Standard Innovation, the “smart sex toy” firm, has agreed to pay up to $10,000CDN to every user active before September 6, 2016, after collecting a range of highly intimate information without adequate consent. The company’s We-Vibe 4 Plus and its We-Connect app were recording details of how their IoT vibrators were being used and sending them to company servers, with everything tied to users’ email addresses.

The class action settlement agreement will see the deletion of all information collected, including “the time and date of each use, the vibration intensity level selected by the user, the vibration mode or pattern selected by the user, the temperature of the device, and battery life.”

We-Vibe’s snooping was exposed at a 2016 Def Con event, where an even more concerning aspect came to light — the bluetooth connection between device and app was so insecure that it would have been relatively simple for a hostile party to activate a vibrator remotely. In his Def Con talk, Hacking the Internet of Vibrating Things, ‘Follower’ argued that

“They have over 2 million people using their devices, so what’s at stake is 2 million people. A lot of people in the past have said it’s not really a serious issue, but if you come back to the fact that we’re talking about people, unwanted activation of a vibrator is potentially sexual assault.”

Within the terms of the settlement, the company denies any wrongdoing, and released this statement:

“At Standard Innovation we take customer privacy and data security seriously. We have enhanced our privacy notice, increased app security, provided customers more choice in the data they share, and we continue to work with leading privacy and security experts to enhance the app.”

After various fees are taken out from the $4 million CDN settlement, it’s unlikely each class member will receive $10,000.