Duolingo collects your account details, learning activity, device information, and other data you provide or that is generated as you use the app.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of data categories collected, including learning performance, streaks, device identifiers, and IP addresses, means Duolingo builds a detailed profile of each user's activity and behavior over time.
Interpretive note: The exact categories of data collected are described in general terms; the full scope of device and behavioral data collected via third-party SDKs may not be fully captured in the visible policy text.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →This provision establishes explicit categorization of what personal data Duolingo collects, providing users with detailed notice of data collection practices for both account creation and learning activity tracking.
View full change record →The policy states Duolingo collects name, email, age, learning activity, device identifiers, IP address, and payment information; this data is used for service delivery, personalization, advertising, and research, and is shared with third-party partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide directly to us when you use our services, such as when you create an account, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, age or date of birth, and any other information you choose to provide. We also collect information about your use of our services, such as the lessons you complete, your streaks, your performance on exercises, and other learning activity.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: The scope of data collection implicates GDPR Articles 5 and 13 for EU and UK users, requiring transparency about categories of personal data collected and the purposes for processing. CCPA and CPRA require disclosure of categories of personal information collected and the business or commercial purposes for collection. The FTC Act applies to the accuracy of disclosures about data collection practices. GOVERNANCE EXPOSURE: Medium. The policy discloses collection of a broad range of data categories including identifiers, performance data, device information, and communications content. While disclosure of these categories is standard practice for consumer apps, the combination of granular learning activity data with device identifiers and IP addresses creates a detailed behavioral profile, which carries heightened sensitivity under GDPR's data minimization principle. JURISDICTION FLAGS: EU and UK users have rights under GDPR to receive specific information about data processing at the time of collection. California residents have rights under CCPA to know what categories of personal information have been collected. Minors in GDPR jurisdictions benefit from enhanced protections under Article 8 and applicable national law. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor teams should verify that data processing agreements are in place with all sub-processors who receive personal data, and that such agreements comply with GDPR Article 28 requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data mapping exercise to verify that all categories of data disclosed in the policy are captured in records of processing activities under GDPR Article 30. The lawful basis for each processing purpose should be documented and reviewed, particularly where legitimate interests are relied upon.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of data categories collected, including learning performance, streaks, device identifiers, and IP addresses, means Duolingo builds a detailed profile of each user's activity and behavior over time.
The policy states Duolingo collects name, email, age, learning activity, device identifiers, IP address, and payment information; this data is used for service delivery, personalization, advertising, and research, and is shared with third-party partners.
ConductAtlas has identified this type of provision across 17 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.