The makers of Lush, a net-connected sex toy, acknowledged last year that a "minor bug" stored audio on users' phones but said it quickly fixed the problem.
The maker of an internet-connected sex toy was accused in a federal lawsuit Wednesday of secretly gathering detailed data about its customers' use of the product, including when and how long they use it.
The lawsuit, filed in U.S. District Court in San Francisco, alleges that Lovense, a division of Hytto Ltd., based in Hong Kong, collects and records "highly intimate and sensitive data regarding consumers' personal use" of Lush. Lush is a vibrator that users — or their partners operating remotely — control through a Bluetooth-enabled iPhone and Android phone using an app called Body Chat.
The lawsuit seeks class-action status under federal anti-wiretapping laws on behalf of all Lush customers to recover unspecified real and punitive damages at a jury trial. Hytto hadn't responded to the action early Thursday.
The suit was brought by a woman identified only by her initials, S.D., based on "personal knowledge as to herself and her own acts and experiences."
"Plaintiff would never have purchased a Lovense Lush had she known that in order to utilize its full functionality, Defendant would monitor, collect, and transmit her Usage information through the Body Chat App," it says.
Lovense's privacy policy says any data that pass through its servers are encrypted and are deleted within seven days. It says video calls between partners are encrypted and don't pass through its servers at all.
The suit offers no substantiation of its claim that Lovense "intentionally" collects and "stores" such data for its own use — something it doesn't have to do at this stage of litigation.
The suit also doesn't disclose how the plaintiff learned that Lovense allegedly warehoused her data. But in November, the company acknowledged that users had discovered that a small audio file called "tempSoundPlay" was left on Android devices whenever they used the app's Sound Control feature. It said iPhones weren't affected by the "bug."
The company said that the file was stored in devices' temporary caches and was intended to erase itself but that a "minor bug" meant it wasn't deleted as designed. Lovense said it quickly corrected the "bug."
"Your concern is completely understandable," it said in a statement at the time. "But rest assured, no information or data is sent to our servers."