The Federal Trade Commission (FTC) has reached a settlement with PayPal, Inc. over allegations that the company told Venmo users that money credited to their Venmo balances could be transferred to external bank accounts without adequately disclosing that the transactions were still subject to review and that funds could be frozen or removed.

PayPal, incidentally, owns Venmo. The notoriously anti-sex payment processor has owned the popular-with-sex-workers and sex media, peer-to-peer payment service app since 2014.

In its complaint, the FTC also claimed that Venmo misled consumers about the extent to which they could control the privacy of their transactions. In addition, Venmo misrepresented the extent to which consumers’ financial accounts were protected by “bank grade security systems” and violated the Gramm-Leach-Bliley Act’s Safeguards and Privacy Rules, the complaint alleged.

Read the full write up and summary of allegations from the FTC here.

According to the complaint, Venmo sent its users notifications that money had been credited to their Venmo balances and was available for transfer to an external bank account. The FTC said that Venmo, however, failed to disclose that these funds could be frozen or removed based on the results of their review of the underlying transaction. As a result, consumers complained that at times, Venmo delayed the withdrawal of funds or reversed the underlying transactions after initially notifying them that the funds were available.

The FTC alleged that many consumers said they experienced financial hardships, such as being unable to pay their rent or other bills, because they could not transfer the money as promised by Venmo. Other consumers who used Venmo to receive payment for event tickets or other valuable items relied on the notifications that money had been credited to their Venmo account, delivered the item to the purchaser, and consequently incurred a financial loss when Venmo removed the funds.

“Consumers suffered real harm when Venmo did not live up to the promises it made to users about the availability of their money,” said Acting FTC Chairperson Maureen K. Ohlhausen.

“The payment service also misled consumers about how to keep their transaction information private. This case sends a strong message that financial institutions like Venmo need to focus on privacy and security from day one,” Ohlhausen added.

The FTC also alleged that Venmo misled consumers about the extent to which they could keep transactions private and that, until at least March 2015, Venmo misrepresented the extent of security it provided to consumer financial accounts, claiming that it utilized “bank-grade security systems.”

As part of the proposed settlement with the FTC, Venmo is prohibited from misrepresenting any material restrictions on the use of its service, the extent of control provided by any privacy settings and the extent to which Venmo implements or adheres to a particular level of security. Venmo is also required to make certain disclosures to consumers about its transaction and privacy practices, and is prohibited from violating the Privacy Rule and the Safeguards Rule.

The key point however — and let me say this one more time — is that PayPal owns Venmo.