6ix — Cookies Policy

“Cookies” include small text files stored on your browser/device and similar technologies such as localStorage/IndexedDB, web beacons/pixels, service worker caches, software development kits (SDKs) in mobile apps, and push notification tokens. We use them to keep you signed in, remember preferences, secure the Service, measure usage and performance, prevent abuse, and personalize features and recommendations. For how we process personal data overall, see our Privacy Policy.

This Policy applies to 6ix websites, web apps (including PWA), and mobile/desktop apps where cookies/SDKs are used. If a specific product or region provides additional disclosures, those supplement this Policy.

• Strictly necessary — Core operations like authentication, load balancing, fraud prevention, security tokens (e.g., CSRF), and session management. These cannot be switched off.
• Preferences — Remember choices (language, theme, playback, captions, accessibility settings).
• Analytics & performance — Aggregate metrics, diagnostics, crash logs, feature adoption, quality-of-experience (QoE).
• Personalization — Tailor recommendations, discovery, and ranking signals to your context.
• Advertising & measurement — Where available and permitted: reach, frequency capping, brand safety checks, conversion measurement, and limited relevance signals (see Ads Policy).

Categories and availability may vary by region and product. Our in-product consent manager lists active partners and purposes.

• First-party cookies/IDs are set by 6ix; third-party ones are set by partners (e.g., analytics, anti-abuse, payments, ad measurement).
• Web typically uses cookies/localStorage/IndexedDB; mobile apps typically use SDKs and device/OS identifiers with permissions and OS-level controls.
• Partners must follow contracts and process data only for permitted purposes, with appropriate safeguards.

• localStorage/IndexedDB: Faster, larger storage for preferences, offline assets, and UI state.
• Service workers/caches: Improve performance and resilience by caching resources.
• Beacons/pixels: Lightweight calls for analytics and delivery measurement.
• Push tokens: Anonymous identifiers for notifications; you can opt out in app/OS settings.

Where required (e.g., EU/EEA/UK), we obtain consent via a banner or settings panel. You can accept, reject, or fine-tune categories (except strictly necessary) and revisit choices anytime via Settings → Privacy → Cookies.

• EU/EEA/UK: Prior consent for non-essential categories. We honor withdrawal at any time.
• US states (e.g., CA/VA/CO/CT/UT): Provide opt-out controls for certain “sale”/“share” definitions; we honor applicable signals (see GPC below).
• Other regions: We align with local law and provide meaningful choices.

• GPC: Where required by law (e.g., CA), a valid Global Privacy Control signal is treated as an opt-out for that browser/context.
• Do Not Track: Industry support is inconsistent; we rely on explicit consent/opt-out tools and GPC where applicable.
• Privacy Sandbox (e.g., Topics/Attribution/Protected Audiences): If we use these APIs, they operate under your consent/opt-out preferences and applicable law; details will appear in our consent manager.

In ad-supported contexts, we may use non-sensitive signals for reach, frequency, and performance. We restrict personalization for users under the applicable age of digital consent and follow regional rules. See Ads Policy and Safety & Minors.

• We aggregate or pseudonymize metrics when feasible to protect privacy.
• Anti-abuse signals help detect spam, fraud, automation, and security anomalies.
• Crash and performance diagnostics improve reliability and quality of experience.

• Session/auth: Maintain your login and route requests securely.
• CSRF/anti-fraud: Defend against cross-site request forgery and similar attacks.
• Rate limiting/load balancing: Keep the Service stable under load.

Blocking strictly-necessary cookies will break core functionality.

Cookie/SDK lifetimes vary by purpose (from session-only to ~24 months unless you clear them sooner). We retain related server logs and records consistent with the Retention section of our Privacy Policy. Backups follow scheduled cycles; deletion may not be instantaneous across all systems.

• Consent manager: Use the banner or Settings → Privacy → Cookies to adjust categories.
• Browser controls: Most browsers let you block or delete cookies (see Appendix B).
• Mobile OS: Limit ad tracking/IDs in device settings; control notifications and permissions.
• Ad choices: Regional ad choice tools may apply (details in Ads Policy and consent manager).

For privacy rights requests (access, deletion, opt-out of “sale/share,” etc.), see Your Rights & Choices.

• Hosting & CDN — deliver content securely and quickly.
• Analytics & diagnostics — usage metrics, performance, crash reporting.
• Security & anti-abuse — threat detection, fraud prevention, moderation tooling.
• Payments & verification — subscriptions, KYC/AML, chargeback handling.
• Communications — email, SMS/push, support tooling.
• Advertising & measurement — ad delivery, reach, frequency, attribution (where used).

We bind processors by contract to protect data and act on our instructions. See our Privacy Policy Appendix — Processor Categories.

• EU/EEA & UK: Prior consent for non-essential cookies; rights to withdraw, access, and object (see Privacy Policy’s GDPR section).
• US states (incl. CA/CCPA): Opt-out for certain “sale/share” definitions; we honor valid GPC signals where required.
• Nigeria (NDPR): Notices, consent principles, and user rights apply to cookie-based processing.
• India (DPDP): Notice/consent and user rights (access, correction, erasure) apply to certain tracking technologies.
• Brazil (LGPD): Legal bases include consent, contract, legitimate interests; rights similar to GDPR.
• Canada (PIPEDA): Consent, limiting collection, safeguarding, and transparency principles.
• Australia (Privacy Act): Australian Privacy Principles govern collection and use, including online identifiers.

Where local law provides stronger protections, we follow the stronger standard for that region.

We design settings for minors conservatively where required by law and restrict personalized ads for users under the applicable age of digital consent. See Safety & Minors.

Some cookies store accessibility preferences (contrast, reduced motion, caption choices). Blocking these may reduce usability. We aim to provide accessible alternatives and respect reduced-motion settings where possible.

We may update this Policy to reflect product or legal changes. For material updates, we’ll provide reasonable notice (e.g., banner, in-app message, or email). Continued use after the effective date means you accept the update.

Privacy: privacy@6ixapp.com
Security: security@6ixapp.com

For data-subject rights or complaints, see the Privacy Policy — Contact & Regional Details.

The consent manager displays the active list for your region/device and lets you adjust choices.

• Chrome: Settings → Privacy & security → Cookies and other site data.
• Safari (macOS/iOS): Settings/Preferences → Privacy → Cookies & Website Data.
• Firefox: Settings → Privacy & Security → Cookies and Site Data.
• Edge: Settings → Cookies and site permissions.
• Android/iOS apps: Manage app permissions and ad/ID settings in OS preferences.

Blocking strictly-necessary cookies may break sign-in or streaming features. You can always revisit the 6ix consent manager to adjust choices.

• 2025-10-28: Added Privacy Sandbox reference; clarified minors restrictions; expanded regional notices.
• 2025-06-15: Introduced illustrative cookie table and consent manager details.
• 2025-03-01: Initial publication aligned with Privacy Policy update.