What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR for users in the EU and UK, CCPA and CPRA for California residents, and COPPA for users under 13 in the United States. The FTC has jurisdiction over unfair or deceptive data practices under the FTC Act. The policy's disclosure of data sharing with advertising technology partners including Meta and Google may require evaluation under GDPR consent requirements, and the embedded tracking infrastructure on the privacy policy page itself rai…

How does Duolingo's Duolingo Privacy Policy affect users?

The policy establishes that personal data collected during account creation and lesson activity is processed for service delivery and shared with designated advertising and analytics partners for targeted advertising and analytics purposes. Users in California may submit requests to opt out of personal data sales or sharing for cross-context behavioral advertising. Users in the EU and UK may submit requests to access, correct, delete, or port their personal data through specified channels.

How often is Duolingo's Duolingo Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Duolingo updates this document?

Yes. Watcher subscribers ($9.99/month) can add Duolingo to their watchlist and receive same-day email alerts whenever this document or any other Duolingo document changes.

CA-D-000084

Duolingo Privacy Policy

Duolingo

Last change detected May 5, 2026 Privacy policy

SHA-256: a096fd79730abd90215… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Duolingo ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

2 High severity

5 Medium severity

3 Low severity

Summary

This document establishes Duolingo's data collection and processing practices for users of its language-learning platform. The policy authorizes collection of personal identifiers, learning activity data, device information, IP addresses, and payment details, with provisions for sharing collected data with advertising and analytics partners including Google and Meta. Users in California, the EU, and the UK are granted specific rights to access, correct, delete, or port personal data, exercisable through privacy@duolingo.com or account settings.

Technical / Legal Breakdown

This document is Duolingo's global Privacy Policy, governing the collection, use, storage, and disclosure of personal data by Duolingo, Inc. across its language-learning applications, website, and related services. The policy states that Duolingo collects account registration data (name, email, age), usage and activity data (lessons completed, streaks, performance), device identifiers, IP addresses, approximate location, payment information, communications content, and data from third-party integrations such as Google and Facebook sign-in; the policy authorizes use of this data for service delivery, personalization, advertising, analytics, and research. The policy discloses sharing of personal data with advertising partners, analytics providers, and other third parties, and reserves the right to share data in connection with corporate transactions such as mergers or acquisitions; the policy also states that data may be processed in the United States and other countries with different privacy standards than a user's home jurisdiction. The policy engages GDPR and UK GDPR for EU and UK users respectively, CCPA and CPRA for California residents, and COPPA and related frameworks for users under 13; Duolingo states it does not knowingly collect personal data from children under 13 without verified parental consent, though the app's broad global user base and engagement with minors creates heightened compliance exposure across multiple jurisdictions. Material compliance considerations include the policy's treatment of age verification mechanisms, the scope of advertising data sharing with platforms such as Meta and Google (as evidenced by the tracking infrastructure embedded in the page), and the adequacy of consent mechanisms for users in GDPR-covered jurisdictions.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

3 versions captured · Last updated: May 2026

May 5, 2026

low

What changed Duolingo added three sentences to its privacy policy on May 5, 2026, disclosing that the website uses cookies to enhance user experience and analyze performance, shares user information with social media, advertising, and analytics partners, and provides cookie control options including 'Do Not Sell My Personal Information', 'Reject All', and 'Accept Cookies' buttons. Previously, the policy did not explicitly describe these cookie uses or provide these specific control mechanisms. The updated language makes cookie usage and data sharing partnerships more transparent and establishes user-facing controls for cookie preferences.

Why this matters The updated policy now explicitly states that Duolingo uses cookies to enhance user experience and analyze website performance, and shares user information about site usage with social media, advertising, and analytics partners. The policy also introduces user-facing controls allowing users to review, reject, or accept cookies and to opt out of personal information sales. These additions make data handling practices more transparent but do not materially change what data is collected, only how the collection is disclosed and what control mechanisms are available.

View full change record →

April 21, 2026

medium

What changed Duolingo updated its privacy policy on April 21, 2026 to add details about a new Math Tutor AI feature and to modify how audio and transcript data are handled. For Math Tutor, audio is shared with Apple for speech recognition and then deleted, while text transcripts may be retained and shared with AI vendors. The policy also added language clarifying that IP addresses may be retained longer for payment processing and fraud prevention when users have paid subscriptions.

Why this matters The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.

View full change record →

High — 2 provisions

Advertising and Analytics Data Sharing Compare →

Duolingo shares your personal information with advertising and analytics companies, including for those companies' own marketing purposes in some cases.

Added May 12, 2026 Standard Seen across 246 platforms
Children's Privacy and Parental Consent Compare →

Duolingo states it does not intentionally collect personal data from children under 13 without a parent's permission, and will delete such data if notified.

Added May 12, 2026 Standard Seen across 262 platforms

Medium — 5 provisions

Data Collection Scope Compare →

Duolingo collects your account details, learning activity, device information, and other data you provide or that is generated as you use the app.

Added May 12, 2026 Standard Seen across 251 platforms
International Data Transfers Compare →

Duolingo transfers and stores user data in the United States, where privacy protections may differ from those in a user's home country.

Added May 12, 2026 Standard Seen across 246 platforms
Corporate Transaction Data Sharing Compare →

If Duolingo is sold, merged, or involved in a business transaction, your personal data may be transferred to the acquiring or merging company.

Added May 12, 2026 Standard Seen across 246 platforms
California Resident Rights (CCPA/CPRA)

California residents have the right to know what data Duolingo holds about them, delete it, correct it, opt out of its sale or sharing for advertising, and limit use of sensitive personal information.

Added May 10, 2026 Rare
EU and UK User Rights (GDPR) Compare →

EU and UK users have the right under GDPR to access, correct, delete, or move their personal data, object to certain processing, and complain to their national data protection authority.

Added May 12, 2026 Standard Seen across 262 platforms

Low — 3 provisions

Data Retention Compare →

Duolingo keeps your personal data for as long as it is needed for the purposes it was collected, without specifying exact timeframes.

Added May 8, 2026 Standard Seen across 223 platforms
Third-Party Login and Social Integration

If you sign into Duolingo using Google, Facebook, or Apple, Duolingo receives some of your account data from those platforms.

Added May 12, 2026 Rare
Policy Update and Notification Compare →

Duolingo may update its privacy policy and will notify users by email or website notice before material changes take effect.

Added May 12, 2026 Standard Seen across 178 platforms

Monitoring

Duolingo has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Advertising and Analytics Data Sharing and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 5, 2026 14:59 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000084

Version ID CA-V-002216

Source URL https://www.duolingo.com/privacy

Wayback Machine View external archival references →

SHA-256 a096fd79730abd902159118bbeed45ddf75b93071e09cafe1012b20077064d43

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Duolingo Privacy Policy

May 5, 2026

April 21, 2026

Monitor governance changes across the platforms you rely on.