How to use DeepSeek both privately and securely | Kaspersky official blog

We’ve previously written about why neural networks are not the best choice for private conversations. Popular chatbots like ChatGPT, DeepSeek, and Gemini collect user data for training by default, so developers can see all our secrets: every chat you have with the chatbot is stored on company servers. This is precisely why it’s essential to understand what data each neural network collects, and how to set them up for maximum privacy.

In our previous post, we covered configuring ChatGPT’s privacy and security in abundant detail. Today, we examine the privacy settings in China’s answer to ChatGPT — DeepSeek. Curiously, unlike in ChatGPT, there aren’t that many at all.

What data DeepSeek collects

• All data from your interactions with the chatbot, images and videos included
• Details you provide in your account
• IP address and approximate location
• Information about your device: type, model, and operating system
• The browser you’re using
• Information about errors

What’s troubling is that the company doesn’t specify how long it keeps personal data, operating instead on the principle of “retain it as long as needed”. The privacy policy states that the data retention period varies depending on why the data is collected, yet no time limit is mentioned. Is this not another reason to avoid sharing sensitive information with these neural networks? After all, dataset leaks containing users’ personal data have become an everyday occurrence in the world of AI.

If you want to keep your IP address private while you work with DeepSeek, use a Kaspersky Security Cloud. Be wary of free VPN apps: threat actors frequently use them to create botnets (networks of compromised devices). Your smartphone or computer, and by extension, you yourself, could thus become unwitting accomplices in actual crimes.

Who gets your data

DeepSeek is a company under Chinese jurisdiction, so not only the developers but also Chinese law enforcement — as required by local laws — may have access to your chats. Researchers have also discovered that some of the data ends up on the servers of China Mobile — the country’s largest mobile carrier.

However, DeepSeek is hardly an outlier here: ChatGPT, Gemini, and other popular chatbots just as easily and casually share user data upon a request from law enforcement.

Disabling DeepSeek’s training on your data

The first thing to do — a now-standard step when setting up any chatbots — is to disable training on your data. Why could this pose a threat to your privacy? Sometimes, large language models (LLMs) can accidentally disclose real data from the training set to other users. This happens because neural networks don’t distinguish between confidential and non-confidential information. Whether it’s a name, an address, a password, a piece of code, or a photo of kittens — it makes little difference to the AI. Although DeepSeek’s developers claim to have taught the chatbot not to disclose personal data to other users, there’s no guarantee this will never happen. Furthermore, the risk of dataset leaks is always there.

The web-based version and the mobile app for DeepSeek have different settings, and the available options vary slightly. First of all, note that the web version only offers three interface languages: English, Chinese, and System. The System option is supposed to use the language set as the default in your browser or operating system. Unfortunately, this doesn’t always work reliably with all languages. Therefore, if you need the ability to switch DeepSeek’s interface to a different language, we recommend using the mobile app, which has no issues displaying the selected user interface language. It’s important to note that your choice of UI language doesn’t affect the language you use to communicate with DeepSeek. You can chat with the bot in any language it supports. The chatbot itself proudly claims to support more than 100 languages — from common to rare.

DeepSeek web version settings

To access the data management settings, open the left sidebar, click the three dots next to your name at the bottom, select Settings, and then navigate to the Data tab in the window that appears. We suggest you disable the option labeled Improve the model for everyone to reduce the likelihood that your chats with DeepSeek will end up in its training datasets. If you want the model to stop learning from the data you shared with it before turning off this option, you’ll need to email privacy@deepseek.com, and specify the exact data or chats.

DeepSeek mobile app settings

In the DeepSeek mobile app, you also open the left sidebar, click the three dots next to your name at the bottom, and reveal the Settings menu. In the menu, open the Data controls section and turn off Improve the model for everyone.

Managing DeepSeek chats

All your chats with DeepSeek — both in the web version and in the mobile app — are collected in the left sidebar. You can rename any chat by giving it a descriptive title, share it with anyone by creating a public link, or delete a specific chat entirely.

Sharing DeepSeek chats

The ability to share a chat might seem extremely convenient, but remember that it poses risks to your privacy. Let’s say you used DeepSeek to plan a perfect vacation, and now you want to share the itinerary with your travel companions. You could certainly create a public link in DeepSeek and send it to your friends. However, anyone who gets hold of that link can read your plan and learn, among other things, that you’ll be away from home on specific dates. Are you sure this is what you want?

If you’re using the chatbot for confidential projects (which is not advisable in the first place, as it’s better to use a locally running version of DeepSeek for this kind of data, but more on this later), sharing the chat, even with a colleague, is definitely not a good idea. In the case of ChatGPT, similar shared chats were at one point indexed by search engines — allowing anyone to find and read them.

If you absolutely must send the content of a chat to someone else, it’s easier to copy it by clicking the designated button below the message in the chat window, and then to use a conventional method like email or a messaging app to send it, rather than share it with the entire world.

If, despite our warnings, you still wish to share your conversation via a public link, this is currently only possible in the web version of DeepSeek. To create a link to a chat, click the three dots next to the chat name in the left sidebar, select Share, and then, on the main chat board, check the boxes next to the messages you want to share, or check the Select all box at the bottom. After this, click Create public link.

You can view all the chats you have shared and, if necessary, delete their public links in the web version, by going to Settings → Data → Shared links → Manage.

Deleting old DeepSeek chats

Why should you delete old DeepSeek chats? The fewer chats you have saved, the lower the risk that your confidential data could become accessible to unauthorized parties if your account is compromised, or if there’s a bug in the LLM itself. Unlike ChatGPT, DeepSeek doesn’t remember or use data from your past chats in new ones, so deleting them won’t impact your future use of the neural network.

However, you can resume a specific chat with DeepSeek at any time by selecting it in the sidebar. Therefore, before deleting a chat, consider whether you might need it again later.

To delete a specific chat: in the web version, click the three dots next to the chat in the left sidebar; in the mobile app, press and hold the chat name. In the window that appears, select Delete.

To delete your entire conversation history: in the web version, go to Settings → Data → Delete all chats → Delete all; in the application, go to Settings → Data controls → Delete all chats. Bear in mind that this only removes the chats from your account without deleting your data from DeepSeek’s servers.

If you want to save the results of your chats with DeepSeek, in the web version, first go to Settings → Data → Export data → Export. Wait for the archive to be prepared, and then download it. All data is exported in the JSON format. This feature is not available in the mobile app.

Managing your DeepSeek account

When you first access DeepSeek, you have two options: either sign up with your email and create a password, or log in with a Google account. From a security and privacy standpoint, the first option is better — especially if you create a strong, unique password for your account: you can use a tool like Kaspersky Password Manager to generate and safely store one.

You can subsequently log in with the same account in other browsers and on different devices. Your chat history will be accessible from any device linked to your account. So, if someone learns or steals your DeepSeek credentials, they’ll be able to review all your chats. Sadly, DeepSeek doesn’t yet support two-factor authentication or passkeys.

If you’ve even the slightest suspicion that your DeepSeek account credentials have been compromised, we recommend taking the following steps. Start by logging out of your account on all devices. In the web version, navigate to Settings → Profile → Log out of all devices → Log out. In the app, the path is Settings → Data controls → Log out of all devices. Next, you need to change your password, but DeepSeek doesn’t offer a direct path to do so once you’re logged in. To reset your password, go to the DeepSeek web version or mobile app, select the password login option, and click Forgot password?. DeepSeek will request your email address, send a verification code to that email, and allow you to reset the old password and create a new one.

Deploying DeepSeek locally

Privacy settings for the DeepSeek web version and mobile app are extremely limited and leave much to be desired. Fortunately, DeepSeek is an open-source language model. This means anyone can deploy the neural network locally on their computer. In this scenario, the AI won’t train on your data, and your information won’t end up on the company’s servers or with third parties. However, there’s a significant downside: when running the AI locally, you’ll be limited to the pre-trained model, and won’t be able to ask the chatbot to find up-to-date information online.

The simplest way to deploy DeepSeek locally is by using the LM Studio application. It allows you to work with models offline, and doesn’t collect any information from your chats with the AI. Download the application, click the search icon, and look for the model you need. The application will likely offer many different versions of the same model.

These versions differ in the number of parameters, denoted by the letter B. The more parameters a model has, the more mathematical computations it can perform, and the better it performs; consequently, the more resources it requires to run smoothly. For comparison, a modern laptop with 16–32GB of RAM is sufficient for lighter models (7B–13B), but for the largest version, with 70 billion parameters, you’d need to own an entire data center.

LM Studio will alert you if the model is too heavy for your device.

It’s important to understand that local AI use is not a panacea in terms of privacy and security. It doesn’t hurt to periodically check that LM Studio (or another similar application) is not connecting to external servers. For example, you can use the netstat command for that. If you’re not familiar with netstat, simply ask the chatbot to tell you about today’s news. If the chatbot is running locally as designed, the response definitely won’t include any current events.

Furthermore, you mustn’t forget about protecting the devices themselves: malware on your computer can intercept your data. Use Kaspersky Premium: it allows you to examine and block hidden connections, and will alert you to the presence of malicious software.

More on secure AI use:

• Privacy settings in ChatGPT
• How phishers and scammers use AI
• The pros and cons of AI-powered browsers
• Should you disable Microsoft Recall in 2025?
• Trojans masquerading as DeepSeek and Grok clients
• How AI can leak your private data

Kaspersky official blog – ​Read More