Duolingo keeps your personal data for as long as needed to run its services, and says it will delete or anonymize data when it is no longer needed.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision defines the operational framework for data lifecycle management, establishing both the retention trigger (service provision and stated purposes) and the termination mechanism (deletion or anonymization upon cessation of need). The clause ties retention duration to functional necessity rather than a fixed time period.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Expanded to detail specific factors considered for retention (amount, nature, sensitivity, risk of harm) and added 'legal, accounting, or reporting requirements' but excerpt appears incomplete/truncated.
View full change record →Without specific retention periods stated for different data types (especially voice recordings and behavioral data), users cannot meaningfully assess their exposure or predict when their data will be removed from Duolingo's systems.
How other platforms handle this
We retain personal data for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will vary depending on the type of data and the purposes for which we use it.
Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for differen...
We keep information as long as we need it to provide our products and services and fulfil the purposes described in this policy. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and processed, relevant legal or operational retention ...
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy, or as required by law. When we no longer need your personal information, we will delete or anonymize it.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY FRAMEWORK: GDPR Art. 5(1)(e) requires data be kept 'no longer than necessary' with specific retention periods documented — vague retention policies violate this storage limitation principle. CCPA does not mandate specific retention periods but requires disclosure of retention practices in the privacy notice per CPRA amendments. FTC Act Section 5 covers deceptive retention practices. Primary enforcers: EU DPAs, CPPA, FTC.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision defines the operational framework for data lifecycle management, establishing both the retention trigger (service provision and stated purposes) and the termination mechanism (deletion or anonymization upon cessation of need). The clause ties retention duration to functional necessity rather than a fixed time period.
Without specific retention periods stated for different data types (especially voice recordings and behavioral data), users cannot meaningfully assess their exposure or predict when their data will be removed from Duolingo's systems.
ConductAtlas has identified this type of provision across 66 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.