Duolingo · Duolingo Privacy Policy · View original document ↗

Third-Party Login and Social Integration

Low severity Medium confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Duolingo Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

If you sign into Duolingo using Google, Facebook, or Apple, Duolingo receives some of your account data from those platforms.

This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The policy states that third-party login integrations provide Duolingo with access to data held by platforms such as Google, Facebook, and Apple, which may include data beyond what a user would provide directly during registration.

Interpretive note: The policy does not enumerate the specific data fields received from each third-party login platform, creating ambiguity about the precise scope of data acquired through these integrations.

Recent Activity

This document changed recently

Medium May 27, 2026

The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.

View change record →
Medium Apr 21, 2026

The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.

View change record →

Change history

added May 27, 2026

This provision discloses that Duolingo accesses user data from third-party social login platforms, which is important for users to understand what personal information is shared upon social sign-up.

View full change record →

Consumer impact (what this means for users)

Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.

How other platforms handle this

Twilio Medium

TrustArcWrapper.withTrustArc(analytics, { alwaysLoadSegment: true }).load(segmentKey, cookieConfig);

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

See all platforms with this clause type →

Monitoring

Duolingo has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you register or log into your account through a third-party platform (such as Apple, Facebook, or Google), we will have access to some of your information from that platform, such as your name and email address, as provided to us in accordance with the authorization procedures determined by such third-party platform.

— Excerpt from Duolingo's Duolingo Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Data received from third-party authentication platforms is personal data subject to the same GDPR, CCPA, and other applicable obligations as directly collected data. The policy must accurately describe the categories and sources of personal data received via third-party login flows under GDPR Articles 13 and 14. The FTC Act applies to accurate representation of data received from third parties. GOVERNANCE EXPOSURE: Medium. The policy does not specify the exact data fields received from each third-party platform, which may vary by platform and user permissions. This ambiguity may make it difficult for users to understand what data Duolingo receives upon login, and may not fully satisfy GDPR transparency requirements for data received from third-party sources. JURISDICTION FLAGS: EU and UK users are entitled under GDPR to be informed about sources of personal data not collected directly from them. California users have CCPA rights to know the sources of personal information collected about them. CONTRACT AND VENDOR IMPLICATIONS: The terms of data sharing between Duolingo and third-party authentication platforms (Google, Apple, Facebook) are governed by the APIs and terms of those platforms; Duolingo's use of received data must comply with both its own policy and any use restrictions imposed by the platform's developer terms. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the categories of data received via each third-party login integration are documented in the records of processing activities and disclosed with sufficient specificity in the privacy policy to satisfy GDPR transparency obligations.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over accuracy of disclosures about data received from third-party platforms under the FTC Act.
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
COPPA
United States Federal
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Duolingo Privacy Policy
Entity
Duolingo
Document last updated
May 5, 2026
Tracking information
First tracked
May 12, 2026
Last verified
May 12, 2026
Record ID
CA-P-011285
Document ID
CA-D-00084
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
2dade822ccc0a9857012fa095dd3b53bfd7ed24f07f06c2c24446c668fae1eea
Analysis generated
May 12, 2026 08:26 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Duolingo
Document: Duolingo Privacy Policy
Record ID: CA-P-011285
Captured: 2026-05-12 08:26:59 UTC
SHA-256: 2dade822ccc0a985…
URL: https://conductatlas.com/platform/duolingo/duolingo-privacy-policy/third-party-login-and-social-integration/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Duolingo's Third-Party Login and Social Integration clause do?

The policy states that third-party login integrations provide Duolingo with access to data held by platforms such as Google, Facebook, and Apple, which may include data beyond what a user would provide directly during registration.

How does this clause affect you?

Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.

Is ConductAtlas affiliated with Duolingo?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.