Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC can act against unfair or deceptive data retention practices under FTC Act Section 5, particularly where retention disclosures are materially misleading.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention Policy clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Retention Policy clauses across approximately 64 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Retention Policy — Duolingo

Share 𝕏 Share in Share 🔒 PDF

What it is

Duolingo keeps your personal data for as long as needed to run its services, and says it will delete or anonymize data when it is no longer needed.

Consumer impact (what this means for users)

Without specific retention periods stated for different data types (especially voice recordings and behavioral data), users cannot meaningfully assess their exposure or predict when their data will be removed from Duolingo's systems.

Cross-platform context

See how other platforms handle Data Retention Policy and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Vague retention language ('as long as necessary') without specific timeframes makes it difficult for users to know how long their data — including voice recordings — is kept, and limits the practical value of deletion rights.

View original clause language

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy, or as required by law. When we no longer need your personal information, we will delete or anonymize it.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 5(1)(e) requires data be kept 'no longer than necessary' with specific retention periods documented — vague retention policies violate this storage limitation principle. CCPA does not mandate specific retention periods but requires disclosure of retention practices in the privacy notice per CPRA amendments. FTC Act Section 5 covers deceptive retention practices. Primary enforcers: EU DPAs, CPPA, FTC.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC can act against unfair or deceptive data retention practices under FTC Act Section 5, particularly where retention disclosures are materially misleading.
File a complaint →

Provision details

Document information

Document

Duolingo Privacy Policy

Entity

Duolingo

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002768

Document ID

CA-D-00084

Evidence Provenance

Source URL

https://www.duolingo.com/privacy

Wayback Machine

View archived versions →

SHA-256

18dc44f61316909c4efd9113eadb61be0022e2b5dce55feb464c0f8eb1b08ef1

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Duolingo | Document: Duolingo Privacy Policy | Record: CA-P-002768
Captured: 2026-04-18 09:22:23 UTC | SHA-256: 18dc44f61316909c…
URL: https://conductatlas.com/platform/duolingo/duolingo-privacy-policy/data-retention-policy/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Retention Policy