Neopets’ New Mobile Apps Raise Questions About Privacy

You may remember I wrote about Neopets last year, and how returning to it in 2025 left me feeling unexpectedly sad. As a millennial who grew up with it, it wasn’t just a game — it was a whole world. Cute, creative, comforting.

But when I went back, it felt different. Heavier. More focused on ads and subscriptions than the quiet magic it once had. I get that it is the modern world and how it operates but it just left a childhood favourite feeling so hollow and bereft.

When your main audience is likely to be the millennials who played it in the first place, this was an odd move.

But, as it turns out, it may be even worse than it first appeared.

Neopets for the Modern World

I recently went to try one of the new Neopets apps, curious to see whether this was a step in a better direction. Maybe this was where they’d modernised things properly. Maybe this was where some of that original feeling had been brought back in a new way.

Maybe I could write a blog post correcting my earlier assumptions.

There are — as of writing — now three Neopets applications to choose from; Neopets: Tales of Darcadia, Neopets: Faerie Fragments and the latest offering, Neopets: Companion App. This one was the one I was interested in trying.

But before I even got started, I hit something that made me stop.

Like most apps, you’re asked to accept a Privacy Policy. Nothing unusual there. And privacy through apps is something I take seriously, Zuckerberg taught me a thing or two about what to avoid! So, I clicked through to read it.

And that’s where things started to feel… off.

Depending on where you access it, you can be shown two different copies of the privacy policy.

The version linked through the App Store and from the two older apps appears to be more recent, dated 2025. While the in-app link you are prompted to follow from the latest app — if you don’t just routinely accept all terms first — leads you to a different policy, stating it was last updated in 2023.

Which leads to the question, which one are users actually agreeing to? And without any legal training or knowledge, how are general consumers using the app able to make informed decisions about it?

Both policies are linked below and the information I discuss within them is correct as of 28.03.2026.

Double Policy, Zero Clarification

The bulk of both policies themselves is almost identical, repeatedly refers to “Sites” — defined as websites owned and operated by the company. It talks about services made available at those websites, even when accessed on mobile devices. But very little reference is made towards standalone mobile applications.

That might sound like a small detail, but it isn’t. A mobile app is not the same as a website. It can access different types of data, use different tracking technologies, and operate in ways a browser simply can’t. And yet, the policy you’re asked to agree to doesn’t clearly explain how the app itself handles any of it.

Two of the Neopets apps, Tales of Darcardia and Faerie Fragments, also include in-app purchases, which further underlines the importance of clear, app-specific information about how user data and transaction-related information is collected and used.

The more I looked, the more confusing it became as a user.

The Difference Between Policies

So, as already mentioned, users are presented with two versions. The 2025 policy linked from the listing in the app store and from links in Faerie Fragments and Tales of Darcadia, and the 2023 policy linked from inside Neopets: Companion App.

Going to the 2023 one, there is no immediate part of the policy that would cover what the app is doing, tracking or sharing. You either read word for word or, like I did, search specifically for the words within the page. If you search for “applications”, you are taken to one single paragraph in the document within the section that covers Third Parties/Advertisers.

In this paragraph it states that they will track your usage of “The Sites and Applications” to share with companies to offer you advertising that will be of interest to you. A brief list of companies they use is given but no information about what they are tracking or how it is used to inform the advertisers.

The term “application” appears only twice — once in a general note advising parents to monitor their children’s activity on websites and mobile applications, and once in a warning about downloading unknown software that could harm a device. In neither case does it relate to any specific Neopets app, or how any app itself collects, uses, or processes user data.

The word “apps”, however, is used once. To state that they will be using online analytics to track how users engage with the apps. Once again, no further information is supplied as to what those analytics might be. None of the names of the standalone applications appear in this policy. Which would make sense in the timeline, as the last review date was before the first app was launched in the Summer of 2024.

But if it is older, why is it the policy that is given to customers to gain consent?

The 2025 policy is an interesting read, as it is actually missing the entire paragraph detailing how the applications are tracked for third party use, even though the date on this policy is after two of the apps were released. The term application is now only used as reference to general guidance of use and safety, and not to their own software.

This policy does list landing pages for two of the three applications, but as these are only landing pages that lead you to the links to download the apps from your relevant App Store, this does not mean the games are covered by the websites Privacy Policy. Listing promotional web pages for apps is not the same as explaining how the apps themselves process user data.

So, by 2025 World of Neopia, Inc. have released two applications, updated their policy and proceeded to take what little app data information they had out of said policy?

Which answers our earlier question of why the 2023 policy is the one linked in-game in the latest one. But, what is doesn’t answer is what is the app actually doing? There is still no mention of what is being tracked, what payment/transaction data is tracked or stored, if it tracks off-app. App store listings only have a list of what the developer may be doing. Apple themselves state that the App Privacy section of the listing “may not describe all of the developer’s practises”.

But neither does their policy, so then… who will?

The Wording that Dismisses Users

Even beyond that, the wording throughout the policy feels… carefully constructed. There’s a section explaining that the site does not respond to “Do Not Track” signals from browsers, suggesting that users may not fully understand those settings anyway.

Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. There currently is disagreement, including among participants in the leading internet standards-setting organization, concerning what, if anything, websites should do when they receive such signals.
Neopets Privacy Policy (2025/2023)

They then go on to explain that they have taken the choice to ignore them, unless something tells them they have to abide by them. Which won’t happen as many browsers have since chosen to remove them altogether.

If this all sounds like jargon and you aren’t sure about Do Not Track signals, they are used to ask a website to not track your usage for things like targeted ads and are typically enabled through browser privacy settings — not something users are randomly opted into without awareness. In contrast it was reported by Secure Privacy in January of this year that “millions of users enabled it”.

The same article also stated that a survey taken in 2019 revealed that the only thing internet users were unclear about was the fact that companies were ignoring DNT.

A 2019 survey revealed that 77.3% of respondents were unaware that websites could choose to ignore DNT. Among users who had enabled the setting, 41.4% believed it was actually being honored. This created a perverse outcome: millions of people enabled a privacy protection that provided them with a false sense of security while doing nothing to actually limit tracking.
Secure Privacy (2026)

If there’s uncertainty around what those signals mean, you might expect a company that repeatedly claims to care about your privacy to err on the side of protecting user privacy.

While it is common for companies not to respond to Do Not Track signals due to a lack of standardisation, the wording here goes further — suggesting that users may not fully understand the setting itself and that is why they ignore it. This framing feels dismissive, particularly when the issue is often that users are unaware their preferences may simply be ignored.

If we compare the wording of a different company, the difference is clear. Pazu is a mobile game developer focused primarily on apps appealing to younger markets, much like Neopets was and still is. As a result, their policies tend to be more explicit about how data is handled within apps, making them a useful point of comparison when looking at how other platforms communicate privacy to their users.

In the Privacy Policy for Pazu they also openly state that they do not support DNT signals. However, they then go on to explain what DNT is and how the user can enable them in their Settings if they still wish to do so. The difference is not in the outcome, but in how clearly and respectfully that outcome is communicated to users.

Pazu is actually a very good example for multiple points of the policy. It includes specific details for;

What Cookies they use and why
What specific data they track
What happens with your payment data
What device information the app stores

and plenty more. You might reasonably expect this level of detail to be standard for any modern app privacy policy. However, more than a year on from the launch of Neopets’ mobile apps in 2024, we actually have less clarity than ever with even more stripped from the 2025 update.

The Local Laws Issue

Although the policy repeatedly states that it is governed by Californian law, Neopets is not operating in a single-region space.

Its apps — like the sites — are available globally, including in the UK and across the European Economic Area, where different data protection standards apply. While the updated policy appears to attempt to address this by referencing GDPR and including region-specific rights, it still does not clearly explain how user data is handled within the mobile apps themselves as it only states what will happen to user data on the “sites”.

This lack of clarity becomes more noticeable when compared with best practice guidance. Legal resources such as LegalVision emphasise that app privacy policies should clearly outline how user data is collected, used, stored, and protected, while industry guidance highlights the need for transparency, easy in-app access to policies, and clear explanations of data use.

Crucially, for GDPR, consent must be informed — meaning users should understand exactly what they are agreeing to. In this case, however, users are asked to accept terms within the app that link to policies entirely written for websites, with no clear, app-specific explanation of data handling. As a result, it raises a reasonable question as to whether that consent can truly be considered fully informed under current expectations.

It is also worth noting that while an app may be developed in another country, users are still protected by Local Law when it comes to privacy rights, as explained here by DEV writer, Make Kiriienko.

If your app collects, stores, or processes user data—even just an email address—you must comply with local privacy laws for users in each country.
Maks Kiriienko (2026)

We already know that Neopets’ apps collects and analyses data from the very little they included in the 2023 policy, so why aren’t we being given clear information about what exactly that is? I’m not claiming that any laws are being broken or that anything intentionally underhanded is taking place. However, from a user’s perspective and in my opinion, it would be almost impossible to make a clear, informed decision about granting consent to these apps in relation to privacy and data collection.

As this article is written from a UK perspective, further guidance on what is expected of app developers and platform operators under UK data protection standards can be found here.

What Does it Mean?

One of these issues may not be unusual for a company. Wording that makes a user feel dismissed, unclear legal language, an error in which page is linked. But taken together, it creates a pattern. A pattern where their outdated Privacy Policy states that they take users privacy very seriously, especially for a website aimed at minors, but then seem to be repeatedly showing otherwise.

And that’s what made me pause — and uninstall.

Because this isn’t just about one policy, or one app. It’s about trust. It’s about returning to something that once felt simple and safe, and finding that even the foundations now feel unclear.

I’ve reached out to Neopets for clarification on how their mobile apps handle user data and which version of their privacy policy applies in practice — if any. I also queried if/how users were able to give informed consent without an appropriate policy. I have yet to hear back from them.

I did however receive a marketing email during my waiting time. The email promotes a lot. A board game, plushies, pre-orders for figurines, an art exhibit and even a newly launched console game.

Neopets seems to be aggressively expanding across multiple platforms. But this rapid growth raises a simple question: are the systems that support user transparency and privacy keeping pace?

Two of the apps were released in June and October 2024 from what I found on record, well before the most recent update to the policy in November 2025. This suggests there was a clear opportunity for the updated policy to reflect how these applications handle user data. However, despite that timing, the policy still does not provide any meaningful, app-specific explanation and actually includes less answers — reinforcing the impression that the documentation has not kept pace with the platform’s expansion for quite some time.

It’s possible that this discrepancy stems from something as simple as a website update issue or an incorrect link. However, that still leaves several important questions unanswered. It does not explain why the 2025 policy appears to remove references to applications, nor does it clarify wording that remains vague or difficult to interpret from a user perspective. Regardless of how this situation has arisen, the result is the same: users are left without the clarity needed to make a fully informed decision about their data. In the context of rapid expansion, increased monetisation, and the rollout of new products, this lack of transparency only adds to a growing sense of unease about our once childhood home.

Nostalgia Depression is Real

When I returned to Neopets last year, I found something that felt far removed from the cosy, comforting world I remembered — a once-beloved corner of the internet now heavily monetised, layered with subscriptions and constant prompts to buy, upgrade, and consume. Again, I understand that this is, in many ways, the reality of the modern internet, but it doesn’t make it any less disheartening to see something so tied to a generation’s childhood reshaped in this way.

What was once a simple ritual — logging in after school to check on your pet and grab a free piece of omelette — now feels overshadowed by a steady push towards products, upgrades, and nostalgia-driven purchases, leaving behind something that, for many, no longer carries the same warmth it once did. It feels hollow and soulless.

Time will tell whether Neopets’ push for a comeback will pay off, but for now — much like when I first returned — it feels as though something important has changed, and not entirely for the better.

***