What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages GDPR (EU Regulation 2016/679) for EU and EEA users, with Udemy referencing the EU-U.S. Data Privacy Framework as a cross-border transfer mechanism. For California residents, the policy engages CCPA and CPRA, including rights to opt out of the sale or sharing of personal information and the right to limit use of sensitive personal information. The policy's educational data practices may also engage FERPA considerations where learner records are involv…

How does Udemy's Udemy Privacy Policy affect users?

The document authorizes Udemy to collect learning behavior data, device identifiers, payment information, and user communications, and to share this data with instructors, advertising and analytics service providers. For users accessing Udemy through employer-sponsored Udemy Business accounts, the employer organization receives access to learner activity reports and engagement metrics. Individual users and Udemy Business account holders can exercise data access, deletion, and targeted advertisi…

How often is Udemy's Udemy Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Udemy updates this document?

Yes. Watcher subscribers ($9.99/month) can add Udemy to their watchlist and receive same-day email alerts whenever this document or any other Udemy document changes.

CA-D-000164

Udemy Privacy Policy

Udemy

Last change detected April 22, 2026 Privacy policy

SHA-256: 25ed50b499b4a94aa46… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Udemy ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

5 Medium severity

2 Low severity

Summary

This document establishes Udemy's practices for collecting, using, and sharing personal information from users of its online learning platform, including name, email, payment details, course progress, and browsing activity. The policy authorizes employers with Udemy Business accounts to access learner activity reports, course completion data, and time-on-platform metrics for employees enrolled through their organization. The policy also establishes data-sharing arrangements with instructors, advertising partners, and analytics providers, and specifies rights procedures for California residents and EU users to access, delete, or opt out of certain data uses through privacy settings or by contacting privacy@udemy.com.

Technical / Legal Breakdown

This document is Udemy's Privacy Policy, governing the collection, use, storage, and sharing of personal data by Udemy Inc. and its affiliates in connection with the Udemy platform, mobile applications, and related services, with legal bases including consent, contractual necessity, and legitimate interests depending on jurisdiction. The policy states that Udemy collects account registration data, payment information, course activity and progress data, device and usage data, and communications content, and the terms authorize sharing of personal data with instructors, corporate clients (Udemy Business), third-party service providers, advertising partners, and successors in the event of a merger or acquisition. A notable operational distinction is the policy's dual-mode structure: consumer learners and Udemy Business enterprise users operate under materially different data-sharing frameworks, with enterprise learner data shared with the employing organization, which may create exposure that individual users do not anticipate. The policy engages GDPR and the EU-U.S. Data Privacy Framework for European users, CCPA/CPRA for California residents, and FERPA considerations for educational data contexts; applicable law may constrain some of the policy's broader data-use assertions, particularly around cross-context behavioral advertising and data sharing with enterprise clients.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

3 versions captured · Last updated: April 2026

April 22, 2026

low

What changed Udemy added a comprehensive preamble to its Privacy Policy on April 22, 2026, introducing the policy's scope and purpose. The new language states that Udemy respects user privacy and explains how data is collected, used, and shared. It clarifies that the policy applies to Udemy websites, mobile apps, APIs, and related services, and also covers prospective customers and Udemy Business users, with a separate privacy statement available for enterprise program participants.

Why this matters Udemy added introductory language to its Privacy Policy clarifying what the policy covers and how it applies across different Udemy services and customer types. This is primarily a transparency and organizational change that helps users understand the scope of the policy rather than a substantive change to data practices. No material change to user rights, data handling practices, or consent requirements is evident from the added language.

View full change record →

April 19, 2026

low

What changed The Udemy Privacy Policy was updated on April 19, 2026, with one sentence modified in the document footer. The update changed the stated last-updated date from April 21, 2026 to April 14, 2026. This appears to be a correction to the document's timestamp metadata and does not reflect a substantive change to the actual privacy policy terms or user protections.

Why this matters This change is a correction to the document's footer metadata only. The actual terms and conditions of Udemy's privacy policy remain unchanged. No modifications to data collection, use, retention, or consumer rights have been made.

View full change record →

High — 1 provision

Udemy Business Employer Data Sharing Compare →

If your company pays for your Udemy access through Udemy Business, your employer can see which courses you've taken, how far you've progressed, your assessment scores, and any messages you've sent through the platform.

Added May 11, 2026 Standard Seen across 246 platforms

Medium — 5 provisions

Third-Party Advertising and Analytics Data Sharing Compare →

Udemy allows advertising and social media companies to track your browsing behavior across Udemy and other websites using cookies and similar tools, in order to show you targeted advertisements.

Added May 11, 2026 Standard Seen across 246 platforms
Data Sharing in Merger or Acquisition Compare →

If Udemy is sold, merges with another company, or goes through bankruptcy, your personal data could be transferred to the new owner, who would then govern it under their own privacy policy.

Added May 11, 2026 Standard Seen across 246 platforms
Cross-Border Data Transfers (EU-U.S. Data Privacy Framework) Compare →

Udemy transfers personal data from EU and UK users to the United States and relies on the EU-U.S. Data Privacy Framework certification to make those transfers legal under EU and UK law.

Added May 11, 2026 Standard Seen across 262 platforms
Children's Privacy and Age Restriction Compare →

Udemy's platform is not intended for users under 16, and Udemy states it will delete any data collected from children under that age if discovered.

Added May 11, 2026 Standard Seen across 262 platforms
Data Retention Compare →

Udemy keeps your personal data for as long as it needs to run the service, meet legal requirements, or handle disputes, without specifying fixed deletion timelines for most data categories.

Added May 11, 2026 Standard Seen across 223 platforms

Low — 2 provisions

California CCPA/CPRA Rights

If you live in California, you have a set of legally enforceable rights over your personal data, including the right to see it, delete it, correct it, and stop Udemy from sharing it with advertising partners.

Added May 11, 2026 Rare
Instructor Data Access

When you take a course, the instructor can see that you are enrolled, how far you have progressed, your quiz scores, and any questions or forum posts you submit.

Added May 11, 2026 Rare