A warning for the millions of people who use the online shopping app Temu, as the company is facing two class action lawsuits.

The lawsuits allege Temu failed to protect customers’ personal and financial information.

We spoke to TJ Sayers with the Center for Internet Security who says that Temu was once temporarily taken off United States app stores because of privacy violations.

The class action lawsuits, one of them out of New York City, says Temu takes everything from your phone and cuts corners when it comes to beefing up it’s cyber security to save money.

In a statement from Temu, the company said:

We categorically deny the allegations in both lawsuits and intend to vigorously defend ourselves against these meritless lawsuits. The complaints are essentially taken from a short-seller report by Grizzly Research, which has stated clearly that its reports are not based on statements of fact. 

At Temu, safeguarding privacy and maintaining transparency in our data practices are core values. We collect information with a clear and singular purpose: to provide and continually enhance our products and services for our users. Our practices are in line with industry practices and clearly disclosed in our Privacy Policy. 

When disclosing data collection practices, we adhere to the principle of maximum disclosure. If there’s a possibility that data will be collected in any given scenario, we disclose it. This is in line with the requirements for developers set by application marketplaces like Apple’s App Store and Google Play Store. However, when it comes to the actual collection and use of data, we follow the principle of minimality, meaning we only collect and use data necessary for specific, justified scenarios.

Even though the Grizzly Research report was completely groundless, we recognize the need to communicate our data practices and security protocols to users in an open and transparent manner, and have taken steps to improve the communication.

Temu has added a permissions section in the Temu app and website to clearly elaborate on what permissions they require to ensure data minimization and transparency. 

In November, Temu partnered with San Francisco-based cybersecurity agency HackerOne to offer a bug bounty program. Temu joins the likes of Amazon, Google, Tesla and Facebook in using HackerOne’s platform to connect and reward ethical hackers for successfully discovering and reporting security vulnerabilities. We have also rolled out two-factor authentication (2FA) in November as an additional layer of security protection. 

In February, Temu received the Mobile Application Security Assessment (MASA) certification from Berlin-founded DEKRA, the world’s largest independent provider of testing, inspection, and certification services. DEKRA is one of six labs authorized by Google to conduct the MASA test, which involves testing an app for vulnerabilities, assessing data protection mechanisms, and ensuring compliance with best practices in mobile application security. 

Temu considers privacy and security to be core functions of our platform. Earning and keeping the trust of our users is our top priority, so we hold ourselves to the highest privacy and security standards. We are committed to collaborating with various stakeholders to identify and address vulnerabilities, increasing the transparency of security testing, and ensuring the safety of our businesses and customers. Users can rest assured that shopping on Temu is safe.