Here is our independent evaluation of Deepseek V3, at the heart of the Web3 revolution and the quest for a sovereign and privacy-respecting AI. Based on an exclusive framework and a rigorous audit of publicly available data, this analysis reflects our vision of a future where privacy is a fundamental right.
The scoring system is based on a comprehensive guide created specifically for this project, accessible here. This ranking is dynamic, evolving with innovations and feedback from the decentralized community.
Our mission: to enlighten and inform, without filter or influence, to build together a fairer and more transparent AI ecosystem.
update : 25/08/08
Key Insights from the Deepseek Privacy and Data Review
Model
Data Collection
Prompts stored: User inputs and chat history are retained to support service functionality and model enhancement. An opt-out mechanism (“Improve the model for everyone”) is available, but no automatic deletion policy exists; data is retained based on account or business requirements. C
Use for training: Access requires mandatory account creation (email, username, etc.), with no anonymous access. Opt-out for training is available, but enforcement and scope of data use are unclear. C
Account required: Account is required to use the service, and personal information like email, username, and date of birth may be collected, but no sensitive data is required by default. No anonymous access option mentioned. C
Data retention duration:Data is stored indefinitely unless the user initiates account deletion. No fixed retention limits are specified, raising concerns about prolonged data storage. D
User Control
Deletion possible:Users can delete their account and chat history via the platform interface. However, DeepSeek may retain certain data for legal compliance or to address violations, with no guaranteed immediate or unconditional deletion (no Service Level Agreement on deletion timelines). B
Export possible: Data export requires manual requests through support channels, lacking self-service functionality, which falls short of GDPR’s emphasis on accessible data portability. C
Granularity control: Users can opt out of model improvement and manage limited personal data (e.g., chat history). However, fine-grained control over all data types is not explicitly supported. B
Explicit user consent: For EU/UK users, GDPR-compliant consent is obtained for specific data processing, with clear information and options to withdraw consent, aligning with regulatory standards. A
Transparency
Clear policy: The privacy policy is comprehensive, accessible, and regularly updated, meeting high standards for clarity and user awareness. A
Change notification:Policy updates are communicated retroactively, lacking proactive user notification mechanisms. C
Model documentation: Limited references to model architecture are available but lack detailed public documentation, reducing transparency. C
Privacy by Design
Encryption (core & advanced): DeepSeek claims to implement “security measures” but provides no specifics on end-to-end or at-rest encryption protocols, raising concerns about data protection rigor. D
Privacy-Enhancing Technologies: Claims of data de-identification are noted, but no evidence of advanced PETs (e.g., differential privacy) or verifiable proofs is provided. D
Auditability & Certification: A GDPR representative (Prighter) is appointed, but no third-party audits or certifications are disclosed. D
Transparency & Technical Documentation: No detailed technical documentation on security measures or model architecture is available, limiting independent verification. D
User-Configurable Privacy Features: Only basic opt-out options are provided, with no advanced privacy customization features. C
Hosting & Sovereignty
Sovereignty: All user data is processed and stored in the People’s Republic of China, with no mention of self-hosting or alternative sovereign hosting. D
Legal jurisdiction: The legal jurisdiction is the People’s Republic of China, which does not provide strong data protection guarantees. D
Local option: No local or self-hosting options are available; the service is entirely cloud-based in China. D
Big Tech dependency: No explicit reliance on major US tech providers is noted. As a China-based entity with internal infrastructure, dependency is likely minimal. B
Open Source
Publicly available model: No indication that the model or training data is open source or publicly available. D
Clear open source license: No open source license provided or referenced. D
Inference code available: No mention of accessible inference code; API access only. D
Remarks
Privacy and Data Review: Overall Score
26/100
- Data Collection: 5 + 5 + 5 + 0 = 15
- User Control: 15 + 5 + 15 + 20 = 55
- Transparency: 20 + 5 + 5 = 30
- Privacy by Design: 0 + 0 + 0 + 0 + 5 = 5
- Hosting & Sovereignty: 0 + 0 + 0 + 15 = 15
- Open Source: 0 + 0 + 0 = 0
Total: 15 + 55 + 30 + 5 + 15 + 0 = 120
23 × 20 = 460
120 / 460 × 100 = 26
This evaluation is provided for informational purposes only and reflects a subjective analysis based on publicly available data at the time of publication. We do not guarantee absolute accuracy and disclaim all liability for errors or misinterpretations. Any disputes must be submitted in writing to futurofintenet@proton.me
For full methodology, see our complete scoring guide here: LLM Privacy Rating Guide
