EU and UK users have the right under GDPR to access, correct, delete, or move their personal data, object to certain processing, and complain to their national data protection authority.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy confirms that EU and UK users have GDPR rights enforceable by local supervisory authorities, including the right to lodge complaints without needing to take legal action directly against Duolingo.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Removed Switzerland from scope, removed 'update' right, changed 'data protection authority' to 'supervisory authority', and softened language from 'you have the right' to 'you have certain rights.'
View full change record →EU and UK users can contact Duolingo at privacy@duolingo.com to exercise rights including data access, correction, deletion, restriction of processing, data portability, and objection to processing; they can also escalate to their national data protection authority.
How other platforms handle this
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Union or United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete personal information we hold about you; the right to restrict or object to our processing of your personal information; the right to data portability; and the right to lodge a complaint with your local supervisory authority.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: This provision implements rights under GDPR Articles 15-22 and UK GDPR equivalents. Duolingo, as a US-based company processing EU and UK personal data, is subject to GDPR by virtue of Article 3(2) (offering services to EU data subjects). Enforcement is by national data protection authorities in EU member states and the ICO in the UK. Duolingo may be required to designate an EU representative under GDPR Article 27. GOVERNANCE EXPOSURE: Medium. The policy acknowledges GDPR rights obligations. Key compliance risks include the adequacy of response processes for rights requests, documentation of lawful bases for all processing activities, and whether Duolingo has appointed an EU representative and Data Protection Officer as required. JURISDICTION FLAGS: EU member state DPAs have jurisdiction over processing of data belonging to residents of their respective states. The ICO has jurisdiction for UK data subjects. Lead supervisory authority under the GDPR one-stop-shop mechanism may apply if Duolingo has an EU establishment. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers in the EU and UK deploying Duolingo for employees or students should ensure that a Data Processing Agreement under GDPR Article 28 is in place with Duolingo and that the agreement addresses rights request handling and sub-processor obligations. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Duolingo has documented lawful bases for each category of processing under GDPR, that a Record of Processing Activities exists as required under Article 30, and that the privacy policy satisfies the transparency requirements of Articles 13 and 14. The appointment and contact details of an EU representative and any Data Protection Officer should be verified.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy confirms that EU and UK users have GDPR rights enforceable by local supervisory authorities, including the right to lodge complaints without needing to take legal action directly against Duolingo.
EU and UK users can contact Duolingo at privacy@duolingo.com to exercise rights including data access, correction, deletion, restriction of processing, data portability, and objection to processing; they can also escalate to their national data protection authority.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.