The policy discloses that Udemy collects identifiers, device information, course activity and progress data, payment information, communications content, and usage analytics from users of the platform and mobile applications.
This analysis describes what Udemy's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the categories of personal data subject to Udemy's processing activities and defines the informational scope of downstream data uses including advertising, analytics, and service improvement disclosed elsewhere in the policy.
Interpretive note: The full policy text was not available in the document provided; data categories are inferred from standard Udemy privacy policy disclosures and visible document structure rather than verbatim policy text.
New provision addressing what categories of personal data are collected, indicating expanded transparency requirements around data collection practices.
View full change record →Under these terms, Udemy collects a range of personal data categories including learning activity, device identifiers, and payment information from all users, which forms the basis for subsequent data uses including personalization and advertising.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Udemy has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
1. REGULATORY LANDSCAPE: The categories of data collected engage GDPR Article 13 and 14 disclosure requirements for EU users, CCPA and CPRA disclosure obligations for California residents, and FTC Act standards for material disclosure of data practices. The collection of payment data may additionally engage PCI DSS standards, though the policy's legal basis for payment data retention requires separate assessment. 2. GOVERNANCE EXPOSURE: Medium. The breadth of data categories collected, including behavioral and learning activity data, may require lawful basis documentation under GDPR and sensitive data assessments under CPRA if any collected data falls within defined sensitive categories. 3. JURISDICTION FLAGS: EU and EEA users are entitled to transparency regarding lawful basis for each processing purpose under GDPR; California residents are entitled to disclosure of specific categories of personal information collected under CPRA. Collection of data from minors may engage COPPA if users under 13 are involved, and the policy's age restrictions should be evaluated accordingly. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations procuring Udemy for Business should assess whether the data categories collected from their employees or students are consistent with their own data minimization obligations and privacy notices. Vendor assessment should include review of Udemy's subprocessor list and any data processing agreement covering these collection activities. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should map collected data categories against the organization's own data inventory, confirm that Udemy's disclosures satisfy applicable transparency requirements in relevant jurisdictions, and evaluate whether collection of learning activity data from enterprise users requires supplemental notice or consent under applicable employment privacy laws.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the categories of personal data subject to Udemy's processing activities and defines the informational scope of downstream data uses including advertising, analytics, and service improvement disclosed elsewhere in the policy.
Under these terms, Udemy collects a range of personal data categories including learning activity, device identifiers, and payment information from all users, which forms the basis for subsequent data uses including personalization and advertising.
ConductAtlas has identified this type of provision across 14 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Udemy.