On September 29, 2025, the Federal Trade Commission (FTC) announced a legal action against the operator of the anonymous messaging app Sendit and its CEO for violations of multiple consumer protection and privacy laws. The complaint, filed in the United States District Court for the Central District of California by the Department of Justice at the request of the FTC, alleges violations of the Children’s Online Privacy Protection Act (COPPA), COPPA Rule, Section 5(a) of the FTC Act, and the Restore Online Shoppers’ Confidence Act (ROSCA). The FTC seeks a permanent injunction, monetary relief, and civil penalties.
Sendit is an anonymous messaging app integrated with platforms like Snapchat, Instagram, and X (formerly Twitter), and is widely used by children and teens. According to the complaint, the app unlawfully collected personal data from children under 13—including phone numbers, location data, birthdates, photos, and social media usernames—without providing notice to parents or obtaining verifiable parental consent.
The FTC alleges that the company had actual knowledge that app users included children under the age of 13. According to the complaint, more than 116,000 users reported their age as under 13 in their profile, and the company received repeated complaints from parents confirming that their children were using the app. The FTC alleges that despite this awareness, the company collected personal information from these users in direct violation of the COPPA Rule. The COPPA Rule requires operators of websites, apps and other online services that have knowledge they are collecting personal information from children under 13 to notify parents about what personal information the sites or apps collect and obtain verifiable parental consent before collecting such information.
In addition to the alleged COPPA Rule violation, the FTC claims that the company engaged in deceptive practices by sending fabricated messages—often provocative or sexual in nature—that appeared to originate from users’ social media contacts. According to the complaint, these messages were generated by the company itself to increase user engagement. The FTC further alleges that the company induced users to purchase paid subscriptions under false pretenses, including the promise that subscribers would be able to identify the senders of anonymous messages. In reality, the subscription did not provide meaningful identification and often delivered only generic information. The company also failed to clearly disclose that the subscription automatically renewed on a weekly basis and continued charging users until cancellation.
According to the FTC, these practices constitute deceptive and unfair conduct in violation of Section 5(a) of the FTC Act and ROSCA. ROSCA prohibits unfair or deceptive online sales practices involving “negative option features,” such as recurring charges imposed without clear disclosure or express informed consent.
This case is another example of the FTC’s continued focus on youth protection in the digital marketplace. Companies that offer products or services directed toward or appealing to children should expect increased regulatory scrutiny, particularly with respect to data collection practices, parental consent mechanisms, and subscription-based monetization models. For further analysis on the FTC’s focus on protecting consumers from deceptive billing and cancellation practices under ROSCA, see our recent advisories on Uber and Amazon.
