Duolingo family

Privacy Policy πŸ”’

Last updated: March 20, 2026

Contents

Introduction

Welcome to Duolingo Marketplace. Protecting your personal data is our priority. This document explains what data we collect, how we use it, how we protect it, and what rights you have.

Duolingo Marketplace ("we", "us", "our") operates as a marketplace for sharing Duolingo family subscriptions. The platform complies with EU Regulation 2016/679 on personal data protection (GDPR).

What Data We Collect

We collect data in several categories:

Account Information

  • Email address
  • Full name
  • Phone number (optional)
  • Public Duolingo username (for verification)

Payment Information (Stripe Connect)

  • Payment data processed via Stripe (we never see card numbers)
  • Bank account for payouts (sellers only)
  • Transaction and invoice history

Website Usage Data

  • IP address
  • Browser type and operating system
  • Record of your activity on the platform

How We Use Your Data

We use your data for the following purposes:

  • Create and manage your account
  • Verify your access to Duolingo Family via Apify scraper
  • Process payments and payouts via Stripe
  • Communicate about orders, issues, and updates
  • Provide technical support
  • Platform security and fraud prevention

Data Security

We protect your data in the following ways:

  • HTTPS encryption for all communications
  • PostgreSQL database with restricted access (Supabase with RLS)
  • Stripe and Stripe Connect as certified payment providers
  • Row-Level Security (RLS) - each user only sees their own data

We ensure security, but cannot guarantee absolute internet security. If you have security concerns, please contact us.

Sharing with Third Parties

We share some data with trusted third parties that are necessary for the platform to function.

Stripe (payment processor) and Stripe Connect (for seller payouts)

Stripe receives payment data, name, email, and bank details (for sellers). Stripe operates under its own privacy policy.

Apify (web scraper for Duolingo verification)

Apify is a third party that verifies your presence on your public Duolingo profile. Apify does not have access to your password, only sees public information.

Supabase (database hosting)

Supabase hosts our database. Supabase is ISO 27001 certified for security and operates from a Swiss data center.

We do not sell your personal data. We do not share it with any other third parties without your consent.

Cookies and Tracking

Our website uses cookies. Cookies are small text files stored in your browser.

Essential Cookies

We use essential cookies for authentication, session management, and security. These cookies are necessary for the platform to function.

Cookie Control

You can reject or remove most cookies in your browser settings. However, without cookies you will not be able to log in to the platform.

Your Rights

As an EU resident, you have the following rights under GDPR:

  • Right to Access - You have the right to request a copy of all personal data we have about you.
  • Right to Correction - You have the right to request correction of inaccurate or incomplete data.
  • Right to Deletion - You have the right to request deletion of your data (right to be forgotten) with certain exceptions.
  • Right to Portability - You have the right to request your data in a structured format and transfer it elsewhere.
  • Right to Object - You have the right to object to processing of your data for certain purposes.

To exercise any of these rights, please contact us using the information provided below.

Data Retention

We retain your data only as long as necessary:

  • Account data: Retained while you have an active account
  • Transaction data: Retained for 7 years for legal and tax compliance
  • Activity logs: Retained for 90 days for security and troubleshooting

Contact

Data Protection Officer

If you have questions about our privacy policy, you can contact us at the email address above. You also have the right to file a complaint with your national data protection authority.

For more information about GDPR, visit: https://www.gdpr-regulation.eu/

← Back to home