Key Takeaways
- There are two distinct surfaces: the hosted DeepSeek app/API (which stores data in China) and the open-weight models (which run locally and send nothing).
- The data-flow problem belongs to the hosted service, not the open weights. Self-hosting removes it.
- DeepSeek's privacy policy (updated 2026-02-10) confirms data storage in the People's Republic of China and direct collection from users.
- Italy's Garante blocked the app in January 2025; data protection authorities in France, Ireland, Germany, Belgium, and Portugal opened investigations.
- Self-hosting the open weights produces no cross-border data flow β verifiable by monitoring outbound network traffic.
- A separate, honest caveat: some security researchers flag model-weight-level issues (jailbreak susceptibility, output narrative alignment). These exist regardless of where you run the model.
- The right frame is privacy engineering: control the data path. The model is a tool; the service is the data risk.
Two Surfaces: The Hosted Service vs the Open Weights
DeepSeek exists as two separable things: a hosted service (app, web, API) operated from China, and a set of open-weight models you can download and run anywhere. Almost every "DeepSeek privacy" debate collapses these two, which is why the answers get muddled. Keep them apart and the picture is clear.
The hosted service is where the data concern lives. When you type into the DeepSeek app or call its API, your input travels to DeepSeek's servers, and the company's privacy policy states that data is stored in the People's Republic of China. That is a cross-border data flow with real regulatory consequences in the EU.
The open weights are a different object entirely. The DeepSeek-R1 distills are files you download from a model registry and run with Ollama or LM Studio on your own hardware. They contain no networking code and no telemetry β running them sends nothing to DeepSeek. The privacy question for the weights is not "where does my data go" (nowhere) but a separate one about the model's behavior, covered below.
π In One Sentence
DeepSeek is two separable things: a China-operated hosted service that stores your data, and downloadable open-weight models that run locally and transmit nothing.
π¬ In Plain Terms
Using the DeepSeek app is like mailing your question to a company in China. Running the open weights locally is like buying a calculator they made β it works on your desk and phones no one.
Why Are the Hosted App and API a Real Privacy Issue?
The hosted DeepSeek service stores user data in China and collects it directly, which European regulators have treated as a serious cross-border data-protection concern. This is documented in DeepSeek's own privacy policy and reflected in concrete regulatory action β it is not speculation.
The facts, stated neutrally:
- DeepSeek's privacy policy (updated 2026-02-10) confirms that data is stored in the People's Republic of China and that the company collects information directly from users of the app, web interface, and API.
- Italy's data protection authority, the Garante, blocked the DeepSeek app in January 2025 over data-protection concerns.
- Data protection authorities in France (CNIL), Ireland (DPC), Germany, Belgium, and Portugal opened investigations into the hosted service.
- Under GDPR, transferring EU personal data to China requires a valid transfer mechanism and adequate safeguards; regulators questioned whether these were in place.
How Does Self-Hosting Change the Data Picture?
When you self-host a DeepSeek open-weight model, there is no DeepSeek server in the loop, so there is no cross-border data flow to China β your prompts and outputs never leave your machine. This is the single change that resolves the data-protection problem: you have removed the service that stored data abroad.
You do not have to take this on trust. Because the models contain no telemetry, you can verify the absence of egress directly: run the model with your network monitored and confirm there are no outbound connections during inference. A simple firewall rule or a packet capture during a session is enough to demonstrate it.
For the practical, fully offline setup β including how to verify "truly offline" with traffic monitoring β see Run DeepSeek Offline 2026: Self-Hosted Setup. For choosing which distill to run, see Best Local Reasoning Model 2026.
π In One Sentence
Self-hosting DeepSeek open weights removes the China-based service from the data path, so no prompt or output leaves your machine β verifiable by monitoring network traffic.
The Honest Caveat: Model-Weight Concerns
Self-hosting solves the data-flow problem but not every concern: some security researchers flag model-weight-level issues β jailbreak susceptibility and output narrative alignment β that exist regardless of where the model runs. It is important to state this plainly and present both sides rather than imply that local equals risk-free.
The concern, stated fairly: researchers have reported that DeepSeek models can be relatively susceptible to jailbreaks, and that on certain politically sensitive topics the outputs reflect a particular narrative alignment. These are properties of the weights themselves, so running locally does not change them.
The counterpoint, stated just as fairly: every open model carries some jailbreak surface, and narrative alignment exists in models from every country of origin, shaped by training data and tuning choices. For math, logic, coding, and most business reasoning β the tasks people actually self-host R1 distills for β these concerns are largely orthogonal to the work.
The practical takeaway is to separate the two questions. "Does my data leak?" is answered (no, when self-hosted and verified). "Do I trust this model's outputs on sensitive topics?" is a model-selection question you should answer on its merits, the same way you would for any model. For a focused look at the compliance question, see Is DeepSeek GDPR Safe?.
What Is the GDPR / EU Angle?
Under GDPR, the hosted DeepSeek service raises a cross-border transfer problem; a self-hosted deployment on EU infrastructure largely sidesteps it because no personal data is transferred outside your control. China's Data Security Law (DSL) and Personal Information Protection Law (PIPL) govern the hosted service's side; GDPR governs yours.
The mechanism matters. GDPR restricts transfers of EU personal data to third countries without adequate safeguards. Sending prompts to a China-hosted API is such a transfer; running the open weights on a server you control in the EU is not a transfer at all β the data never leaves your processing environment.
This is why "use the open weights, not the hosted API" is the standard privacy-engineering answer for EU teams. It converts a hard cross-border-transfer compliance question into an ordinary on-premises data-handling one you already know how to satisfy.
The Zero-Data-Leaving Setup
A privacy-clean DeepSeek deployment is three decisions: pick an open-weight distill, run it on hardware you control, and verify no egress. None of it touches the hosted service.
- 1Choose an open-weight distill
Why it matters: Pick the DeepSeek-R1 distill that fits your GPU (14B on 16 GB, 32B on 24 GB) from the ranked guide β these are local files with no telemetry. - 2Run on hardware you control
Why it matters: Use Ollama or LM Studio on your own machine or an EU server, so all inference happens inside your processing environment. - 3Verify no egress
Why it matters: Monitor outbound traffic during a session, or block network access entirely, to prove no prompt or output leaves the machine. - 4Document the data path
Why it matters: For compliance, a one-page record showing local-only processing turns the privacy claim into something auditable.
Who Should Self-Host DeepSeek and Who Should Avoid It?
Self-host when you want DeepSeek's reasoning without the hosted service's data path; avoid DeepSeek entirely only if model-weight concerns outweigh its strengths for your specific work.
Self-host, or avoid?
Use a local LLM if:
- β’EU teams needing GDPR-clean reasoning β self-host the open weights on infrastructure you control
- β’Privacy-sensitive math, logic, coding, and business analysis β self-host; the data never leaves
- β’Anyone wanting DeepSeek's reasoning quality without sending data abroad β self-host and verify no egress
Use a cloud model if:
- β’Work on politically sensitive topics where output alignment is a dealbreaker β evaluate the model on merits or pick another
- β’Environments that forbid the hosted app outright β use only the local open weights, never the API
- β’Teams that cannot run local inference β consider a different model rather than the China-hosted API
Quick decision:
- βIf unsure, self-host a distill and monitor traffic for one session β proof beats trust.
- βNever route EU personal data to the hosted DeepSeek API without a valid transfer mechanism.
Frequently Asked Questions
Does running DeepSeek locally stop data going to China?
Yes. The open-weight models contain no telemetry and run entirely on your machine, so no prompt or output is sent to DeepSeek's servers in China or anywhere else. You can verify this by monitoring outbound network traffic during a session.
Where does the hosted DeepSeek app store my data?
In the People's Republic of China. DeepSeek's privacy policy (updated 2026-02-10) confirms data storage in China and direct collection from users of the app, web interface, and API.
Why did Italy block DeepSeek?
Italy's data protection authority, the Garante, blocked the DeepSeek app in January 2025 over data-protection concerns about how user data was collected and where it was stored.
Which EU regulators are investigating DeepSeek?
Authorities in France (CNIL), Ireland (DPC), Germany, Belgium, and Portugal opened investigations into the hosted service. The investigations concern the hosted app and API, not the open weights run locally.
Is using the open weights GDPR-compliant?
Running the open weights on infrastructure you control does not transfer personal data to a third country, which removes the main GDPR obstacle that affects the hosted API. Confirm your specific obligations with a data protection professional; see also our Is DeepSeek GDPR Safe bite.
Are there risks to the open weights beyond data flow?
Some researchers flag model-weight-level concerns β jailbreak susceptibility and output narrative alignment on sensitive topics. These are properties of the weights and exist whether you run locally or not, separate from the data-flow question.
Is the model itself spying on me if I run it locally?
No. The model weights are static files with no networking code. Running them with Ollama or LM Studio offline produces no outbound connections, which you can confirm with a firewall rule or packet capture.
What's the difference between DSL/PIPL and GDPR here?
China's Data Security Law and Personal Information Protection Law govern the hosted service's handling of data in China; GDPR governs how you handle EU personal data. Self-hosting keeps the data under GDPR-style control and avoids the cross-border transfer to the China-governed service.
Should EU companies avoid DeepSeek entirely?
Not necessarily. The standard privacy-engineering answer is to avoid the hosted API for personal data and use the open weights locally instead. Whether to use the model at all then depends on its fit for your task and your view of the model-weight caveats.
How do I prove to an auditor that no data leaves?
Run the model with outbound traffic monitored or blocked, capture the result, and document a local-only data path. Because there is no telemetry, the absence of egress is straightforward to demonstrate.
Update Log
- Published 2026-06-19. Next review due 2026-12-19 (semi-annual freshness tier).
- Facts as of June 2026: DeepSeek privacy policy updated 2026-02-10; Italy Garante block January 2025; investigations in FR, IE, DE, BE, PT. Editorial, evenhanded; no product links.