FORTUNE — Since it launched in 2011, mobile app Snapchat has been all about allowing users to send photos to friends with the promise that they’ll be deleted soon after. Once an “ephemeral” image, however embarrassing, was viewed, all traces of the action were supposed to disappear.

But charges made by the Federal Trade Commission on Thursday suggested otherwise. The FTC found that the company, which turned down a multibillion dollar offer from Facebook FB last year, deceived its customers over the personal data it collected.

Consumers could log on to Snapchat servers through third-party apps, which had been “downloaded millions of times,” according to the FTC.

MORE: Does Snapchat’s CEO need to go?

Snapchat also collected location data about its users, in direct conflict with the app’s privacy policy, the FTC said. Now, the company has agreed to a settlement requiring it to halt future privacy misrepresentations to its users. The company will also need to “implement a comprehensive privacy policy program,” which will be monitored by an outside privacy expert for the next two decades.

FTC Chairwoman Edith Ramirez used some harsh language in a release posted to the FTC’s website: “If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” she said.

On the company’s blog, the Snapchat team pointed to miscommunications made to users: “While we were focused on building, some things didn’t get the attention they could have,” a post reads. “One of those was being more precise with how we communicated with the Snapchat community.”