Duolingo records your voice when you use speaking exercises and uses those recordings to improve its speech recognition systems and provide pronunciation feedback.
This analysis describes what Duolingo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the operational basis for voice data collection tied to specific service features and defines the primary purposes for processing that data—technology improvement and user-facing feedback delivery. This framing links data collection to stated functional objectives within the service.
Interpretive note: Whether Duolingo's voice recordings meet the statutory definition of 'biometric identifier' under BIPA or constitute biometric data under GDPR Article 9 depends on the specific processing methodology and applicable legal interpretation, which is not fully resolved by document language alone.
The updated privacy policy no longer contains explicit language stating that Duolingo uses cookies to enhance user experience and analyze performance, or that it shares user information with social media, advertising, and analytics partners. The policy also no longer displays a 'Do Not Sell My Personal Information' button. These removals may affect the transparency of Duolingo's practices as disclosed in the policy document itself, though actual data practices may remain unchanged. Users should review the complete updated privacy policy to understand current disclosures about data collection and sharing.
View change record →The updated policy now discloses a new Math Tutor feature that processes audio through Apple for transcription; audio is deleted but text transcripts may be retained and shared with AI vendors. Duolingo also clarified that IP addresses may be retained longer than 30 days for paying subscribers specifically for payment processing and fraud prevention. The policy changed the Video Call feature from 'Duolingo offers' to 'Duolingo may offer', clarifying it is optional. You can disable FullStory and Session Replay activity recording using the Tracking toggle in app Settings.
View change record →Your voice recordings made during Duolingo speaking exercises may be retained and used to train or improve Duolingo's speech recognition technology, meaning this biometric-adjacent data persists beyond the immediate lesson interaction. Users in states like Illinois may have additional rights regarding how this data is stored and used.
Cross-platform context
See how other platforms handle Voice Recording Collection and Use and similar clauses.
Compare across platforms →Monitoring
Duolingo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect voice recordings when you use features that require microphone access, such as speaking exercises. We use this data to evaluate and improve our speech recognition technology and to provide you with feedback on your pronunciation.— Excerpt from Duolingo's Duolingo Privacy Policy
(1) REGULATORY LANDSCAPE: Voice data collection engages the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's My Health MY Data Act in the US, as well as GDPR Article 9 if voice data is treated as biometric data used to uniquely identify individuals in the EEA. The FTC and relevant State AGs are primary enforcement authorities in the US. Whether Duolingo's voice data meets the statutory definition of 'biometric identifier' under BIPA is a question that has been actively litigated and compliance teams should not assume the policy's current framing resolves this exposure. (2) GOVERNANCE EXPOSURE: High. The use of voice recordings for product improvement and AI model training creates material exposure under state biometric laws that impose written consent, retention schedule, and destruction requirements. BIPA in particular provides a private right of action with statutory damages of $1,000 to $5,000 per violation, and courts have certified class actions based on similar fact patterns involving app-based voice collection. (3) JURISDICTION FLAGS: Illinois (BIPA), Texas (CUBI), and Washington create the most acute exposure for US operations. In the EEA, GDPR Article 9 may apply if voice recordings are processed in a way that enables unique identification, requiring explicit consent rather than general consent. Users in these jurisdictions represent heightened class action and regulatory enforcement risk. (4) CONTRACT AND VENDOR IMPLICATIONS: If Duolingo shares voice recordings with third-party speech recognition or AI vendors, Data Processing Agreements must be assessed to confirm appropriate controller/processor designations and data handling restrictions. Vendor contracts should address retention, destruction, and prohibition on secondary use of voice data consistent with applicable biometric law requirements. (5) COMPLIANCE CONSIDERATIONS: Legal teams should conduct a biometric data audit to determine whether Duolingo's voice data collection meets BIPA's written policy, public availability, and informed consent requirements. Consent mechanisms for voice data should be reviewed to ensure they are separate from general terms acceptance, particularly for EEA users. Retention and destruction schedules for voice recordings should be documented and enforced.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the operational basis for voice data collection tied to specific service features and defines the primary purposes for processing that data—technology improvement and user-facing feedback delivery. This framing links data collection to stated functional objectives within the service.
Your voice recordings made during Duolingo speaking exercises may be retained and used to train or improve Duolingo's speech recognition technology, meaning this biometric-adjacent data persists beyond the immediate lesson interaction. Users in states like Illinois may have additional rights regarding how this data is stored and used.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duolingo.