Facebook users that found out their most-used words on the social networking site could have opened themselves up to a world of data insecurity.

Though it boasts more than 1.44 billion users across the world, Facebook has long been plagued by complaints of data harvesting, with some even going so far as to suggest that the active user count wouldn’t be nearly as high if people were aware of how much personal information was collated.

Now, a seemingly innocuous app that creates personalised word clouds for users has brought the issue back into focus, after data analysts discovered some potentially spurious clauses in its Privacy Policy.   

The Vonvon.me app required users to give over account access permissions, with which a cloud of their most-used words on the social network could be created. This allows users to see what they talked about most often – an enticing prospect for many, as it has already garnered some 17 million sign ups.

It appears Vonvon doesn’t just collate a user’s posts to take down the words, but also their name, profile picture, gender, birthday, hometown, current city of residence and educational history. It was also reported to harvest data on IP addresses and other information related to the device used.

The company’s Privacy Policy states that user information can continue to be used, even after a person cancels their account. Furthermore, this information can be disseminated across servers worldwide, where data laws may not be quite so stringent as they are in the UK.

Vonvon even suggests that it wouldn’t share personal data with third parties without prior information or without “notice thereof (such as by telling you about it in this Privacy Policy).” Put simply, this means that a user agreeing to the Privacy Policy is tantamount to them agreeing for their data to be dispensed freely.

Despite these stipulations appearing in the Privacy Policy, Vonvon CEO Jonghwa Kim has refuted them. He told grahamcluley.com how personal information was only stored “for entertainment purposes… to generate your results.”

He added that the accusation of selling data to third parties was “misleading” and that “we do not store any personal information, we have nothing to sell. Period.”