Privacy & Information Security Law Blog

On March 7, 2025, New York Attorney (“NY AG”) General Letitia James announced a $650,000 settlement with Saturn Technologies Inc. (“Saturn”), the developer of the Saturn App, a social networking app geared towards high school students and built around customized school calendars.

In its action against Saturn, the NY AG alleged that the company promised at various times between 2018 and August 2023 to verify users’ school email credentials to ensure (1) that the Saturn App did not allow non-students to join and (2) only users from the same school could interact with each other on the app. The NY AG alleged that, in contrast to these promises, Saturn stopped authenticating high school email credentials in 2021, thereby permitting users from different high schools to message each other and allowing “unverified” non-students to join with almost complete access to all Saturn App features. The NY AG alleged that these practices violated New York Executive Law § 63(12), which prohibits engaging in repeated fraudulent acts in the carrying on, conducting, or transaction of business. The NY AG also alleged that Saturn engaged in deceptive trade practices, violating both New York General Business Law § 349 and Section 5 of the FTC Act.

The AG’s investigation also determined that Saturn:  

• Did not screen out new users based on birth date to determine they were high-school aged until August 2023, and continues to not screen out fraudulent users based on location.
• Copied users’ contact books (with names, personal phone numbers, and other contact information) and continued using the information even when users updated their settings to deny the Saturn App access to their contacts.
• Implemented a “friendship verification” process with security vulnerabilities, which enabled unverified users to continue to access certain personal information of verified Saturn App users.
• Promoted the Saturn App through other high school students (“Student Ambassadors”) without disclosing that those students received compensation for completing assigned marketing tasks.
• Failed to keep sufficient records regarding data privacy, data permissions, user verification, and user privacy.

Under the terms of the settlement, Saturn must pay $650,000 in penalties and costs, provide users under the age of 18 with enhanced privacy options (including hiding social media links from non-friends for all new users under the age of 18 by default), document all changes related to user privacy policies and procedures, submit its user interface for NY AG approval, and develop a marketing training program.

The settlement agreement also requires Saturn to:

• Notify users regarding app verification changes and provide them with options to modify privacy settings.
• Prompt all users under 18 to review their privacy settings every six months.
• Refrain from making future claims about user safety or verification unless the company has a reasonable basis for making the claim based on competent and reliable scientific evidence.
• Limit the information about non-Saturn App-users that can be entered into the App by Saturn App users (i.e., the non-Saturn App user’s class enrollment or event attendance).
• Allow teachers to block student names, initials or other personal identifiers from appearing in the Saturn App’s class schedule feature.
• Delete retained copies of the phone contact books of certain users.
• Hide the personal information of current users under 18 until Saturn Technologies obtains informed consent to the new Saturn App terms.