Duolingo · Duolingo Privacy Policy

EU/EEA User Rights under GDPR

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you are in the EU, UK, or Switzerland, you have strong legal rights to access, correct, delete, and transfer your data, and can complain to your national data protection authority if you feel your rights have been violated.

Consumer impact (what this means for users)

EU, UK, and Swiss users can request a full export of their personal data, demand deletion, or object to advertising processing at any time, and have a legal right to escalate complaints to their national DPA if Duolingo does not respond adequately within 30 days.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 30 days
    EU/UK/Swiss users can email privacy@duolingo.com to submit a Data Subject Access Request (DSAR), request data deletion, or object to processing. Duolingo must respond within 30 days under GDPR Art. 12.

Cross-platform context

See how other platforms handle EU/EEA User Rights under GDPR and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

GDPR rights are among the strongest consumer data protections in the world — exercising them can force Duolingo to delete your data, stop certain processing, or provide a full copy of everything it holds about you.

View original clause language
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to access, correct, update, or request deletion of your personal information. You also have the right to object to processing, restrict processing, and request portability of your data. You may also have the right to lodge a complaint with your local data protection authority.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 15 (right of access), Art. 16 (rectification), Art. 17 (erasure), Art. 18 (restriction), Art. 20 (portability), Art. 21 (objection), Art. 77 (right to lodge complaint with supervisory authority). UK GDPR mirrors these rights post-Brexit. Swiss Federal Act on Data Protection (revDSG) effective September 2023 provides comparable rights. Enforced by national DPAs (lead authority for Duolingo likely Irish DPC given EU establishment).

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU/EEA users should contact their national Data Protection Authority (DPA) — equivalent to a state AG for privacy matters — if Duolingo fails to honor GDPR rights. The Irish DPC may be the lead supervisory authority.
    File a complaint →

Provision details

Document information
Document
Duolingo Privacy Policy
Entity
Duolingo
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002770
Document ID
CA-D-00084
Evidence Provenance
Source URL
https://www.duolingo.com/privacy
Wayback Machine
View archived versions →
SHA-256
18dc44f61316909c4efd9113eadb61be0022e2b5dce55feb464c0f8eb1b08ef1
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Duolingo | Document: Duolingo Privacy Policy | Record: CA-P-002770
Captured: 2026-04-18 09:22:23 UTC | SHA-256: 18dc44f61316909c…
URL: https://conductatlas.com/platform/duolingo/duolingo-privacy-policy/eueea-user-rights-under-gdpr/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document