FTC alleges messaging app violated child privacy law, duped users into subscriptions

The Federal Trade Commission (FTC) announced Monday that federal government is suing the operator of an anonymous messaging app for allegedly collecting personal data from children illegally and hoodwinking them into purchasing subscriptions to its service.

The civil complaint filed by the Department of Justice alleges that the Sendit app did not alert parents that it collects personal information from children under age 13, including their phone numbers, birthdates, photos and usernames for Snapchat, Instagram, TikTok and other accounts.  

The Children’s Online Privacy Protection Rule (COPPA) requires that operators of online services notify parents about data collected from children under 13 and obtain their verifiable consent. The complaint is filed against Hunter Rice, CEO of Sendit’s parent company, Iconic Hearts Holdings, Inc. 

Sendit also deceived users into paying for subscriptions by sending messages from people who didn’t exist and not allowing the messages to be viewed without payment, the FTC alleged. The app did not disclose the terms for the subscription plan, according to the agency.

“Sendit’s operator and CEO were well aware that many of its users were under the age of 13 and still failed to comply with COPPA,” Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, said in a prepared statement. 

“At the same time, they manipulated many users, including children, into signing up for their weekly subscription service by sending fake messages and promising to reveal the identity of message senders but failing to deliver.”

Iconic Hearts knew users’ ages because it received complaints from parents, the FTC said. Users also self-reported it, according to the complaint. In 2022, 116,000 users told the app they were under 13, the FTC said. 

A spokesperson for Iconic Hearts did not immediately respond to a request for comment.

The FTC said that to trick users into buying a “Diamond Membership” for as much as $9.99 a week, Iconic Hearts often sent phony messages saying, for example, “have you done drugs” or “would you ever get with me?”

To see who sent the messages, users had to buy a subscription. Sendit would then allegedly give users phony information for the non-existent message senders.

If the message was from someone real, the complaint said, Sendit would only provide location or phone type and not reveal the identity of the sender despite promises to do so. 

In addition to COPPA, Iconic Hearts violated the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA), according to the agency.