Is DeepSeek safe for work?
High risk · 59DeepSeek (Hangzhou DeepSeek Artificial Intelligence) · AI assistants · facts (medium-confidence)
DeepSeek is high-risk for default at-work use (59/100): it trains on your data unless you opt out.
59
High risk
Watch out: The hosted DeepSeek app and API store user prompts and personal data on servers in the People's Republic of China (subject to Chinese law) and use inputs to train models by default. This is a major governance risk that has led to government bans and restrictions in Italy, South Korea, Australia, and multiple US federal agencies.
Data and compliance facts
- Trains on consumer-tier data
- Opt-out
- Trains on business-tier data
- Unverified
- Training opt-out available
- Yes
- SOC 2 Type II
- Unverified
- ISO 27001
- Unverified
- ISO 42001 (AI management)
- Unverified
- GDPR Data Processing Addendum
- No
- HIPAA BAA
- No
- EU data residency
- No
- SSO / SAML
- Unverified
- Data retention
- No fixed period stated; personal data is retained 'for as long as necessary to provide our Services,' e.g. for as long as the user maintains an account, per the privacy policy.
Why it scores 59 out of 100
- +14Trains on your data unless you opt out. Training is on by default on the consumer tier; you must find and toggle the opt-out.
- +12No SOC 2 Type II. No independent SOC 2 Type II attestation found.
- +6No ISO 27001. No ISO/IEC 27001 information-security certification found.
- +12No GDPR DPA. No standard Data Processing Addendum offered, a problem for any team with EU/UK users.
- +6No EU data residency. Data cannot be guaranteed to stay in the EU.
- +4No SSO/SAML. No enterprise single sign-on, so account access is harder to govern.
- +5No HIPAA BAA. No Business Associate Agreement, so do not use it with protected health information.