The Children's Online Privacy Protection Act, or C.O.P.P.A, sets strict guidelines on how parents must be notified about information collected on their children.

“The parent has to actually know what is going on and then say, ‘Yes, I agree.’ The box cannot already be checked. It cannot be just hidden somewhere in the terms of service. It's supposed to be a moment where the parent realizes what's going on and says, ‘Yes, I'm OK with that,’” Munro said.

RELATED: Do some toys threaten your child’s privacy?

Even if parents are notified, understanding how the information is stored is key.

"It's going to the cloud. That's the basic thing for so many of our devices," said Munro.

Child user profiles and recordings collected by some other companies have also been compromised. In 2015, V-Tech Toys was hacked exposing over six million child profiles. Plus, security researchers recently discovered that people could access voice recordings of Spiral Toys Cloudpets. Munro said that the best way to make sure your children's privacy is secure is to not give out their information in the first place.

“It's really more of a problem of how we as Americans view our privacy, and we keep giving more and more information out,” Munro said. “Eventually, we're not going to have any more privacy if we don't stop.”

The FTC would not comment on their investigation of complaints against Genesis Toys and Nuance.