Social networking start-up Path will pay US$800,000 to settle charges with US federal regulators that it improperly collected personal information on children.
The company also agreed to submit to 20 years of independent privacy reviews to settle charges that it secretly collected information from its users mobile phone address books.
The settlement, announced by the US Federal Trade Commission on Friday, is the latest between the agency and web companies for privacy violations.
San Francisco-based Path triggered a privacy controversy in February 2012 when an independent software developer in Singapore discovered that the company's iPhone application was uploading users' address book data to its own servers without permission.
Path CEO Dave Morin, who was an early employee at Facebook, quickly apologised for the incident at the time and said the company had deleted all the "contact information" it had collected.
The FTC said on Friday that in addition to having uploaded users' address book information without permission, Path had also violated federal privacy laws by collecting the personal information of roughly 3000 children without getting their parents' consent.
In a post on the company blog on Friday, Path acknowledged that it had failed to reject children under the age of 13 from registering for the service.
"There was a period of time where our system was not automatically rejecting people who indicated that they were under 13," Path said. "Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age accounts that had mistakenly been allowed to be created."
Under the terms of the settlement, Path, which lets mobile phone users share photos and other information with small circles of friends, will obtain independent privacy audits every other year for the next 20 years and establish a comprehensive privacy program.
Online social networking companies have faced increasing scrutiny and enforcement from privacy regulators as consumers entrust ever-increasing amounts of information about their personal lives to web services.
In August, Google agreed to pay a US$22.5 million fine to settle charges that it bypassed the privacy settings of customers using Apple's Safari browser. Facebook settled charges in 2011 that it deceived users by letting advertisers collect some of their personal information.