Duolingo transfers and stores user data in the United States, where privacy protections may differ from those in a user's home country.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that by using the service, users consent to data transfer to the US, which for EU and UK users intersects with GDPR requirements for lawful international data transfer mechanisms that go beyond consent alone.
Interpretive note: The policy does not specify which GDPR-compliant transfer mechanisms Duolingo relies upon beyond referencing user consent, creating ambiguity about the adequacy of international transfer protections for EU and UK users.
The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duoli…
The policy states that personal data is transferred to and stored in the United States, potentially under legal frameworks with different privacy protections than those applicable in EU, UK, or other jurisdictions.
How other platforms handle this
Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...
Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...
When we transfer personal data outside the European Economic Area, United Kingdom, or Switzerland, we use appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Duolingo is based in the United States and the information we collect is governed by U.S. law. By accessing or using our services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, where you may not have the same rights and protections as you do under local law.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: International transfers of personal data from the EU and UK to the United States engage GDPR Chapter V and UK GDPR transfer provisions. The EU-US Data Privacy Framework and Standard Contractual Clauses are currently the primary lawful transfer mechanisms. Reliance on user consent as the primary transfer mechanism under GDPR Article 49 is permitted only for non-repetitive, occasional transfers under EDPB guidance, meaning a broader transfer mechanism is generally required for systematic data flows. GOVERNANCE EXPOSURE: Medium. The policy's assertion that users 'consent' to US data transfers by using the service may not constitute a valid transfer mechanism under GDPR for systematic international data flows. Organizations relying on consent alone for repeated transfers to the US face regulatory exposure under GDPR Chapter V. JURISDICTION FLAGS: EU and EEA users have the highest exposure given GDPR Chapter V requirements. UK users are subject to UK GDPR international transfer rules. Users in countries with adequacy decisions or bilateral agreements may have additional protections. Users in jurisdictions without specific international transfer protections have limited recourse. CONTRACT AND VENDOR IMPLICATIONS: Enterprise or institutional customers contracting with Duolingo for use by EU or UK employees or students should request information about the specific transfer mechanisms Duolingo relies upon, such as Standard Contractual Clauses or the EU-US Data Privacy Framework certification, and incorporate appropriate contractual terms. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Duolingo has implemented and documented appropriate transfer mechanisms for EU and UK personal data flows to the United States, and that these are reflected in the privacy policy and records of processing activities. Transfer impact assessments may be required for high-risk data flows.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that by using the service, users consent to data transfer to the US, which for EU and UK users intersects with GDPR requirements for lawful international data transfer mechanisms that go beyond consent alone.
The policy states that personal data is transferred to and stored in the United States, potentially under legal frameworks with different privacy protections than those applicable in EU, UK, or other jurisdictions.
ConductAtlas has identified this type of provision across 48 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.