Data privacy worries that circulated on TikTok, the Chinese-owned social media app nowsomewhat bannedin the US, are alsocropping uparound DeepSeek.Earlier this month, Feroot Security CEO Ivan Tsarynnytold ABCthat his firm had discovered "direct links to servers and to companies in China that are under the control of the Chinese government," which he said they "have never seen in the past."Also:ChatGPT's Deep Research identified 20 jobs it will replace. Is yours on the list?After decrypting some of DeepSeek's code, Feroot found hidden programming that can send user data, including identifying information, queries, and online activity, to China Mobile, a Chinese government-operated telecom company banned from operating in the USsince 2019 due to national security concerns.NowSecure recommendedthat organizations "forbid" the use of DeepSeek's mobile app after finding several flaws including unencrypted data (meaning anyone monitoring traffic can intercept it) and poor data storage.Last week, research firm Wizdiscoveredthat an internal DeepSeek database was publicly accessible "within minutes" of conducting a security check. The "completely open and unauthenticated" database contained chat histories, user API keys, and sensitive data.Also:Why rebooting your phone daily is your best defense against zero-click hackers"More critically, the exposure allowed for full database control and potentialprivilege escalationwithin the DeepSeek environment, without any authentication or defense mechanism to the outside world," Wiz's report explained.According toWired, which initially published the research, though Wiz did not receive a response from DeepSeek, the database appeared to be taken down within 30 minutes of Wiz notifying the company. It's unclear how long it was accessible or if any other entity discovered the database before it was taken down.Even without this alarming development, DeepSeek'sprivacy policyraises some red flags. It states: "The personal information we collect from you may be stored on a server located outside the country where you live. We store the information we collect in secure servers located in the People's Republic of China."Also:'Humanity's Last Exam' benchmark is stumping top AI models - can you do any better?The policy outlines that DeepSeek collects plenty of information, including but not limited to:IP address, unique device identifiers, and cookiesDate of birth (where applicable), username, email address and/or telephone number, and passwordYour text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and servicesProof of identity or age, feedback, or inquiries about your use of the Service [If you contact DeepSeek]The policy continues: "Where we transfer any personal information out of the country where you live, including for one or more of the purposes as set out in this Policy, we will do so in accordance with the requirements of applicable data protection laws." The policy does not mentionGDPR compliance.Also:Apple researchers reveal the secret sauce behind DeepSeek AI"Users need to be aware that any data shared with the platform could be subject to government access under China's cybersecurity laws, which mandate that companies provide access to data upon request by authorities," Adrianus Warmenhoven, a member ofNordVPN's security advisory board, told ZDNET via email.According to some observers, R1's open-source nature means increased transparency, allowing users to inspect the model's source code for signs of privacy-related activity.DeepSeek has also released smaller versions of R1, which can be downloaded and run locally to avoid any concerns about data being sent back to the company (as opposed to accessing the chatbot online).Also:ChatGPT privacy tips: Two important ways to limit the data you share with OpenAIAll chatbots, including ChatGPT, collect some degree of user data when queried via the browser.