TL;DR: DeepSeek, the Chinese AI that made global headlines when it matched GPT-4 performance at a fraction of the cost, collects your messages, IP address, device fingerprint, and keystroke patterns — and stores all of it on servers in the People's Republic of China. Under China's National Intelligence Law (2017), any Chinese company is legally required to cooperate with state intelligence operations upon request, without needing to notify users or obtain a court order. Italy blocked DeepSeek immediately. Australia, South Korea, and U.S. federal agencies followed. Most users are still using it freely, having no idea what they agreed to.
You asked DeepSeek how to fix your code. You described a confidential work project in detail. You asked it about your health symptoms. You asked it questions you wouldn't say out loud in a meeting.
Now ask yourself one thing: where did all of that go?
DeepSeek launched at the start of 2026 and immediately became one of the most downloaded AI apps in history. The model genuinely impressed the AI research community — achieving benchmark results competitive with GPT-4 while being developed at a fraction of the reported cost. The open-source release of its weights accelerated adoption further. By February 2026, DeepSeek had tens of millions of active users worldwide.
What most of those users did not read — because almost nobody reads privacy policies — is where their data goes, and what legal framework governs its use once it gets there.
What DeepSeek Actually Collects
DeepSeek's privacy policy is publicly available, and it is specific. The categories of data collected from users of the app and web interface include the following:
None of this is unique to DeepSeek. Every major AI assistant — ChatGPT, Gemini, Claude, Copilot — collects similar categories of data. The collection itself is not the controversy. The controversy is where the data is stored and what legal framework applies to it once it gets there.
The National Intelligence Law: Why This Is Different
The comparison that users most often make is this: "Google and Meta collect my data too. Why is DeepSeek any different?"
It is a fair starting point, and the answer requires understanding one specific piece of Chinese legislation: the National Intelligence Law, enacted in 2017.
Article 7 of the law states that "any organization or citizen shall support, assist, and cooperate with state intelligence work in accordance with the law." Article 14 grants intelligence agencies the power to request cooperation from organizations and individuals in ways that are not limited to formal investigations or disclosed to the subjects of that data.
In practical terms, this means that DeepSeek — or any Chinese company holding data — can be required to hand over user data to Chinese state intelligence agencies without a court order, without notifying the users affected, and without any of the procedural safeguards that exist in the United States under laws like FISA or in the European Union under GDPR-governed disclosure requirements.
The critical distinction: Google selling your behavioral data to advertisers is annoying and commercially motivated. A government accessing your private conversations, professional queries, health questions, and strategic thinking is a fundamentally different category of risk — and it operates outside any legal framework that gives you recourse or notification. The business model is surveillance-adjacent whether or not DeepSeek or the Chinese government ever acts on that access.
This does not mean that Chinese intelligence agencies are actively reading your DeepSeek conversations. It means that they can, legally, without your knowledge, and without any mechanism for you to find out after the fact. That legal exposure exists by design — it is not a loophole or an interpretation. It is what Article 7 says, plainly.
Four Countries That Already Responded
Several governments assessed this risk and acted on it quickly. The responses varied in scope and rationale, but the common thread was the same: data stored in China under the National Intelligence Law represents an unacceptable exposure for government systems and, in some cases, for the general public.
It is worth noting what these responses did not do: they did not prevent ordinary citizens in any of these countries from downloading and using DeepSeek freely. The restrictions applied to government systems and formal investigations. The consumer-facing app remains available in most app stores globally.
The Strategic Genius of Making It Free
Understanding why DeepSeek's data exposure is more concerning than TikTok's — which itself generated years of congressional hearings and partial bans — requires thinking about the nature of the data being collected.
TikTok collects behavioral data: what videos you watch, how long you watch them, what you scroll past, what you like. That data reveals preferences and psychological profiles. It is valuable for influence operations and targeted advertising.
DeepSeek collects intent data: what you are actively thinking about, planning, researching, building, and worried about. When you ask an AI assistant something, you are not passively consuming content — you are explicitly articulating your thoughts, problems, and goals. The difference in signal density is enormous.
A researcher asking DeepSeek to help analyze a competitive intelligence report reveals more in a single prompt than months of passive browsing behavior could infer. An executive describing a strategic initiative to get drafting help hands over the substance of confidential planning. A developer asking about a specific codebase architecture exposes technical details that would otherwise require significant effort to extract.
The free tier is not charity. The open-source release was not altruism. The most effective data collection tool is the one that people adopt voluntarily, enthusiastically, and recommend to their colleagues. DeepSeek did not need to hack anyone. Hundreds of millions of users handed over the information themselves, one prompt at a time.
The $6 Million Training Cost Claim
DeepSeek's widely reported training cost of approximately $6 million was presented as proof of efficiency and frugality. Many AI researchers have since questioned this figure, noting that it excluded pre-training compute, research costs, and the use of Nvidia H800 chips accumulated before U.S. export controls tightened. The actual cost of developing DeepSeek to its current capability level is almost certainly higher — and the discrepancy raises questions about what other costs or motivations were not disclosed in the initial announcement.
How to Use DeepSeek Responsibly
This is not an argument to delete DeepSeek. It is a technically capable model and, for many tasks, a genuinely useful one. The argument is for using it with the same intentionality you would apply to any tool that operates under a foreign government's legal authority.
The practical framework is simple: ask yourself whether you would be comfortable if a specific prompt were printed and handed to a foreign government. If the answer is no, that prompt belongs somewhere else.
DeepSeek is appropriate for:
- Generic coding questions with no proprietary context
- General knowledge lookups and publicly available information
- Creative writing exercises with no sensitive content
- Language translation of non-confidential material
- Learning concepts and exploring topics that carry no professional or personal sensitivity
DeepSeek is not appropriate for:
- Work projects involving confidential business information
- Medical questions or personal health data
- Legal matters, financial planning, or personal documents
- Government, defense, or research work
- Any conversation where the content would have value if extracted by a third party
The model doesn't change. The legal exposure doesn't change. What changes is whether the data you generate through it is worth the exposure it creates.
TechVernia Verdict
DeepSeek is a genuinely impressive model that emerged from a genuinely impressive engineering effort. The privacy concerns are also genuine, specific, and legally grounded — not speculative.
The National Intelligence Law is not a hypothetical threat. It is an enacted statute with specific language requiring Chinese companies to cooperate with state intelligence operations on demand. DeepSeek's data collection is extensive. The combination of both facts creates a risk profile that is categorically different from the data practices of U.S.-based AI companies operating under U.S. law.
The right response is not panic. It is intentionality. Understand what you are using, understand the exposure it creates, and make decisions accordingly. The model is worth using for the right tasks. The fine print is worth five minutes of your time before you decide what those tasks are.
Frequently Asked Questions
No — DeepSeek is not banned for general civilian use in the United States as of May 2026. The restrictions that have been implemented apply to specific federal agency devices and systems, not to private individuals. Several state legislatures and the U.S. Congress have introduced bills that would expand restrictions, but none have been enacted into law at the federal consumer level. Using DeepSeek as a private individual is legal; using it on a government device or with sensitive government information is a different matter.
There is no confirmed public evidence that DeepSeek has actively transmitted user data to Chinese state intelligence agencies. The concern is structural rather than proven: the National Intelligence Law creates a legal obligation for DeepSeek to cooperate with state intelligence requests, and that cooperation would occur without user notification or public disclosure. The risk is the legal exposure itself, not a documented incident. The absence of confirmed incidents does not mean the exposure does not exist — it means it has not been publicly documented.
Both operate under the same legal framework — the Chinese National Intelligence Law — and both store user data on servers subject to Chinese jurisdiction. The difference is in the nature of the data. TikTok collects passive behavioral data: viewing patterns, engagement metrics, demographic inferences. DeepSeek collects active intent data: the explicit content of your thoughts, questions, plans, and research. Intent data is considerably more valuable for intelligence purposes because it requires no inference — users state their interests and concerns directly. The risk category is the same; the data density is significantly higher with DeepSeek.
Yes. DeepSeek released the weights of its R1 and V3 models under a permissive open-source license, which means you can run the model locally on your own hardware without sending any data to DeepSeek's servers. Tools like Ollama, LM Studio, and Jan make local deployment accessible without deep technical expertise. Running the model locally eliminates the server-side data collection entirely. The tradeoff is computational: running a capable DeepSeek model locally requires a reasonably powerful GPU. For users with that hardware available, local deployment is a practical way to access the model's capabilities without the data exposure the cloud product creates.
DeepSeek's R1 model achieved benchmark scores competitive with GPT-4 and Claude Sonnet while reportedly being trained at a fraction of the cost — approximately $6 million versus the hundreds of millions typically associated with frontier model training. This caused significant disruption in financial markets, particularly for Nvidia, whose stock dropped sharply on the implication that the compute demands for frontier AI might be lower than assumed. The open-source release of the model weights accelerated adoption further. The debate about whether the $6 million figure accurately reflects total development costs has continued, with several researchers questioning what was and was not included in that number.
Conclusion
DeepSeek changed the AI landscape when it launched. The model is real, the capabilities are real, and the open-source release created genuine value for the research community and developers worldwide.
The privacy exposure is also real. The data collection is extensive. The servers are in China. The National Intelligence Law gives Chinese authorities access to that data on request, without your knowledge, without a court order, and without the procedural protections that govern data disclosure in most democratic countries.
The choice of whether to use DeepSeek is yours to make. The information to make that choice well is available if you read the privacy policy — and if you understand what the National Intelligence Law actually says. Most users have done neither. This article is an attempt to close that gap.
The model is impressive. The fine print is worth five minutes of your time.
Related Articles:
