If you sign into Duolingo using Google, Facebook, or Apple, Duolingo receives some of your account data from those platforms.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that third-party login integrations provide Duolingo with access to data held by platforms such as Google, Facebook, and Apple, which may include data beyond what a user would provide directly during registration.
Interpretive note: The policy does not enumerate the specific data fields received from each third-party login platform, creating ambiguity about the precise scope of data acquired through these integrations.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →This provision discloses that Duolingo accesses user data from third-party social login platforms, which is important for users to understand what personal information is shared upon social sign-up.
View full change record →Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.
How other platforms handle this
TrustArcWrapper.withTrustArc(analytics, { alwaysLoadSegment: true }).load(segmentKey, cookieConfig);
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you register or log into your account through a third-party platform (such as Apple, Facebook, or Google), we will have access to some of your information from that platform, such as your name and email address, as provided to us in accordance with the authorization procedures determined by such third-party platform.— Excerpt from Duolingo's Duolingo Privacy Policy
REGULATORY LANDSCAPE: Data received from third-party authentication platforms is personal data subject to the same GDPR, CCPA, and other applicable obligations as directly collected data. The policy must accurately describe the categories and sources of personal data received via third-party login flows under GDPR Articles 13 and 14. The FTC Act applies to accurate representation of data received from third parties. GOVERNANCE EXPOSURE: Medium. The policy does not specify the exact data fields received from each third-party platform, which may vary by platform and user permissions. This ambiguity may make it difficult for users to understand what data Duolingo receives upon login, and may not fully satisfy GDPR transparency requirements for data received from third-party sources. JURISDICTION FLAGS: EU and UK users are entitled under GDPR to be informed about sources of personal data not collected directly from them. California users have CCPA rights to know the sources of personal information collected about them. CONTRACT AND VENDOR IMPLICATIONS: The terms of data sharing between Duolingo and third-party authentication platforms (Google, Apple, Facebook) are governed by the APIs and terms of those platforms; Duolingo's use of received data must comply with both its own policy and any use restrictions imposed by the platform's developer terms. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the categories of data received via each third-party login integration are documented in the records of processing activities and disclosed with sufficient specificity in the privacy policy to satisfy GDPR transparency obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that third-party login integrations provide Duolingo with access to data held by platforms such as Google, Facebook, and Apple, which may include data beyond what a user would provide directly during registration.
Users who sign in via Google, Facebook, or Apple accounts allow Duolingo to receive profile data from those platforms, the scope of which is determined by the authorization procedures of each platform and the permissions granted at login.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.