If you sign into Duolingo using Google, Facebook, or Apple, Duolingo receives some of your account data from those platforms.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes the operational basis for cross-platform authentication and data integration, defining which categories of third-party data Duolingo may receive and under what conditions. The provision clarifies that data access is mediated through third-party platform authorization procedures rather than direct user consent to Duolingo alone.
Interpretive note: The policy does not enumerate the specific data fields received from each third-party login platform, creating ambiguity about the precise scope of data acquired through these integrations.
The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.
Cross-platform context
See how other platforms handle Third-Party Login and Social Integration and similar clauses.
Compare across platforms →Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you register or log into your account through a third-party platform (such as Apple, Facebook, or Google), we will have access to some of your information from that platform, such as your name and email address, as provided to us in accordance with the authorization procedures determined by such third-party platform.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: Data received from third-party authentication platforms is personal data subject to the same GDPR, CCPA, and other applicable obligations as directly collected data. The policy must accurately describe the categories and sources of personal data received via third-party login flows under GDPR Articles 13 and 14. The FTC Act applies to accurate representation of data received from third parties. GOVERNANCE EXPOSURE: Medium. The policy does not specify the exact data fields received from each third-party platform, which may vary by platform and user permissions. This ambiguity may make it difficult for users to understand what data Duolingo receives upon login, and may not fully satisfy GDPR transparency requirements for data received from third-party sources. JURISDICTION FLAGS: EU and UK users are entitled under GDPR to be informed about sources of personal data not collected directly from them. California users have CCPA rights to know the sources of personal information collected about them. CONTRACT AND VENDOR IMPLICATIONS: The terms of data sharing between Duolingo and third-party authentication platforms (Google, Apple, Facebook) are governed by the APIs and terms of those platforms; Duolingo's use of received data must comply with both its own policy and any use restrictions imposed by the platform's developer terms. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the categories of data received via each third-party login integration are documented in the records of processing activities and disclosed with sufficient specificity in the privacy policy to satisfy GDPR transparency obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes the operational basis for cross-platform authentication and data integration, defining which categories of third-party data Duolingo may receive and under what conditions. The provision clarifies that data access is mediated through third-party platform authorization procedures rather than direct user consent to Duolingo alone.
Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.