Security & Privacy

DeepSeek is committed to providing enterprise-grade security and privacy protection for all users and their data.

Overview

Our comprehensive security framework includes:

Data Protection: End-to-end encryption and secure data handling
Privacy by Design: Built-in privacy protections and controls
Compliance: Industry-standard certifications and regulations
Access Control: Robust authentication and authorization
Monitoring: Continuous security monitoring and threat detection

Data Security

Encryption

Data in Transit

TLS 1.3: All API communications use TLS 1.3 encryption
Certificate Pinning: Enhanced protection against man-in-the-middle attacks
Perfect Forward Secrecy: Each session uses unique encryption keys
HSTS: HTTP Strict Transport Security enforced

Data at Rest

AES-256: All stored data encrypted with AES-256 encryption
Key Management: Hardware Security Modules (HSMs) for key protection
Key Rotation: Automatic encryption key rotation
Zero-Knowledge: DeepSeek cannot access your encrypted data

Implementation Example

python

import ssl
import requests
from deepseek import DeepSeek

# SDK automatically handles secure connections
client = DeepSeek(
    api_key="your-api-key",
    # SSL verification is enabled by default
    verify_ssl=True
)

# Manual verification for custom implementations
session = requests.Session()
session.verify = True  # Verify SSL certificates
session.mount('https://', requests.adapters.HTTPAdapter(
    ssl_context=ssl.create_default_context()
))

Data Handling

Data Processing

Ephemeral Processing: Data processed in memory only
No Persistent Storage: User data not stored after processing
Secure Deletion: Immediate secure deletion after use
Isolated Processing: Each request processed in isolation

Data Retention

json

{
  "data_retention_policy": {
    "api_requests": {
      "logs": "30 days",
      "content": "not stored",
      "metadata": "90 days"
    },
    "user_accounts": {
      "profile_data": "until account deletion",
      "usage_analytics": "2 years (anonymized)",
      "billing_data": "7 years (legal requirement)"
    },
    "deletion_process": {
      "user_request": "within 30 days",
      "automatic": "per retention schedule",
      "verification": "cryptographic proof of deletion"
    }
  }
}

Privacy Protection

Privacy by Design

Core Principles

Data Minimization: Collect only necessary data
Purpose Limitation: Use data only for stated purposes
Transparency: Clear data usage policies
User Control: Users control their data
Security by Default: Secure settings by default

Privacy Controls

python

# Privacy-enhanced API usage
response = client.chat.completions.create(
    model="deepseek-chat",
    messages=[{"role": "user", "content": "Hello"}],
    # Privacy controls
    store=False,  # Don't store conversation
    metadata={
        "privacy_level": "high",
        "data_residency": "eu"  # EU data residency
    }
)

Data Anonymization

Automatic Anonymization

PII Detection: Automatic detection of personal information
Data Masking: Real-time masking of sensitive data
Pseudonymization: Replace identifiers with pseudonyms
Differential Privacy: Mathematical privacy guarantees

Example Implementation

python

from deepseek.privacy import PrivacyFilter

# Initialize privacy filter
privacy_filter = PrivacyFilter(
    detect_pii=True,
    mask_emails=True,
    mask_phone_numbers=True,
    mask_ssn=True
)

# Apply privacy filtering
filtered_content = privacy_filter.filter(user_input)

response = client.chat.completions.create(
    model="deepseek-chat",
    messages=[{"role": "user", "content": filtered_content}]
)

Regional Data Residency

Available Regions

United States: us-east-1, us-west-2
Europe: eu-west-1, eu-central-1
Asia Pacific: ap-southeast-1, ap-northeast-1
Canada: ca-central-1
Australia: ap-southeast-2

Configuration

python

# Specify data residency
client = DeepSeek(
    api_key="your-api-key",
    region="eu-west-1",  # EU data residency
    data_residency="strict"  # Strict residency enforcement
)

Compliance & Certifications

Industry Standards

SOC 2 Type II

Security: Comprehensive security controls
Availability: 99.9% uptime guarantee
Processing Integrity: Accurate and complete processing
Confidentiality: Protection of confidential information
Privacy: Privacy protection controls

ISO 27001

Information Security Management: Systematic approach to security
Risk Management: Continuous risk assessment and mitigation
Incident Response: Structured incident response procedures
Business Continuity: Comprehensive continuity planning

Lawful Basis: Clear lawful basis for processing
Data Subject Rights: Full support for GDPR rights
Data Protection Officer: Dedicated DPO available
Privacy Impact Assessments: Regular privacy assessments

Regulatory Compliance

HIPAA (Healthcare)

python

# HIPAA-compliant configuration
client = DeepSeek(
    api_key="your-api-key",
    compliance_mode="hipaa",
    encryption_level="maximum",
    audit_logging=True
)

# Business Associate Agreement required
# Contact: compliance@deepseek.com

FERPA (Education)

python

# FERPA-compliant configuration
client = DeepSeek(
    api_key="your-api-key",
    compliance_mode="ferpa",
    data_residency="us",
    student_data_protection=True
)

Financial Services

PCI DSS: Payment card data protection
SOX: Sarbanes-Oxley compliance
GLBA: Gramm-Leach-Bliley Act compliance
FFIEC: Federal Financial Institutions guidelines

Access Control

Authentication

API Key Security

python

import os
from deepseek import DeepSeek

# Secure API key management
api_key = os.getenv('DEEPSEEK_API_KEY')
if not api_key:
    raise ValueError("API key not found in environment variables")

# Use environment variables, never hardcode
client = DeepSeek(api_key=api_key)

Multi-Factor Authentication

TOTP: Time-based one-time passwords
SMS: SMS-based verification
Hardware Tokens: FIDO2/WebAuthn support
Biometric: Fingerprint and face recognition

Single Sign-On (SSO)

json

{
  "sso_providers": [
    "Google Workspace",
    "Microsoft Azure AD",
    "Okta",
    "Auth0",
    "SAML 2.0",
    "OpenID Connect"
  ],
  "configuration": {
    "automatic_provisioning": true,
    "role_mapping": true,
    "session_timeout": "8 hours",
    "concurrent_sessions": 3
  }
}

Authorization

Role-Based Access Control (RBAC)

json

{
  "roles": {
    "admin": {
      "permissions": ["*"],
      "description": "Full system access"
    },
    "developer": {
      "permissions": [
        "api:read",
        "api:write",
        "models:use",
        "analytics:view"
      ],
      "description": "Development access"
    },
    "viewer": {
      "permissions": [
        "api:read",
        "analytics:view"
      ],
      "description": "Read-only access"
    }
  }
}

API Key Permissions

python

# Create API key with specific permissions
api_key = client.api_keys.create(
    name="Production API Key",
    permissions=[
        "chat:create",
        "models:list"
    ],
    rate_limits={
        "requests_per_minute": 1000,
        "tokens_per_day": 1000000
    },
    ip_whitelist=["192.168.1.0/24"],
    expires_at="2025-12-31T23:59:59Z"
)

Network Security

IP Whitelisting

python

# Configure IP restrictions
client.security.configure_ip_whitelist([
    "192.168.1.0/24",    # Office network
    "10.0.0.0/8",        # VPN network
    "203.0.113.0/24"     # Production servers
])

VPC Integration

json

{
  "vpc_configuration": {
    "vpc_id": "vpc-12345678",
    "subnet_ids": ["subnet-12345678", "subnet-87654321"],
    "security_group_ids": ["sg-12345678"],
    "private_endpoints": true,
    "nat_gateway": true
  }
}

Security Monitoring

Threat Detection

Real-time Monitoring

Anomaly Detection: ML-powered anomaly detection
Threat Intelligence: Global threat intelligence feeds
Behavioral Analysis: User behavior analysis
Attack Pattern Recognition: Known attack pattern detection

Security Events

json

{
  "security_events": [
    {
      "event_id": "sec_001",
      "timestamp": "2025-01-15T10:30:00Z",
      "type": "suspicious_login",
      "severity": "medium",
      "details": {
        "user_id": "user_123",
        "ip_address": "203.0.113.1",
        "location": "Unknown",
        "action_taken": "additional_verification_required"
      }
    },
    {
      "event_id": "sec_002",
      "timestamp": "2025-01-15T10:35:00Z",
      "type": "rate_limit_exceeded",
      "severity": "low",
      "details": {
        "api_key": "ak_***456",
        "requests_per_minute": 1500,
        "limit": 1000,
        "action_taken": "temporary_throttling"
      }
    }
  ]
}

Audit Logging

Comprehensive Logging

python

# Enable audit logging
client = DeepSeek(
    api_key="your-api-key",
    audit_logging=True,
    log_level="detailed"
)

# Access audit logs
audit_logs = client.security.get_audit_logs(
    start_date="2025-01-01",
    end_date="2025-01-31",
    event_types=["api_request", "authentication", "authorization"]
)

for log in audit_logs:
    print(f"{log.timestamp}: {log.event_type} - {log.details}")

Log Retention

Security Logs: 2 years retention
Access Logs: 1 year retention
Audit Logs: 7 years retention
Compliance Logs: Per regulatory requirements

Incident Response

Response Procedures

Detection: Automated threat detection
Assessment: Rapid impact assessment
Containment: Immediate threat containment
Investigation: Forensic investigation
Recovery: System recovery and restoration
Lessons Learned: Post-incident analysis

Communication Plan

json

{
  "incident_communication": {
    "internal_team": "immediate",
    "affected_customers": "within 1 hour",
    "regulatory_bodies": "within 24 hours",
    "public_disclosure": "as required by law",
    "channels": [
      "email",
      "status_page",
      "in_app_notifications",
      "security_bulletins"
    ]
  }
}

Security Best Practices

For Developers

Secure Coding

python

# ✅ Good: Secure API key handling
import os
from deepseek import DeepSeek

api_key = os.getenv('DEEPSEEK_API_KEY')
client = DeepSeek(api_key=api_key)

# ❌ Bad: Hardcoded API key
# client = DeepSeek(api_key="sk-1234567890abcdef")

# ✅ Good: Input validation
def validate_input(user_input):
    if len(user_input) > 10000:
        raise ValueError("Input too long")
    
    # Remove potential injection attempts
    sanitized = user_input.replace('<script>', '').replace('</script>', '')
    return sanitized

# ✅ Good: Error handling without exposing sensitive info
try:
    response = client.chat.completions.create(...)
except Exception as e:
    # Log full error internally
    logger.error(f"API error: {e}")
    # Return generic error to user
    return {"error": "An error occurred processing your request"}

Rate Limiting

python

import time
from collections import defaultdict

class RateLimiter:
    def __init__(self, max_requests=100, time_window=60):
        self.max_requests = max_requests
        self.time_window = time_window
        self.requests = defaultdict(list)
    
    def is_allowed(self, user_id):
        now = time.time()
        user_requests = self.requests[user_id]
        
        # Remove old requests
        user_requests[:] = [req_time for req_time in user_requests 
                           if now - req_time < self.time_window]
        
        if len(user_requests) >= self.max_requests:
            return False
        
        user_requests.append(now)
        return True

# Usage
rate_limiter = RateLimiter(max_requests=100, time_window=60)

if not rate_limiter.is_allowed(user_id):
    return {"error": "Rate limit exceeded"}

For Organizations

Security Policies

API Key Management: Centralized key management
Access Reviews: Regular access reviews
Security Training: Employee security training
Incident Response: Defined incident response procedures
Vendor Assessment: Regular security assessments

Implementation Checklist

markdown

## Security Implementation Checklist

### Authentication & Authorization
- [ ] API keys stored in environment variables
- [ ] Multi-factor authentication enabled
- [ ] Role-based access control implemented
- [ ] Regular access reviews scheduled

### Data Protection
- [ ] Data encryption in transit and at rest
- [ ] PII detection and masking implemented
- [ ] Data retention policies defined
- [ ] Secure deletion procedures in place

### Monitoring & Logging
- [ ] Security monitoring enabled
- [ ] Audit logging configured
- [ ] Incident response plan documented
- [ ] Regular security assessments scheduled

### Compliance
- [ ] Relevant compliance requirements identified
- [ ] Data residency requirements met
- [ ] Privacy policies updated
- [ ] Legal agreements in place

Vulnerability Management

Security Updates

Automatic Updates

SDK Updates: Automatic security updates for SDKs
Platform Updates: Regular platform security updates
Vulnerability Patches: Rapid vulnerability patching
Security Notifications: Proactive security notifications

Vulnerability Disclosure

json

{
  "vulnerability_disclosure": {
    "reporting_email": "security@deepseek.com",
    "pgp_key": "https://deepseek.com/security/pgp-key.asc",
    "response_time": "24 hours",
    "resolution_time": "varies by severity",
    "bug_bounty": "available for qualifying vulnerabilities"
  }
}

Penetration Testing

Regular Testing

Quarterly: Comprehensive penetration testing
Monthly: Automated vulnerability scanning
Continuous: Real-time security monitoring
Annual: Third-party security audits

Testing Scope

API Endpoints: All public API endpoints
Authentication: Authentication and authorization systems
Infrastructure: Cloud infrastructure and networks
Applications: Web applications and dashboards

Security Resources

Documentation

Security Guide: /en/security
Privacy Policy: https://deepseek.com/privacy
Terms of Service: https://deepseek.com/terms
Compliance: https://deepseek.com/compliance

Support

Security Team: security@deepseek.com
Compliance Team: compliance@deepseek.com
Privacy Officer: privacy@deepseek.com
Emergency Contact: emergency@deepseek.com

Security Bulletins

Security Updates: https://security.deepseek.com
Status Page: https://status.deepseek.com
RSS Feed: https://security.deepseek.com/feed.xml

Contact Security Team

For security-related inquiries, vulnerabilities, or compliance questions:

Email: security@deepseek.com
PGP Key: Download PGP Key
Response Time: Within 24 hours
Emergency: emergency@deepseek.com

Your security and privacy are our top priorities. We're committed to maintaining the highest standards of security and transparency in all our operations.

Security & Privacy ​

Overview ​

Data Security ​

Encryption ​

Data in Transit ​

Data at Rest ​

Implementation Example ​

Data Handling ​

Data Processing ​

Data Retention ​

Privacy Protection ​

Privacy by Design ​

Core Principles ​

Privacy Controls ​

Data Anonymization ​

Automatic Anonymization ​

Example Implementation ​

Regional Data Residency ​

Available Regions ​

Configuration ​

Compliance & Certifications ​

Industry Standards ​

SOC 2 Type II ​

ISO 27001 ​

GDPR Compliance ​

Regulatory Compliance ​

HIPAA (Healthcare) ​

FERPA (Education) ​

Financial Services ​

Access Control ​

Authentication ​

API Key Security ​

Multi-Factor Authentication ​

Single Sign-On (SSO) ​

Authorization ​

Role-Based Access Control (RBAC) ​

API Key Permissions ​

Network Security ​

IP Whitelisting ​

VPC Integration ​

Security Monitoring ​

Threat Detection ​

Real-time Monitoring ​

Security Events ​

Audit Logging ​

Comprehensive Logging ​

Log Retention ​

Incident Response ​

Response Procedures ​

Communication Plan ​

Security Best Practices ​

For Developers ​

Secure Coding ​

Rate Limiting ​

For Organizations ​

Security Policies ​

Implementation Checklist ​

Vulnerability Management ​

Security Updates ​

Automatic Updates ​

Vulnerability Disclosure ​

Penetration Testing ​

Regular Testing ​

Testing Scope ​

Security Resources ​

Documentation ​

Support ​

Security Bulletins ​

Contact Security Team ​

Security & Privacy

Overview

Data Security

Encryption

Data in Transit

Data at Rest

Implementation Example

Data Handling

Data Processing

Data Retention

Privacy Protection

Privacy by Design

Core Principles

Privacy Controls

Data Anonymization

Automatic Anonymization

Example Implementation

Regional Data Residency

Available Regions

Configuration

Compliance & Certifications

Industry Standards

SOC 2 Type II

ISO 27001

GDPR Compliance

Regulatory Compliance

HIPAA (Healthcare)

FERPA (Education)

Financial Services

Access Control

Authentication

API Key Security

Multi-Factor Authentication

Single Sign-On (SSO)

Authorization

Role-Based Access Control (RBAC)

API Key Permissions

Network Security

IP Whitelisting

VPC Integration

Security Monitoring

Threat Detection

Real-time Monitoring

Security Events

Audit Logging

Comprehensive Logging

Log Retention

Incident Response

Response Procedures

Communication Plan

Security Best Practices

For Developers

Secure Coding

Rate Limiting

For Organizations

Security Policies

Implementation Checklist

Vulnerability Management

Security Updates

Automatic Updates

Vulnerability Disclosure

Penetration Testing

Regular Testing

Testing Scope

Security Resources

Documentation

Support

Security Bulletins

Contact Security Team