DeepSeek is an open source Chinese AI rivaling OpenAI. Free to use on web and mobile, DeepSeek is quickly gaining popularity in the American market, including in corporate circles.
We’ve all been praising the benefits of AI, from improving processes and driving innovation to analyzing data and creating predictive models. But in order for AI systems to operate at high efficiency, they must access, collect, and analyze large amounts of personal data, raising privacy concerns, among other significant risks.
“Freemium models”, in which digital services are offered for free, often raise concerns about the sale of private data and user privacy. This is because companies offering free online services often rely on collecting and monetizing user data to offset the cost of providing the free service and generate revenue.
Companies using the freemium model often collect vast amounts of user data, including browsing history, location data, preferences, and even personal information. This data is then used to target advertising, personalize services, and sold to third-party companies for marketing purposes.
Users may not be fully aware of the extent of data collection and how it's used, and may have limited control over their data, with little ability to opt out of data collection or restrict the sharing of their information.
So, what could DeepSeek really be seeking from its users, particularly influential American enterprises?
Being based in China, DeepSeek is held to different regulatory standards than US-based AI companies. Therefore, it’s important to consider that the app may pose additional threats to data privacy and cybersecurity for US users.
We’re no strangers to the recent contention surrounding the Chinese-owned app TikTok in the US. Some argue that DeepSeek could be even more threatening when it comes to handing US users’ data.
A quick look at DeepSeek’s privacy policy reveals a number of concerns when it comes to using their latest AI model.
User data stored outside of the U.S. - DeepSeek’s Privacy Policy states “We store the information we collect in secure servers located in the People's Republic of China.”
Vague terms - Unsurprisingly, the privacy policy leaves room for speculation. For example, DeepSeek states: “We retain information for as long as necessary to provide our Services and for the other purposes set out in this Privacy Policy.” It’s unclear for what purposes this might be “necessary”. “Other purposes” is also a gray area–this includes sharing information with DeepSeek’s partners, who have not been made public.
Beyond immediate risks to your own personal privacy, there are a number of factors to consider when it comes to using an app like DeepSeek.
Professional use - Just like any LLM, if you use DeepSeek for work related purposes, your inputs will help the model gather information about your job. If you use an AI model with murky security practices, you could be putting your company at risk.
Geopolitical concerns - While we can’t know exactly how DeepSeek’s role in the US consumer market will evolve, it’s wise to proceed with caution–don’t become reliant on a platform that could put yourself, your company’s data, or any intellectual property at risk. If we’ve learned anything from TikTok’s tumultuous fate, a platform like DeepSeek could become inaccessible due to geopolitical conflict. Or worse, it could harm employee and customer livelihoods.
Data Breaches & Hacking - Using a “freemium” app like DeepSeek puts you at a higher risk for cyber hacking, espionage, or sabotage. Data breaches put both employees and customers at risk, tanking business.
Companies will continue to face new and shifting threats to data privacy. Former cyber security disasters provide a cautionary tale for why the stakes are so high, and what you need to look out for.
Poor security measures also create irreversible disasters for customers. Take the notorious 2017 Equifax data breach as an example, in which hackers gained access to over 147 million Americans’ personal information, including social security numbers, birth dates, and credit card information. Vulnerability of the credit bureau’s database was in large due to poor cybersecurity maintenance. What’s more Equifax failed to recognize the breach until months later–a reminder that losing sight of security best-practices can lead to disaster (source: UpGuard).
Large corporations are not the only target of data breaches and other cyber security risks. As of January 2025, just under 50% of cybersecurity attacks were on small or medium-sized businesses (SMBs). Amongst those attacked, only 76% reported feeling prepared to handle the issue (source: Astra).
“Freemium” apps can provide value to many businesses by saving time, streamlining workflows, and expanding possibilities with daily operations. At the same time, potential risks beg the question of whether using apps like DeepSeek is worth the convenience.
AI usage, in general, needs to be approached with care and caution.
When it comes to data privacy, never include sensitive details like passwords, proprietary or confidential information, or finances in your inputs. When deciding on which LLM to use, always review a platform’s privacy policy and consider broader factors that might influence its security.
Both paid and free AI tools are becoming integral to daily operations for many businesses around the world. This won’t change, so it’s crucial to develop an AI strategy for your business that supports growth and minimizes risk.
Incorporating AI into your business development strategy creates a foundation for company-wide responsible AI usage. A responsible approach to AI strategy involves evaluating and optimizing your tech stack, educating your employees on how to navigate the evolving landscape of AI, and remaining up-to-date with changes as they come.
InboundAV helps businesses of all sizes manage and protect their data. Schedule a call with one of our experts should you have any concerns about your company’s data security.