Duolingo shares your personal information with advertising and analytics companies, including for those companies' own marketing purposes in some cases.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes sharing personal data with third parties for the third parties' own marketing purposes, which in practice may include platforms such as Meta and Google, and which for EU and UK users requires valid consent under GDPR.
Interpretive note: The policy does not enumerate specific advertising and analytics partners by name in the visible text, creating some ambiguity about the full scope of third-party data sharing.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Language broadened from specific advertising partners to general third-party vendors/service providers, and added qualifier 'consistent with your consent where required' for marketing purposes sharing.
View full change record →The policy states Duolingo may share personal data with advertising and analytics third parties, potentially including for those parties' own marketing uses, which affects how user data is used beyond Duolingo's own platform.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We also may share your information with third parties for their own marketing purposes, consistent with your consent where required.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: Sharing personal data with advertising partners for those partners' own marketing purposes implicates GDPR Article 6 lawful basis requirements and, where consent is relied upon, GDPR Article 7 validity requirements for EU and UK users. Under CCPA and CPRA, sharing personal information for cross-context behavioral advertising constitutes a 'share' under California law, triggering opt-out rights. The FTC Act applies to any material misrepresentation about the scope of third-party data sharing. GOVERNANCE EXPOSURE: High. The authorization to share personal data with third parties for those parties' own marketing purposes, combined with the advertising technology infrastructure embedded in the platform (Meta Pixel, Google Analytics, Google Tag Manager), creates significant regulatory exposure under GDPR consent requirements and CCPA opt-out obligations. The policy's language is relatively general and may not fully satisfy GDPR transparency requirements regarding specific recipients and purposes. JURISDICTION FLAGS: EU and UK users require specific, informed, and freely given consent before their data is shared with advertising partners for marketing purposes. California residents must be provided a clear opt-out mechanism. Users in other jurisdictions may have limited recourse depending on local law. CONTRACT AND VENDOR IMPLICATIONS: Each advertising and analytics partner receiving personal data should be subject to a data processing agreement or, where acting as an independent controller, appropriate controller-to-controller terms. The presence of Meta Pixel and Google Analytics scripts on the policy page itself suggests data is transmitted to these platforms upon page load, which may warrant review of consent sequencing. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the list of advertising and analytics partners receiving personal data and verify that disclosures in the policy accurately reflect current data flows. For EU and UK users, consent management platform configuration should be reviewed to ensure advertising cookies and tracking pixels are not activated prior to valid consent.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes sharing personal data with third parties for the third parties' own marketing purposes, which in practice may include platforms such as Meta and Google, and which for EU and UK users requires valid consent under GDPR.
The policy states Duolingo may share personal data with advertising and analytics third parties, potentially including for those parties' own marketing uses, which affects how user data is used beyond Duolingo's own platform.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.