Last reviewed: May 16, 2026
The DeepSeek Privacy Policy explains how DeepSeek collects, uses, stores, shares, and retains personal data when people use its apps, websites, software, APIs, and related services. The most important point for users is simple: DeepSeek may collect account details, prompts, uploaded files, photos, voice inputs, feedback, chat history, device data, usage logs, approximate location, and data from third-party login or security partners. According to its current policy, DeepSeek directly collects, processes, and stores personal data in the People’s Republic of China.
Disclaimer: This article is for general information only and is not legal advice. Privacy rights, compliance duties, and risk levels can vary by country, industry, and use case.
Quick Answer: What Data Does DeepSeek Collect?
DeepSeek collects three broad types of personal data: information you provide, information collected automatically, and information received from other sources. That can include your email address or phone number, password, date of birth where applicable, prompts, text and voice inputs, uploaded files, photos, feedback, DeepSeek chat history, IP address, device identifiers, device model, operating system, app usage logs, crash reports, performance logs, approximate location from IP address, and access tokens from third-party login services such as Apple or Google. DeepSeek also says it may use personal data to provide the service, improve its products, protect safety and security, comply with legal obligations, and improve or train technologies such as machine learning models and algorithms, subject to the limits and settings described in its official documents.
Key Takeaways
- DeepSeek says it collects Personal Data You Provide, Automatically Collected Personal Data, and Personal Data from Other Sources.
- Your prompts, uploaded files, photos, feedback, and chat history may be collected as “Inputs.”
- DeepSeek says it may use personal data to improve services and to train or improve technologies, including machine learning models and algorithms.
- DeepSeek’s current policy states that it directly collects, processes, and stores personal data in the People’s Republic of China.
- DeepSeek’s Terms of Use mention an opt-out setting called “Improve the model for everyone.”
- Users should avoid entering sensitive personal data, confidential work files, trade secrets, private customer data, passwords, IDs, medical information, financial details, or regulated data.
What Is the DeepSeek Privacy Policy?
The DeepSeek Privacy Policy is the document that explains how DeepSeek processes personal data related to its services. DeepSeek says the policy applies to personal data processed in connection with DeepSeek apps, websites, software, and related services that link to or reference the policy. It also identifies Hangzhou DeepSeek Artificial Intelligence Co., Ltd. as the data controller for the services covered by the policy.
One important limitation is that DeepSeek’s policy does not automatically cover personal data collected from end users when they access downstream systems or applications built by developers using DeepSeek’s open platform services. In those cases, the developer operating the downstream application is expected to disclose its own privacy policy.
What Data Does DeepSeek Collect?
According to the current DeepSeek Privacy Policy, DeepSeek data collection is divided into three main categories: data you provide, data automatically collected when you use the service, and data received from other sources.
| Data category | Examples | How DeepSeek may use it | Privacy concern |
|---|---|---|---|
| Account personal data | Date of birth where applicable, username, email address, phone number, password | Account creation, login, support, security, policy enforcement | Account identifiers can connect your activity to a real person |
| User input | Text input, voice input, prompts, uploaded files, photos, feedback, chat history, other content provided to the model | Generate outputs, provide the service, improve services, support model or technology improvement | Prompts and files may contain sensitive personal, business, or confidential information |
| Support/contact data | Proof of identity or age, contact details, feedback, inquiries, reports of policy violations | Customer support, identity verification, policy enforcement, legal compliance | Support messages may include private context users disclose voluntarily |
| Device and network data | Device model, operating system, IP address, device identifiers, system language, device ID, user ID | Security, login continuity, diagnostics, fraud prevention, service operation | Device identifiers and IP data can help track usage across sessions or devices |
| Log and usage data | Features used, actions taken, service interaction logs | Analytics, troubleshooting, service improvement, safety monitoring | Usage logs can reveal behavior patterns and interests |
| Location data | Approximate location based on IP address | Account security, unusual-login detection, location-related answers | Location is not precise by default, but approximate location can still be sensitive |
| Cookies and similar technologies | Session cookies, preference cookies, security cookies, support cookies | Security, login/session management, preferences, support functionality | Cookies can create persistent browser-level identifiers |
| Payment data for paid open platform services | Payment order and transaction information | Order placement, payment, customer service, after-sales support | Payment metadata may reveal business or usage relationships |
| Third-party login data | Access token or related data from Apple, Google, or linked services | Login, signup, account linking | Third-party login can connect DeepSeek use with other identity providers |
| Security partner data | Fraud, abuse, or security-threat signals from trusted partners | Safety, abuse prevention, account protection | Security-related sharing may involve automated risk signals |
| Publicly available data | Public online personal data DeepSeek says it may obtain | Model training and service provision | Public information can still be personal data, depending on jurisdiction |
DeepSeek says the services are not designed or intended to process sensitive personal data, including information related to race or ethnicity, religious beliefs, health, sexuality, citizenship, immigration status, genetic or biometric data, children, precise geolocation, or criminal membership. The policy says users should not provide sensitive personal data to the services.
Does DeepSeek Collect Your Prompts, Files, Photos, and Chat History?
Yes. According to DeepSeek’s policy, when you use the service, DeepSeek may collect your text input, voice input, prompt, uploaded files, photos, feedback, chat history, or other content you provide to the model and services. DeepSeek calls these “Prompts” or “Inputs,” and says it generates “Outputs” based on them.
This matters because prompts are often more revealing than people expect. A prompt can include a private medical question, a draft contract, a client email, source code, a spreadsheet, a business plan, a school record, a personal dispute, or a document containing someone else’s personal data.
DeepSeek also says it will not extract or mine voiceprint, facial recognition information, or other unique biological patterns from voice inputs or photos provided by users. That is a useful limitation, but it does not mean voice inputs or photos are never collected or processed.
Does DeepSeek Use Your Data to Train Its AI Models?
DeepSeek’s documents indicate that Inputs, Outputs, and some personal data may be used for service improvement, technology optimization, and model-related improvement, but this should be read according to the exact conditions in the Privacy Policy, Terms of Use, and model-mechanism document. The Privacy Policy says DeepSeek may use personal data to improve and develop services and to train or improve technologies, including machine learning models and algorithms. This does not mean every chat is automatically used in the same way or for the same purpose. The Terms of Use say DeepSeek may use Inputs and Outputs, under the conditions described there, to provide, maintain, operate, develop, or improve the services or underlying technologies, and that users can opt out of the described model-improvement use by turning off “Improve the model for everyone.”
DeepSeek’s model-mechanism document says the pre-training phase primarily uses public and licensed data, while a small portion of optimization-training question-answer data may be based on user input. It also says users have the right to opt out of AI training.
The most practical answer to “does DeepSeek use prompts for training?” is: DeepSeek’s official documents allow some use of Inputs, Outputs, and personal data for service improvement, technology optimization, and model-related improvement, subject to the conditions described in its Privacy Policy and Terms. The Terms of Use specifically says users can opt out by turning off “Improve the model for everyone.”
Do not assume that disabling that setting deletes historical data, removes every operational use of your data, or prevents processing required for security, legal compliance, or service delivery. The official wording supports an opt-out from the described model-improvement use, not a blanket promise that no data will ever be processed for security, legal compliance, service delivery, retention, or account operation.
Where Is DeepSeek Data Stored?
DeepSeek’s current Privacy Policy states that personal data collected from users may be stored on servers outside the user’s country. It also says that, to provide the services, DeepSeek directly collects, processes, and stores personal data in the People’s Republic of China.
This is one of the main DeepSeek privacy concerns for users, companies, and regulators outside China. Data stored or processed across borders can raise questions about local privacy rights, cross-border transfer rules, government-access rules, contractual safeguards, and whether the destination country provides protections equivalent to the user’s home jurisdiction.
For casual users, this may be a privacy-preference issue. For businesses, regulated industries, public agencies, schools, law firms, healthcare organizations, financial institutions, and developers handling customer data, DeepSeek data stored in China may require a formal vendor-risk or legal review before use.
Who Can DeepSeek Share Your Data With?
DeepSeek says it may share personal data with service providers, corporate-group entities, and other third parties in limited scenarios. Service providers may support functions such as customer inquiries, communications, search services, analytics, support, and safety monitoring. DeepSeek also says it integrates third-party APIs to provide search services and may share input keywords to provide those services.
DeepSeek also says corporate-group entities may process personal data for functions such as storage, content delivery, security, research and development, foundation model training and optimization, analytics, customer support, and technical support.
Other sharing scenarios include corporate transactions, legal requests, public authorities, law enforcement, rights holders, emergency situations, policy enforcement, and user-authorized sharing. DeepSeek’s Terms and Privacy Policy also warn that shared conversation links can be viewed by anyone with the link and may be exposed to third parties if published on public networks.
The policy also says DeepSeek does not engage in targeted advertising, does not “sell” personal data, and does not use personal data for profiling or automated processing that produces legal or similarly significant effects.
How Long Does DeepSeek Keep Your Data?
DeepSeek does not give one universal fixed retention period for all data in its current Privacy Policy. Instead, it says it retains personal data for as long as necessary to provide services and for the purposes described in the policy, including legal obligations, contractual obligations, legitimate business interests, service improvement, safety, security, stability, and legal claims.
For service-related processing, DeepSeek says it keeps certain personal data for as long as a user has an account, including account personal data, input data, and payment personal data where applicable. It also says that if users violate terms, policies, or guidelines, DeepSeek may keep relevant personal data as necessary to process the violation.
The key DeepSeek data retention takeaway is that deleting a chat or account may reduce accessible history, but some data may still be retained where DeepSeek considers it necessary for legal, security, contractual, business, or claims-related reasons.
Can You Delete DeepSeek Data or Opt Out?
DeepSeek says users may have privacy rights depending on where they live, including rights to know whether and how their personal data is processed, access personal data, correct inaccuracies, delete personal data, receive a portable copy, and opt out of certain processing. The Privacy Policy specifically includes the right to opt out of using personal data for training models or optimizing technologies.
DeepSeek also says users can manage some personal data through settings, including managing, copying, or deleting chat history. If a user deletes their account, DeepSeek says the account cannot be reactivated and content or personal data connected with the account cannot be retrieved.
For privacy requests, DeepSeek lists privacy@deepseek.com. For users in the European Union and United Kingdom, the policy also identifies Prighter as a privacy representative and gives rep_deepseek@prighter.com as a data-subject-request contact.
To reduce model-training use, check whether your account has the “Improve the model for everyone” setting and turn it off if you do not want your Inputs and Outputs used in the way described in the Terms of Use.
DeepSeek App Privacy: Apple App Store and Google Play Labels
Apple’s App Store privacy label for DeepSeek says the developer indicated that the app’s privacy practices may include data handling described on the page, and Apple notes that this information has not been verified by Apple. Apple also says privacy practices may vary based on factors such as the features you use or your age.
According to the Apple App Store label, data linked to users may include location, contact information, user content, search history, identifiers, usage data, and diagnostics. The label lists examples such as coarse location, email address, phone number, photos or videos, customer support content, other user content, search history, user ID, device ID, product interaction, crash data, performance data, and other diagnostic data.
Google Play’s Data Safety section says data privacy and security practices may vary based on use, region, and age, and that the developer provides the information. For DeepSeek, Google Play says the app may share Device or other IDs, may collect Location, Personal info and 5 others, encrypts data in transit, and allows users to request data deletion.
App-store labels are useful summaries, but they are not a substitute for reading the official DeepSeek Privacy Policy and Terms of Use. They are also not the same as an independent privacy audit. Apple notes that the privacy information is provided by the developer and may not have been independently verified by Apple, so it should be treated as a store-label summary rather than a full privacy audit.
DeepSeek Privacy Concerns and Regulatory Scrutiny
DeepSeek privacy risks have attracted attention from several regulators and governments, especially around transparency, cross-border transfers, training data, and data stored in China.
In Italy, the Garante first requested information from DeepSeek about what personal data was collected, the sources, purposes, legal basis, whether data was stored on servers in China, and what information was used to train the AI system. Add a direct official link to the Garante request in this sentence.
Two days later, the Italian Data Protection Authority ordered an urgent limitation on processing Italian users’ data against Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, saying the companies’ response was considered unsatisfactory, and it opened an investigation.
In South Korea, the Personal Information Protection Commission said DeepSeek temporarily suspended its app service in Korea as of February 15, 2025, to improve compliance with the Personal Information Protection Act. The PIPC said its analysis found third-party data-transfer traffic and insufficient transparency in DeepSeek’s privacy policy, and it advised existing users to avoid entering personal information until the examination was complete.
The PIPC later reported that DeepSeek’s initial Korean launch had insufficient transparency, including lack of detail on destruction procedures, safeguards, and chief privacy officer information. It also said DeepSeek had transferred personal data to servers in China and the U.S. without separate consent or disclosure at launch, and that DeepSeek added opt-out features for user-entered data used in AI development and training.
In Germany, the Berlin Commissioner for Data Protection and Freedom of Information notified Apple and Google in Germany of the DeepSeek app as illegal content, citing alleged unlawful transfer of personal data to China. The commissioner said DeepSeek processed extensive personal data, including text entries, chat histories, uploaded files, location, device, and network data, and transferred collected user data to Chinese processors and servers in China.
Reuters reported in January 2026 that DeepSeek had come under scrutiny in multiple countries for security policies and privacy practices, and summarized actions or reviews involving countries including Australia, Czech Republic, France, Germany, India, Italy, the Netherlands, South Korea, Taiwan, and the United States.
This does not mean DeepSeek is banned everywhere or unsafe for every use. It means users should treat DeepSeek as a tool that requires context-specific privacy judgment, especially when using it for work, confidential projects, regulated data, or personal information.
Is DeepSeek Safe to Use?
Casual users
For casual brainstorming, translation, summaries of non-sensitive public text, learning, or general productivity, DeepSeek may be usable if you avoid entering private information. The main risk is not ordinary casual use; it is accidentally pasting sensitive or identifiable content into prompts, files, photos, or chat history. DeepSeek itself says users should not provide sensitive personal data.
Privacy-conscious users
Privacy-conscious users should be more cautious because the policy allows collection of prompts, files, photos, chat history, device data, usage logs, approximate location, and data from other sources. They should also consider the policy’s statement that personal data is directly collected, processed, and stored in China.
Businesses
Businesses should not use consumer AI chatbots for confidential work without a vendor-risk review. DeepSeek’s policy and Terms make clear that user inputs, files, and outputs can be processed to provide and improve the service, and its data-storage language raises cross-border transfer questions for many organizations.
Developers
Developers should avoid pasting proprietary source code, credentials, API keys, secrets, customer logs, unreleased product details, or regulated datasets into DeepSeek unless their organization has approved that workflow. DeepSeek’s Privacy Policy also says downstream applications built on its open platform are not covered by the same policy for end-user personal data, so developers need their own privacy disclosures for their apps.
Regulated industries
Healthcare, legal, finance, education, insurance, government, defense, and other regulated sectors should be especially cautious. DeepSeek’s Terms warn that outputs should not be treated as professional advice and should not be the basis for actions or omissions in medical, legal, financial, or other professional contexts.
How to Use DeepSeek More Privately
Use this checklist before entering anything into DeepSeek:
- Do not enter passwords, API keys, private keys, session tokens, or login codes.
- Do not upload passports, national IDs, tax documents, bank statements, contracts, medical records, or school records.
- Do not paste confidential work files, trade secrets, unreleased product plans, private customer data, or proprietary source code.
- Avoid entering names, addresses, phone numbers, emails, or identifying details unless truly necessary.
- Turn off “Improve the model for everyone” if you do not want your Inputs and Outputs used for the processing described in DeepSeek’s Terms.
- Delete individual chats or chat history when you no longer need them, while remembering that policy-based retention may still apply.
- Do not create public shared links for private conversations.
- Use a separate email address if you want to reduce account-linking risk.
- Review DeepSeek’s Privacy Policy and Terms periodically because DeepSeek says it may update its policies and services.
- For business use, consider enterprise controls, local deployment of open-source models, approved AI gateways, or a formal vendor-risk assessment.
DeepSeek Privacy Policy: Pros, Cons, and Red Flags
| Area | Pros | Cons / red flags |
|---|---|---|
| Transparency | Policy identifies categories of data collected and names the controller | The policy covers broad categories, including prompts, files, photos, and chat history |
| User rights | Lists access, deletion, correction, portability, and opt-out rights where applicable | Rights depend on location and may be subject to exceptions |
| Model training | Terms mention an opt-out setting for “Improve the model for everyone” | Users must understand and actively manage the setting |
| Storage | DeepSeek clearly discloses that data may be stored outside the user’s country | The policy says data is directly collected, processed, and stored in China |
| Sensitive data | Policy tells users not to provide sensitive personal data | Users may accidentally submit sensitive information in prompts or uploaded files |
| App-store labels | Apple and Google Play provide privacy summaries | Store labels are developer-provided summaries, not full legal or technical audits |
| Sharing | Sharing categories are described, including service providers and legal requests | Corporate-group processing and third-party service providers can expand the data-processing ecosystem |
| Regulators | Regulatory scrutiny gives users more public information to consider | Italy, South Korea, and Germany raised privacy or transfer concerns |
FAQ
What data does DeepSeek collect?
DeepSeek collects account data, prompts, text and voice inputs, uploaded files, photos, feedback, chat history, contact/support data, IP address, device identifiers, device model, operating system, usage logs, approximate location from IP address, cookies where applicable, payment data for paid open-platform services, third-party login data, security partner data, and public data.
Does DeepSeek store data in China?
Yes. DeepSeek’s current policy states that, to provide its services, it directly collects, processes, and stores personal data in the People’s Republic of China.
Does DeepSeek read my prompts?
DeepSeek processes prompts and inputs to generate outputs. Its policy says it may collect text input, voice input, prompts, uploaded files, photos, feedback, chat history, and other content provided to its model and services.
Does DeepSeek use my chats to train AI models?
DeepSeek’s Privacy Policy says it may use personal data to train and improve technologies such as machine learning models and algorithms. Its Terms say it may use Inputs and Outputs to provide, maintain, operate, develop, or improve the services or underlying technologies, subject to the conditions described there.
Can I opt out of DeepSeek model training?
DeepSeek’s Privacy Policy lists a right to opt out of using personal data for model training or technology optimization. Its Terms say users can opt out of the described processing by turning off “Improve the model for everyone.”
Can I delete my DeepSeek chat history?
DeepSeek says users can manage chat history through settings and may copy or delete chat history via settings. However, deleting visible chat history should not be treated as a guarantee that every related record is immediately removed from all systems, because the policy also describes retention for service, legal, security, and business purposes.
Can I delete my DeepSeek account?
Yes. DeepSeek says users may delete their account, but if they do, they cannot reactivate the account or retrieve content or personal data connected with that account. DeepSeek’s Terms also say certain data may still be retained as required by laws and regulations or for prior violations.
Is DeepSeek safe for business data?
DeepSeek should not be used for confidential business data unless your organization has reviewed and approved it. The policy allows collection of inputs, files, photos, and chat history, and says personal data is stored in China.
Is DeepSeek safe for personal information?
It is safer if you avoid entering personal information. DeepSeek says its services are not designed or intended to process sensitive personal data and tells users not to provide it.
What should I avoid entering into DeepSeek?
Avoid sensitive personal data, medical information, legal matters, financial records, passwords, IDs, confidential work files, trade secrets, customer data, private source code, children’s data, and anything you would not want processed, stored, or reviewed under the policy. DeepSeek’s own policy warns against providing sensitive personal data.
Does DeepSeek collect location data?
DeepSeek says it automatically collects approximate location based on IP address for security and some location-related responses. It says it will not obtain precise geolocation through other means without explicit consent.
Does DeepSeek share data with third parties?
Yes. DeepSeek says it may share personal data with service providers, corporate-group entities, parties to corporate transactions, law enforcement or public authorities where legally required or necessary, and other third parties with user consent or authorization.
Conclusion
The DeepSeek Privacy Policy is relatively clear about the big categories of data DeepSeek collects: account details, prompts, uploaded content, chat history, device data, logs, approximate location, third-party login data, and some data from security partners or public sources. The biggest privacy issues are not hidden: DeepSeek says user inputs and outputs may be used to improve services or technologies, users need to manage the “Improve the model for everyone” setting if they want to opt out of that described processing, and DeepSeek says it directly collects, processes, and stores personal data in China.
For casual, non-sensitive use, DeepSeek may be acceptable if you treat it like any online AI tool and avoid sharing private information. For business, regulated, legal, medical, financial, government, or confidential use, DeepSeek should go through a proper privacy, security, and compliance review before employees or developers paste data into it.