If you are in the EU, UK, or Switzerland, you have strong legal rights to access, correct, delete, and transfer your data, and can complain to your national data protection authority if you feel your rights have been violated.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision operationalizes Duolingo's compliance obligations under GDPR and related data protection regimes by explicitly acknowledging and authorizing the exercise of statutory rights by a defined user population, establishing the procedural basis for data subject requests and regulatory complaints.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Removed Switzerland from scope, removed 'update' right, changed 'data protection authority' to 'supervisory authority', and softened language from 'you have the right' to 'you have certain rights.'
View full change record →EU, UK, and Swiss users can request a full export of their personal data, demand deletion, or object to advertising processing at any time, and have a legal right to escalate complaints to their national DPA if Duolingo does not respond adequately within 30 days.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to access, correct, update, or request deletion of your personal information. You also have the right to object to processing, restrict processing, and request portability of your data. You may also have the right to lodge a complaint with your local data protection authority.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY FRAMEWORK: GDPR Art. 15 (right of access), Art. 16 (rectification), Art. 17 (erasure), Art. 18 (restriction), Art. 20 (portability), Art. 21 (objection), Art. 77 (right to lodge complaint with supervisory authority). UK GDPR mirrors these rights post-Brexit. Swiss Federal Act on Data Protection (revDSG) effective September 2023 provides comparable rights. Enforced by national DPAs (lead authority for Duolingo likely Irish DPC given EU establishment).
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision operationalizes Duolingo's compliance obligations under GDPR and related data protection regimes by explicitly acknowledging and authorizing the exercise of statutory rights by a defined user population, establishing the procedural basis for data subject requests and regulatory complaints.
EU, UK, and Swiss users can request a full export of their personal data, demand deletion, or object to advertising processing at any time, and have a legal right to escalate complaints to their national DPA if Duolingo does not respond adequately within 30 days.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.