If Duolingo is sold, merged, or involved in a business transaction, your personal data may be transferred to the acquiring or merging company.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy reserves the right to transfer all user personal data, including learning history, identifiers, and payment information, to a third party in the context of a corporate transaction, without requiring separate user consent at the time of transfer.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →This provision notifies users that their personal data may be shared or transferred in corporate transactions including mergers and acquisitions, a significant privacy scenario not previously disclosed.
View full change record →The policy states that user personal data may be shared with acquiring parties during or following a merger, acquisition, or asset sale, potentially subjecting that data to a different organization's privacy practices.
How other platforms handle this
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: Corporate transaction data transfers engage GDPR requirements for lawful processing and notification of data subjects where a change of controller occurs. Under CCPA and CPRA, personal information transferred in a corporate transaction must remain subject to the representations made at the time of collection, unless users are notified and given an opportunity to opt out of material changes. GOVERNANCE EXPOSURE: Medium. This is a standard commercial clause present in most consumer privacy policies. However, for a platform holding detailed learning profiles, behavioral data, and payment information for a large global user base, the volume and sensitivity of data subject to potential transfer warrants monitoring. JURISDICTION FLAGS: EU and UK users benefit from GDPR change-of-controller notification requirements. California users have rights under CPRA to be notified of material changes in data use practices following a corporate transaction. Acquirers operating in regulated industries may face additional obligations. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers and B2B partners should consider whether their agreements with Duolingo include provisions addressing data handling obligations in the event of a corporate transaction, including requirements for notification and continued compliance with agreed data protection standards. COMPLIANCE CONSIDERATIONS: In the event of a corporate transaction, compliance teams should review notification obligations to data subjects under GDPR and CCPA, assess whether the acquiring entity's privacy practices are materially different, and evaluate whether user consent or opt-out mechanisms are required before data is used for new purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy reserves the right to transfer all user personal data, including learning history, identifiers, and payment information, to a third party in the context of a corporate transaction, without requiring separate user consent at the time of transfer.
The policy states that user personal data may be shared with acquiring parties during or following a merger, acquisition, or asset sale, potentially subjecting that data to a different organization's privacy practices.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.