The Federal Trade Commission (FTC) is suing Sendit’s operating company and its CEO for unlawful collection of data from underage users, as well as deceptive subscription practices.
The FTC referred a legal complaint to the Department of Justice against Iconic Hearts Holdings Inc., the creator of Sendit, and its CEO, Hunter Rice.
Sendit is an “icebreaker” social media companion app popular among teenagers, that allows users to share a prompt in their Snapchat and Instagram stories, and collect anonymous responses from friends and followers.
It is very popular among teens, with more than five million downloads on Google Play and 1.5 million ratings on Apple App Store. The developer claims a userbase of 25 million.
According to FTC’s investigation, Sendit in 2022 had 116,000 registered users under the age of 13 from the United States.
The lawsuit, based on the FTC’s prior investigation, alleges the following:
- Sendit violated the Children’s Online Privacy Protection Act (COPPA) rules by collecting personal data of children under 13, including phone numbers, birthdates, photos, and social media usernames, without notifying parents or obtaining their consent.
- Sendit deceived users by generating fake anonymous messages, some purposefully provocative and sexual, misrepresenting their origin as if they came from friends or contacts.
- Sendit misled consumers into buying the premium “Diamond Membership” by falsely promising it would reveal the identity of senders, but providing instead generic, false, or no information at all.
- Sendit failed to clearly disclose billing terms for the Diamond Membership, automatically charging up to $9.99 a week instead of a one-time fee.
These deceptive practices and recurring charges constitute violations of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA), the agency says.
The FTC, which voted 3-0 in favor of referring the complaint to the U.S. DoJ, noted that the above violations are merely allegations against Sendit at this stage and the decision remains to the court.
BleepingComputer has contacted Hearts Holdings for a comment on the FTC’s action but we are still waiting for a response.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
