Registry / compare
DeepSeek API (first-party) vs DeepSeek via Fireworks AI
The same dimension can grade differently depending on who serves the model. Every cell links to its source; grades are evidence grades, not endorsements.
| Dimension | DeepSeek API (first-party) | DeepSeek via Fireworks AI |
|---|---|---|
| SOC 2 Type II | ○No public evidence No SOC 2 Type II report, attestation announcement, or audit-report request channel was found on deepseek.com, in the DeepSeek Open Platform Terms of Service, or in the privacy... | ◐Yes, sales-gated Fireworks' security docs state the platform is SOC 2 Type II compliant and that "documentation and audit reports are available in our Trust Center" (trust.fireworks.ai). The... |
| ISO 27001 | ○No public evidence No ISO/IEC 27001 certificate, certificate number, or certification claim was found on deepseek.com or in DeepSeek's published policies. No accredited-registrar listing for... | ●Yes, public Fireworks docs state ISO 27001 certification (plus ISO 27701 privacy extension) with certificate PDFs downloadable from the Trust Center. Platform-level certification... |
| ISO 42001 | ○No public evidence No ISO/IEC 42001 (AI management system) certification claim was found in any DeepSeek public material. | ●Yes, public Fireworks docs list ISO 42001 (AI management system) among its certifications, with certificate PDFs available via the Trust Center. Certifies Fireworks' AI management... |
| Trust center | ○No public evidence No trust center, security portal, or compliance-documentation page was found on deepseek.com or platform.deepseek.com. Public documentation is limited to legal policies hosted... | ●Yes, public Maintained SafeBase-style trust center; hosts certifications, audit reports, and (per the DPA) subprocessor-change notifications customers can subscribe to. Page is... |
| HIPAA BAA | ○No public evidence Neither the DeepSeek Open Platform Terms of Service nor the privacy policy mentions HIPAA, PHI, or a Business Associate Agreement, and no BAA request channel was found. The... | ◔Partial Fireworks publicly states the inference platform is HIPAA compliant (docs and enterprise page), which conventionally implies BAA availability, but no public BAA terms were... |
| GDPR DPA | ○No public evidence No public Data Processing Agreement, Standard Contractual Clauses, or subprocessor list was found; the Open Platform Terms of Service (release date April 22, 2026) contain no... | ●Yes, public Public DPA (PDF) incorporates the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module Two) plus Swiss addendum provisions, and publishes the... |
| No-training default | ○No public evidence No public commitment NOT to train on customer data by default was found; the privacy policy states the opposite. It lists Prompts/Inputs ("text input, voice input, prompt,... | ●Yes, public Privacy policy: "We do not use your prompts, training data, or API inputs to train or improve our AI models without your explicit opt-in." The public DPA reinforces this... |
| Retention / ZDR | ◔Partial Retention is addressed only in general terms: "We retain Personal Data for as long as necessary to provide our Services and for the other purposes set out in this Privacy... | ●Yes, public Zero data retention is the documented default for open models: prompt and generation data "exist only in volatile memory for the duration of the request" and are not written to... |
| Residency | ○No public evidence No region-pinning or EU-residency option exists. The privacy policy (last update Feb 10, 2026) states: "To provide you with our services, we directly collect, process and store... | ◔Partial The core point of this row: Fireworks, a US-based company, serves open-weight DeepSeek models entirely on its own infrastructure (AWS, GCP, Oracle Cloud data centers per its... |
| GPAI Code | ○No public evidence DeepSeek (Hangzhou DeepSeek Artificial Intelligence) does not appear on the European Commission's GPAI Code of Practice signatory list, in full or for any individual chapter,... | ○No public evidence Per the two-level rule this dimension describes DeepSeek, the model developer, the GPAI Code of Practice is a provider obligation, and for open-weight models the GPAI provider... |
| Art. 53 summary | ○No public evidence No Article 53(1)(d) public training-content summary using the EU AI Office template was found on deepseek.com, api-docs.deepseek.com, or in DeepSeek model release materials.... | ○No public evidence Describes DeepSeek as the GPAI provider (not Fireworks). No public training-content summary using the EC's mandatory template (published 24 July 2025) was found for DeepSeek... |