6ix — Privacy Policy

This Policy applies when you use 6ix or interact with us (support, emails, forms, creator onboarding). Unless we say otherwise, the data controller is 6ix. Where we operate through affiliates or partners, they may also act as controllers or processors depending on the activity. We will identify those roles in product notices or supplemental region-specific disclosures where required.

Contact (privacy/DPO): privacy@6ixapp.com · Security: security@6ixapp.com · Child Safety: safety@6ixapp.com.

• Personal data / personal information: Information that identifies or can reasonably be linked to a person.
• Processing: Any operation performed on data (collecting, storing, using, sharing, deleting).
• Controller / Processor: A controller decides “why/how”; a processor acts on a controller’s instructions.
• Sensitive data: Categories that may receive extra protection under law (e.g., precise location, biometric identifiers, health, etc.).
• Sell/Share (US state laws): Broad legal terms that may include some advertising/adtech disclosures even without monetary exchange.

• Account data: email, username, display name, avatar, age band, preferences, settings, account status.
• Identity & verification (where applicable): KYC/AML details for payouts (handled by verification providers), tax IDs where required by law.
• Content & metadata: posts, messages, calls and live streams (and optional replays), comments, reactions, reports; timestamps, participants, room IDs, device/network metadata.
• Usage & diagnostics: feature usage, crash logs, performance metrics, referral info, language, region, time zone.
• Device & network: OS, device model, app version, browser/engine, IP address, user-agent, coarse location from IP, identifiers we/our partners assign (e.g., analytics/ads IDs where permitted).
• Payments & subscriptions: limited billing info via processors (e.g., card brand/last4, transaction state), fraud signals, chargeback info.
• Communications & support: support tickets, email contents, survey responses, abuse reports.
• Cookies/SDK signals: see Cookies Policy.
• Compliance records: consent logs, policy enforcement records, legal request logs.

• Directly from you: account setup, content creation, settings, forms.
• Automatically: logs, cookies/SDKs, telemetry, and device signals as described above.
• Partners & service providers: payments/KYC, analytics, safety/anti-abuse vendors.
• Other users: content that mentions you, reports, shared rooms.

• Operate the Service: account management, messages, calls, streams, feeds, search, discovery, and creator tools.
• Personalize & recommend: suggest creators, rooms, and topics aligned to your activity and settings.
• Safety & integrity: prevent spam, abuse, fraud; enforce policies; protect users and the platform.
• Performance & reliability: diagnostics, optimization, load balancing, and quality of experience (e.g., adaptive bitrate).
• Monetization & payments: subscriptions, tips, payouts, tax/verification obligations, chargeback handling.
• Analytics & product R&D: understand feature use, measure performance, improve UX, and develop new features (including AI-assisted features).
• Communications: respond to support, notify you of changes, and send product updates (see Marketing for choices).
• Legal compliance: respond to lawful requests, meet record-keeping obligations, and protect our rights.

• Contract: to provide features you request (e.g., send messages, host streams, process payouts).
• Legitimate interests: secure the Service, prevent abuse, perform analytics, and show non-invasive product messages. We balance these interests against your rights.
• Consent: for certain cookies/SDKs, marketing, and optional features (you can withdraw consent at any time).
• Legal obligation: tax, accounting, KYC/AML, and responding to lawful requests.
• Vital interests: to address imminent risks of harm.

We do not require sensitive data to use core features. If you voluntarily share sensitive information in your content or profile, you acknowledge it will be processed as part of the Service subject to your settings. We avoid using sensitive data for advertising and apply additional controls where law requires.

• Camera & microphone: needed for live video/voice; you can disable in OS settings.
• Photos/media library: to upload avatars, posts, or thumbnails.
• Notifications: to alert you about messages, calls, or room invites (opt-in).
• Location: we use approximate IP-based location for safety/abuse and regional settings; precise location is off by default unless you opt in for a feature that needs it.

We use cookies/SDKs for core functionality, preferences, analytics, personalization, and safety. Manage choices via our consent tools and your device/browser settings. See Cookies Policy for categories, vendors, and retention.

Where advertising is available, we may use non-sensitive signals to measure reach and performance, limit frequency, and improve relevance. In regions with opt-out/consent rights, we honor your choices and applicable signals (e.g., GPC). We don’t serve personalized ads to users under the applicable age of digital consent. See Ads Policy.

We process usage metrics and diagnostics to understand feature adoption, quality, and safety. We typically aggregate or pseudonymize data where feasible to reduce risk and increase privacy.

• We keep data only as long as necessary for the purposes above, considering account status, legal obligations, disputes, and product needs.
• You may request deletion; some records (e.g., fraud logs, financial/tax) must be retained as required by law.
• Backups and logs are deleted on schedules; deletion may not be instantaneous across all systems.

See Appendix A for an example schedule.

• Controls: encryption in transit, access controls, least-privilege, logging, and monitoring.
• Employee access: limited to roles with a need to know; contractual and policy obligations apply.
• Vulnerability disclosure: report to security@6ixapp.com.
• Incidents: we investigate and, where required, notify regulators and affected users.

No system is 100% secure; please use strong passwords and enable 2FA where available.

We may transfer personal data across borders. Where a destination lacks equivalent protections, we implement safeguards (e.g., Standard Contractual Clauses or similar), plus technical and organizational measures.

• Service providers (processors): cloud hosting, security, analytics, support, payments/KYC, email/SMS delivery.
• Other users: content you choose to make public or share in rooms/chats.
• Affiliates & corporate transactions: in reorganization, merger, or sale, data may be transferred subject to this Policy.
• Legal & safety: to comply with law, enforce Terms, and protect rights, property, or safety.

We may aggregate or de-identify personal data so it can no longer reasonably be linked to a person. We use and share such data for analytics, research, and improving the Service. We commit not to re-identify it except as permitted by law to test and maintain de-identification.

• Access, correction, deletion, portability: where available by law.
• Object or restrict: to processing based on legitimate interests or for direct marketing.
• Consent withdrawal: for features or cookies that rely on consent.
• Settings & controls: we will provide in-product controls where possible.
• How to exercise: use in-app tools (when available) or email privacy@6ixapp.com. We may verify your identity and request additional information.

Residents of California and certain other US states have additional rights, including to know/access, delete, correct, and opt out of certain disclosures that may be deemed “sale” or “sharing” of personal information. We honor applicable browser signals (e.g., Global Privacy Control) for opt-out where required. We do not use or disclose sensitive personal information for purposes that require a right to limit (as defined by CA law).

• Categories collected: identifiers; internet/network activity; geolocation (coarse/IP); inferences (limited); audio/video if you use those features; and account/transactional info.
• Sources & purposes: see sections 4 and 5.
• Disclosures for business purposes: to service providers for security, hosting, analytics, and operations.
• Opt-out of “sale”/“share”: we provide a mechanism and honor GPC where required.
• Non-discrimination: we will not discriminate for exercising rights allowed by law.
• Appeals: if we deny a request, you may appeal as permitted by your state law.

• Right of access, rectification, erasure, restriction, portability, and to object to processing (including direct marketing).
• Right to withdraw consent at any time (without affecting prior processing).
• Right to lodge a complaint with a supervisory authority in your member state or the UK.
• Where we rely on legitimate interests, you may object and we will assess your request in line with the law.

• Nigeria (NDPR): individual rights to access, correction, and deletion; data minimization and purpose limitation apply.
• India (DPDP): consent and notice principles; user rights to access/correction/deletion; grievance redressal timelines.
• Brazil (LGPD): rights similar to GDPR; legal bases include consent, contract, and legitimate interests.
• Canada (PIPEDA): accountability, consent, limiting collection, safeguarding, openness, access, and challenge compliance.
• Australia (Privacy Act): APPs including open and transparent management, anonymity where feasible, direct marketing limits.

Where local law provides stronger protections, we follow the stronger standard for that region.

We use automated systems for recommendations, safety, spam detection, and to maintain platform integrity. Where law grants a right to request human review of significant automated decisions, you may contact us.

With consent (where required), we may send product updates or offers. You can opt out via the message or in settings. We still send essential service messages (security, transactions, policy changes).

We review legal requests and require appropriate process. We may preserve account information upon receipt of a valid preservation request or where we reasonably believe preservation is necessary to protect safety or the Service. See Law Enforcement Guidelines.

6ix is not directed to children under 13 (or higher local minimum). We apply teen protections and limitations where required by law. Parents/guardians should supervise minors’ use and review settings. Report concerns to safety@6ixapp.com. See Safety & Minors.

We may update this Policy to reflect changes to our practices or legal requirements. If changes are material, we will provide reasonable notice (e.g., in-app or email). Continued use after the effective date means you accept the updated Policy.

Email: privacy@6ixapp.com
Security: security@6ixapp.com
Child safety: safety@6ixapp.com

Depending on region, you may have the right to complain to a data protection authority. If we designate EU/UK representatives, we will add their contact details here.

• Account basics (email, username): kept while the account is active; deleted or anonymized within a defined period after closure, subject to legal holds.
• Content (posts, messages, streams): kept per user settings; deleted on request unless needed for legal, safety, or abuse investigations.
• Logs & diagnostics: rolling windows (e.g., 30–180 days) unless extended for security investigations.
• Payments & tax records: retained per financial/tax law (often 5–7+ years).
• Enforcement & safety records: retained as necessary to enforce policies and prevent recidivism, consistent with law.
• Backups: deleted on scheduled cycles; data may persist in backups for a limited period after deletion.

• Hosting & CDN — serve content globally and securely.
• Analytics & diagnostics — usage metrics, crash reporting, performance.
• Security & anti-abuse — threat detection, fraud prevention, moderation tooling.
• Communications — email, SMS/push, and in-app messaging.
• Payments & KYC/AML — subscriptions, payouts, identity verification.
• Support tooling — ticketing, helpdesk, and knowledge base.

We bind processors by contract to protect data and follow our instructions. Where required, we will publish a list of subprocessors and provide notice before changes.