Spell-check for privacy
Blog
AI data leakage 10 min read

DeepSeek at work: the question isn't the model, it's where your data lands

DeepSeek's model is impressive and openly licensed. But the app most people use sends every prompt to servers in China, under a legal regime with no EU adequacy. The privacy question is not how good the AI is - it's where your data sleeps, and who can ask for it.

DeepSeek
Summarise these notes into a short update for my manager.
Sure, paste the details and I will turn them into a concise summary.
AI-generated, for reference only.

The example above is interactive. Click a highlighted value to see your action options.

Quick answer

DeepSeek's privacy risk is mostly about jurisdiction, not capability. The hosted DeepSeek app and API store prompts, uploads, and account data on servers in China, where data can be reached under Chinese law and where there is no EU adequacy decision - which is why Italy's regulator blocked it and Germany referred it to Apple and Google. The model itself is open-weight and can be self-hosted, where no data leaves your environment. The fix is choosing where DeepSeek runs, not avoiding the model.

01

The hosted DeepSeek app stores prompts and data on servers in China, per its own privacy policy

02

Italy's Garante imposed an immediate processing ban in January 2025; Germany referred the app to Apple and Google in June 2025

03

There is no EU adequacy decision for China, making the transfer hard to square with GDPR Articles 44-49

04

DeepSeek's weights are openly licensed - self-hosting keeps data in your jurisdiction

05

A January 2025 exposure left a DeepSeek database with chat history and API keys publicly readable

A consultant tries DeepSeek because a colleague said it was as good as the expensive tools and free. She pastes in a client's situation - names, the contract value, a bank account, the dispute - and asks for a strategy summary. The answer is genuinely good.

What she does not see is where her prompt just went. According to DeepSeek's own privacy policy, the text she typed, the file she uploaded, and the chat history are collected, processed, and stored on servers in the People's Republic of China - a jurisdiction with no EU adequacy decision, under laws that can compel a company to hand data to the state.

The model performed beautifully. That was never the question. The question is where her client's data now sleeps, and who can ask to see it.

Is DeepSeek safe for business data?

For the hosted app and API, no - and the reason has little to do with how capable the model is. DeepSeek's privacy policy states plainly that it stores personal data in China. For an EU organisation, that is an international transfer to a country without an adequacy decision, with no Standard Contractual Clauses cited to make it lawful. That is precisely why Italy's regulator blocked it within days and Germany later referred the app to Apple and Google.

But there is an important fork in the road. DeepSeek publishes its model weights under a permissive licence. Run those weights on your own infrastructure, or on an EU provider that hosts them, and no prompt ever travels to China. The privacy problem is not the model - it is the hosted service. The decision that matters is where DeepSeek runs.

How DeepSeek handles your data

Hosted app / APISelf-hosted open weights
Where prompts goServers in ChinaYour own / EU infrastructure
EU adequacy decisionNoneNot applicable - data stays put
Data processing agreementNot offered for consumersYou control it
Used to improve the modelYes (default)No, unless you choose
Suitable for regulated dataNoYes, with proper controls

The hosted DeepSeek app (mobile and web) and the cloud API send everything to China: your text input, uploaded files, photos, chat history, plus device and network data. The policy also allows sharing data with authorities "to comply with applicable law, legal process or government requests." Deleting a chat from your account does not guarantee deletion on the servers.

The open weights are a different product entirely. Licensed for commercial use and self-hosting, they let an organisation run DeepSeek's model where the data already lives. This is the route that turns DeepSeek from a compliance problem into a normal vendor choice - though running the largest models needs serious hardware, so most teams would use a managed EU or US host of the weights.

The biggest privacy risks in DeepSeek

1. Prompts stored in a non-adequate jurisdiction

The core issue. Everything typed into the hosted app lands in China, outside the GDPR transfer framework. For client, patient, or employee data, that is an exposure no setting in the app removes.

2. Government-access risk

Chinese law can compel companies to assist state intelligence. DeepSeek's policy already commits to sharing data on "government requests." For sensitive commercial or personal data, that is a structural risk, not a hypothetical.

South Korea's data protection authority found in April 2025 that DeepSeek had transferred users' data - including prompt content - to Volcano Engine, a ByteDance affiliate, without consent or disclosure. It ordered prompt data deleted. That is a regulator-confirmed finding, not speculation.

4. The open-database exposure

In January 2025, security firm Wiz found a publicly accessible, unauthenticated DeepSeek database exposing over a million log lines, including plaintext chat history and API keys. DeepSeek secured it quickly after disclosure, but it showed the operational immaturity behind a fast-growing service.

5. The "it's just a chatbot" framing

Because DeepSeek looks and behaves like any other assistant, employees treat it like one - pasting the same sensitive context they might (still unwisely) paste into a governed tool. The interface hides the jurisdiction.

Each of these is about where the data goes, not how the model answers.

What is actually at stake: consequences

Under GDPR, sending an EU individual's personal data to China without a valid transfer mechanism is itself a breach of the rules on international transfers (Articles 44-49), before anything is ever misused. The organisation pasting the data is the controller making that transfer - so the exposure is the employer's, not only DeepSeek's.

Fines reach EUR 20 million or 4% of global annual turnover, whichever is higher. And regulators have shown they will act fast: Italy's ban took effect within two days of its concerns. Beyond the regulator, telling a client that their confidential details were stored on servers in China is a conversation few businesses want to have.

Verified incidents

January 2025 - Wiz exposes an open DeepSeek database

Wiz Research found an unauthenticated, internet-exposed ClickHouse database belonging to DeepSeek, leaking over a million log lines including chat history and secret keys. DeepSeek secured it within roughly 30 minutes of being notified. Source: Wiz Research, January 2025.

January 2025 - Italy's Garante imposes an immediate ban

Italy's data protection authority ordered an immediate, definitive limitation on the processing of Italian users' data, after finding DeepSeek's policy stored data in China contrary to GDPR security obligations. DeepSeek was removed from Italian app stores. Source: Garante / Euronews, January 2025.

April 2025 - South Korea finds unauthorised transfers

The PIPC found DeepSeek had transferred Korean users' data abroad without consent, including prompt content to a ByteDance affiliate, and ordered remediation. Source: PIPC / Korea Times, April 2025.

June 2025 - Germany refers DeepSeek to Apple and Google

Berlin's data protection authority formally reported the DeepSeek apps to Apple and Google as unlawful content under the Digital Services Act, citing unlawful data transfer to China and breach of GDPR transfer safeguards. Source: Berlin DPA / TechCrunch, June 2025.

The pattern is not a single flaw. It is a service whose default is to move your data somewhere EU law cannot follow it.

Settings that help

For the hosted app, the honest answer is that settings cannot solve a jurisdiction problem. The meaningful choices are architectural.

1. Don't put sensitive or personal data into the hosted app or API Treat the public DeepSeek service as a place where data does not belong if it identifies a person or your business.

2. Self-host the open weights, or use an EU/US host Run DeepSeek's openly licensed model where your data already lives, so prompts never travel. This keeps the capability and removes the transfer.

3. Opt out of model improvement and delete data In the app, disable "Improve the model for everyone," delete chats, and email DeepSeek's privacy contact to request removal of data already used - while remembering deletion is not guaranteed server-side.

4. Block the hosted app where policy requires it Many organisations and governments have simply blocked the hosted DeepSeek app on managed devices while allowing self-hosted use.

Verified against DeepSeek's policy and reporting current to early 2026; the policy has been revised over time, so re-check the live version.

What settings do not solve

No toggle changes the country your data is stored in. No "delete chat" guarantees the copy on the server is gone. And no setting decides what an employee types into the box.

The two risks stack: the hosted app sends data to a jurisdiction you cannot control, and a person decides how much personal data to hand it. Even a perfectly self-hosted deployment - which fixes the first risk entirely - still receives whatever the user pastes. Data minimisation does not become optional just because the server moved closer.

That is the gap between choosing where DeepSeek runs and what a person is about to put into it.

How BeeSensible helps before you send

BeeSensible checks personal data in browser text fields - including the DeepSeek prompt - as you type. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. When sensitive content appears in a prompt, BeeSensible marks it inline so the user can see exactly what they are about to share - and delete it, replace it with a placeholder, or mask it before sending.

DeepSeek
Summarise these notes into a short update for my manager.
Sure, paste the details and I will turn them into a concise summary.
AI-generated, for reference only.
Hover or tap a highlighted value to replace, mask, or delete it - before the draft reaches anyone.

Message content is not stored. The user makes every decision.

For DeepSeek, this matters most because the destination is the hardest part to control. If an employee is going to use the hosted app despite policy, BeeSensible catches the client name beside an account number before it leaves for servers you cannot reach. It does not choose your deployment - self-hosting or an EU host is the structural fix - but it keeps the person aware of what is about to cross a border, while there is still time to stop it.

DeepSeek proves a point that applies to every AI tool: the model is rarely the risk. Where the data lands, and what a person decides to put in, is the whole story. Choose where it runs, and stay sharp about what you type.

FAQ

Common questions

Is DeepSeek safe to use for business data?

The hosted DeepSeek app and API are not appropriate for business or personal data of EU individuals: prompts and uploads are stored on servers in China, where there is no EU adequacy decision and data can be reached under Chinese law. Several regulators have acted against it. The open-weight model run on your own or an EU provider's infrastructure is a different matter, because no data leaves that environment.

Does DeepSeek send my data to China?

For the hosted app and API, yes - DeepSeek's own privacy policy states it collects, processes, and stores personal data in the People's Republic of China, including the text you type, uploaded files, and chat history. South Korea's regulator also found DeepSeek had transferred users' data to a ByteDance affiliate without consent. Self-hosting the open-weight model avoids this entirely.

Why did countries ban DeepSeek?

Italy's Garante imposed an immediate limitation on processing Italian users' data in January 2025, citing storage in China contrary to GDPR. Germany's Berlin authority referred the app to Apple and Google in June 2025 as unlawful content over illegal data transfers. Australia, Taiwan, South Korea, and several US agencies restricted it on government devices. The common thread is data residency and transfer, not model quality.

Is DeepSeek open source - and does that make it private?

DeepSeek's model weights are released under a permissive (MIT) licence, so you can self-host them. When self-hosted, prompts never leave your environment, which removes the China-transfer problem. Note that 'open weights' is not the same as fully open source, and running the largest models needs significant hardware - most organisations would use an EU or US provider hosting the weights rather than run them in-house.

Can an EU business legally use the DeepSeek app?

Putting EU individuals' personal data into the hosted DeepSeek app is a transfer to China, which has no EU adequacy decision, and DeepSeek's policy cites no Standard Contractual Clauses - making it very hard to justify under GDPR Articles 44-49. A business doing this is itself the controller making an unlawful transfer. The compliant routes are not using the hosted app for personal data, or using a self-hosted or EU-hosted deployment of the weights.

What should employees avoid putting into DeepSeek?

In the hosted app, treat everything as if it will be stored in China indefinitely: no client names, account numbers, health details, contracts, credentials, or internal documents. Deleting chats from your account does not guarantee server-side deletion. If the work genuinely needs DeepSeek's model, route it through a self-hosted or EU-hosted deployment instead of the public app.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.