Duolingo shares your personal data with advertising companies who use tracking technologies to build a profile of your interests and show you targeted ads across multiple platforms and websites.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational scope of data sharing for advertising purposes and specifies the technical mechanisms through which third-party partners collect behavioral information. The authorization extends data collection beyond Duolingo's platform to track user activity across other digital properties.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Your Duolingo usage behavior, including what you learn and how you interact with the app, may be shared with advertising partners who combine it with data from other sources to target you with ads across the internet. California residents can opt out of this type of sharing under CPRA.
How other platforms handle this
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your personal information with busines...
We may share your personal information with third-party advertising partners. These companies may use information about your visits to our Services and other websites to show you relevant ads as you navigate the internet.
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third-party advertising partners to show you ads that are more relevant to you. These partners may use cookies, pixel tags, and similar technologies to collect information about your use of the Services and other websites and apps over time.— Excerpt from Duolingo's Duolingo Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly engages the CCPA as amended by the CPRA, which defines 'sharing' for cross-context behavioral advertising as a regulated activity subject to opt-out rights, distinct from 'sale.' GDPR requires freely given, specific, informed consent for behavioral advertising cookies under ePrivacy Directive requirements. The FTC Act's prohibition on unfair or deceptive practices applies to the adequacy of disclosures about third-party advertising data flows. State privacy laws in Colorado, Virginia, Connecticut, and other states also confer opt-out rights for targeted advertising. (2) GOVERNANCE EXPOSURE: High. The combination of Facebook Pixel and Google Analytics integrations (observable in the page source) with a policy that authorizes behavioral advertising data sharing creates direct CPRA 'sharing' exposure and GDPR consent exposure. The adequacy of the current consent mechanism (cookie banner) for behavioral advertising consent under GDPR's Recital 32 standard warrants independent review. (3) JURISDICTION FLAGS: California (CPRA opt-out obligation), EU/EEA (GDPR and ePrivacy consent requirements), and an expanding set of US states with comprehensive privacy laws. Minor users in any jurisdiction create compounded exposure given restrictions on targeted advertising directed at children under COPPA, GDPR, and the UK Children's Code. (4) CONTRACT AND VENDOR IMPLICATIONS: Data sharing agreements with advertising technology vendors should specify the purposes for which shared data may be used, prohibit secondary use for non-disclosed purposes, and address onward transfer restrictions. The policy's reference to pixel tags and similar technologies suggests real-time data flows that may require specific contractual controls to satisfy GDPR processor or joint controller requirements. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit all active advertising technology integrations against the policy's disclosures to ensure the list of partners is complete and current. Opt-out mechanisms for California users should be tested for functionality. Consent management platform configurations should be reviewed to ensure behavioral advertising scripts are not loaded prior to affirmative consent in GDPR-applicable regions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational scope of data sharing for advertising purposes and specifies the technical mechanisms through which third-party partners collect behavioral information. The authorization extends data collection beyond Duolingo's platform to track user activity across other digital properties.
Your Duolingo usage behavior, including what you learn and how you interact with the app, may be shared with advertising partners who combine it with data from other sources to target you with ads across the internet. California residents can opt out of this type of sharing under CPRA.
ConductAtlas has identified this type of provision across 28 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.