Last update: May 2021

3 mins to read - 2020/06/12

Apps Developer HyperBeard Fined $150,000 for COPPA Violations

HyperBeard is Mexico’s largest mobile games developer in Mexico. They feature adorable gaming apps such as KleptoCats, where you send out cartoon cats to steal things for you. There is also BunnyBuns, where you bake buns in a magical pastry shop, and Monkeynauts, where  a team of monkeys to build a rocketship. They also have a crossover game with Cartoon Network, in which the KleptoCats can explore the worlds of Cartoon Network shows like Adventure Time and Steven Universe. With their apps clearly marketed towards children, Hyperbeard have been fined $150,000 for COPPA violations by the FTC. What went wrong?

Download our FREE Mobile Marketing Playbook to perfect your user engagement game!

hyperbeard kleptocats
Image Source:

HyperBeard Runs Afoul of COPPA

The Children’s Online Privacy Protecton Act (COPPA) protects the personal data of children younger than 13. According to the FTC, HyperBeard has violated COPPA by its illegal treatment of minors’ data. As it turned out, HyperBeard was allowing third-party marketers to collect children’s personal identifying information (PII) and use it to target ads to those children. This was all done without knowledge of the users’ parents, and without parental consent. CEO of HyperBeard Alexander Kozachenko and Managing Director Antonio Uribe in particular are at fault for this lapse in data privacy.

The FTC points out that, given HyperBeard’s brightly colored, whimsical, cartoon-based games, and its partnership with a child-targeted network, its apps clearly target children. Andrew Smith, Director of the Bureau of Consumer Protection for the FTC, states:

“If your app or website is directed to kids, you’ve got to make sure parents are in the loop before you collect children’s personal information. This includes allowing someone else, such as an ad network, to collect persistent identifiers, like advertising IDs or cookies, in order to serve behavioral advertising.”

What Does COPPA Specifically Say?

COPPA was passed in 1998 in a push to protect children’s data and personal information online. Its main points can be summed up:

  • COPPA applies to all US-based businesses, and to users younger than 13 years old. Because HyperBeard is based in Mexico, their COPPA violation is in reference to their minor users in the US.
  • COPPA requires a business to obtain parental consent before collecting, using, disclosing, tracking, or sharing children’s private information.
  • COPPA also applies to third-party plugins and services. This is where HyperBeard is culpable.
  • COPPA covers all websites, mobile apps, internet gaming platforms, plugins, ad networks, and IoT devices.

COPPA launched at a time before the internet and mobile devices became prevalent. However, it is currently the United States’ best nationwide regulation protecting children’s data from misuse. It is comparable to the EU’s GDPR-K, although not as wide-reaching.

Image Source:

What’s Next for HyperBeard?

COPPA violations for mobile and internet companies are nothing new. Tech giants like Google, YouTube, and TikTok have all had ongoing run-ins with COPPA, resulting in fines. YouTube has attempted to shirk the responsibility for COPPA in the past, updating their terms to require content creators to label their videos as being “targeted towards kids.”

However, enough of HyperBeard’s mobile apps deliberately appeal to children – given their cute, fun art style and bright colors – that their entire platform falls under the COPPA umbrella. They also have promoted their apps on the children’s website YayOMG! HyperBeard has agreed to pay $150,000 to settle their FTC allegations. This is in lieu of a $4 million penalty, which HyperBeard was unable to pay. Kozachenko and Uribe have also agreed to notify and request consent from the parents of any child users for apps or websites that deliberately collect PII from children younger than 13.

OpenBack are the one mobile engagement platform that is COPPA, HIPAA, and GDPR compliant by default. This is due to the fact that our SDK uses edge computing and device-side data, meaning user data never has to leave their device to be stored in a third-party server.

Get in touch with one of our experts to learn more about OpenBack’s novel take on data security and a child-friendly, user-first approach to push notifications!

Read about California’s new data privacy law, CCPA: What California’s new data privacy law  means for your app.

Leave a Reply

Your email address will not be published.

four × 3 =


Translate »