What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This policy engages GDPR Art. 6 (lawful basis), Art. 13/14 (transparency), Art. 17 (erasure), and Art. 20 (portability) enforced by EU/EEA Data Protection Authorities; CCPA §1798.100 and §1798.120 (opt-out of sale/sharing) enforced by the California Privacy Protection Agency (CPPA) and California AG; COPPA (16 CFR Part 312) enforced by the FTC for users under 13; FERPA implications via Duolingo for Schools; and FTC Act Section 5 for deceptive data practices. The presence of…

How does Duolingo's Duolingo Privacy Policy affect users?

Duolingo collects extensive personal data including voice recordings, learning activity, purchase history, and device identifiers, and uses this data for both service improvement and targeted advertising through third-party ad partners such as Google and Meta. Users who do not want their data shared with advertisers face a real risk of behavioral profiling unless they actively exercise opt-out rights. You can opt out of the sale or sharing of your personal data by accessing Duolingo's privacy s…

How often is Duolingo's Duolingo Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Duolingo updates this document?

Yes. Watcher subscribers ($9.99/month) can add Duolingo to their watchlist and receive same-day email alerts whenever this document or any other Duolingo document changes.

Duolingo Privacy Policy — Duolingo

8 Total

4 High severity

4 Medium severity

0 Low severity

Summary

This is Duolingo's privacy policy explaining what personal information the language-learning app collects about you and how it uses it. Duolingo collects a wide range of data including your voice recordings, learning activity, device identifiers, and purchase history, and shares some of this data with advertising partners for targeted ads. If you are a California resident, you can opt out of the sale or sharing of your personal data by visiting Duolingo's privacy settings or submitting a request through their privacy portal.

Technical Summary

Duolingo's privacy policy governs the collection, use, and sharing of personal data for users of its language learning platform, apps, and related services, operating under a consent and legitimate interests framework consistent with GDPR Art. 6 and CCPA §1798.100. The policy obligates Duolingo to provide data access, deletion, and portability rights, while imposing on users an implicit acceptance of broad data collection including voice recordings, usage patterns, purchase history, device identifiers, and inferred characteristics used for personalization and advertising. A notable provision permits Duolingo to share data with 'advertising partners' and to use data for targeted advertising, including via third-party trackers (Google, Facebook/Meta pixel observed in page source), which creates heightened risk under GDPR consent requirements and CCPA opt-out obligations for data sales/sharing. The policy references COPPA compliance for users under 13 and provides a separate children's privacy section, engaging DOE/FERPA considerations given Duolingo's educational context and school-facing products (Duolingo for Schools). California residents are granted CCPA rights including opt-out of data sale/sharing, and EU/EEA residents are afforded GDPR rights, but the policy's relatively broad legitimate interests claims and advertising data sharing warrant close scrutiny from DPAs and state AGs.

Evidence Provenance

Captured April 21, 2026 06:05 UTC

Document ID CA-D-000084

Version ID CA-V-000855

Source URL https://www.duolingo.com/privacy

Wayback Machine View archived versions →

SHA-256 cdb1aa0d3bfd4be264e86c80c3c612593edeebe1fad643a91ca3dd3b93e33ae8

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 21, 2026 — Document updated medium

Duolingo updated its privacy policy on April 21, 2026 to introduce a new Math Tutor video feature, disclosing that audio from that feature is shared with Apple for speech recognition before being deleted, while the text transcript may be retained and shared with AI vendors. The policy also now allows Duolingo to retain your IP address for longer than 30 days if you're a paying subscriber, for payment processing and fraud prevention. Additionally, the session replay tools used to monitor your app activity have been expanded to include a new service called 'Session Replay,' and the policy no longer explicitly lists what data FullStory does not record.

5 added · 12 modified
View diff → View full record →
cdb1aa0d…
April 18, 2026 — Initial capture

Initial snapshot — monitoring begins

c78a2acf…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated April 21, 2026

medium

What changed Duolingo updated their Duolingo Privacy Policy on April 21, 2026. Change detected: 5 sentence(s) added, 12 sentence(s) modified. Document contained 219 sentences after update.

Consumer impact Duolingo's updated policy introduces a Math Tutor feature that sends your audio to Apple for speech recognition before deletion, but the resulting text transcript can be retained by Duolingo and shared with AI vendors — a new data-sharing pathway not previously disclosed. If you pay for a Duolingo subscription, your IP address may now be held indefinitely (beyond 30 days) for payment and fraud purposes. You can disable FullStory and Session Replay activity recording by using the Tracking toggle within the app Settings.

Why it matters Duolingo has introduced new audio and transcript sharing with Apple and unnamed AI vendors through the Math Tutor feature, while simultaneously removing a protective commitment about what FullStory cannot record — expanding the scope of data collection and third-party sharing without equivalent new protections. Paying subscribers are also subject to longer IP address storage, and a new session replay tool adds another layer of behavioral monitoring.

Recent Clause-Level Changes Apr 21, 2026

8 provisions unchanged.

View full change record →

High Severity — 4 provisions

Voice Data Collection

Duolingo records your voice when you use speaking exercises and uses those recordings to assess your pronunciation and improve its technology.

Added April 18, 2026
Advertising Data Sharing with Third Parties

Duolingo shares your personal data with advertising companies like Google and Meta so they can show you targeted ads both on Duolingo and on other websites and apps.

Added April 18, 2026
Children's Privacy and COPPA Compliance

Duolingo says it does not intentionally collect data from children under 13 without a parent's permission, and will delete such data if discovered. A separate child-friendly experience and family account management tools are available.

Added April 18, 2026
Cookies and Third-Party Tracking

Duolingo and its advertising partners use cookies and tracking tools to monitor how you use the app and website, and to target you with personalized ads. You can adjust these settings through your browser or Duolingo's cookie preferences.

Added April 18, 2026

Medium Severity — 4 provisions

California Resident Rights and Opt-Out

California users have specific legal rights including the ability to see, delete, and correct their data, and to stop Duolingo from selling or sharing their personal information with advertisers.

Added April 18, 2026
Data Retention Policy

Duolingo keeps your personal data for as long as needed to run its services, and says it will delete or anonymize data when it is no longer needed.

Added April 18, 2026
EU/EEA User Rights under GDPR

If you are in the EU, UK, or Switzerland, you have strong legal rights to access, correct, delete, and transfer your data, and can complain to your national data protection authority if you feel your rights have been violated.

Added April 18, 2026
Account Deletion and Data Portability

You can delete your Duolingo account at any time and request a copy of your data. Duolingo will remove your information unless it has a legal or business reason to keep it.

Added April 18, 2026