reserves the right to retain data. It provides very little clarity on how it identifies you when using data. | Allows users to opt out of having their content used to trade models. It clearly describes what it’s doing with inputs and outputs to improve services. It does not monitor or maintain compliance databases, and it retains user ownership of inputs and outputs very clearly so if you put something in, you own it and that’s not clear with DeepSeek’s policy. |
Ownership and Licensing | Grants a revocable non-exclusive license for users to use the service and retains most rights on the platform requiring explicit content consent for any other use. It vaguely defines user rights over outputs with potential restrictions on how the outputs the models can be used or shared. What are your legal rights to that answer? | Provides very clear and user-friendly ownership terms. It allows users to own the inputs and assigned ownership of the outputs, two users transparent about the potential non-uniqueness outputs because of course models recognize patterns. |
Jurisdiction | Applies Chinese law, and requires disputes to be resolved in China, and this definitely creates barriers to Americans who wish to have concerns addressed in the courts. | Applies California law and allows for dispute resolution through arbitration which DeepSeek does not and it’s a very transparent process for appeals. |
Monitoring and Security | Implements monitoring mechanisms, including reviewing user activity, keystrokes, establishing “risk filtering mechanisms” which are not clearly defined. | Their goal appears to keep the service safe and functional (as written in their terms of services) and encourages users to flag inappropriate behavior (i.e., the thumbs up and thumbs down sign) and explains the limitations of AI generated content and accuracy risks. |
Account Termination | Explicitly states that certain data will be retained or may be retained after account termination. Includes severe penalties for violations, including permanent bands, data retention for legal purposes, and cooperation with Chinese authorities. | Reserves the right to terminate accounts for policy violations, but it also provides an appeals process, and it deletes inactive accounts with advance notice. |
Transparency and User Control | Significant control over the platform’s outputs, user data with limited mechanisms for user feedback and control, outlines what data can be used for, and offers 30-day’s notice for any price increases. There doesn’t appear to be any ability to opt out of data training. Which appears to be very invasive even by Silicon Valley standards. | Ability to opt out of data training. |
