Privacy Policy
Last Updated: April 2026
6502ish is operated by 6502ish management and owners from the United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your information. By using the Service you agree to this policy. Read this alongside our Terms of Service.
1. Information We Collect
Information You Provide
- Identity — full name, username, date of birth, sex
- Contact — email address, phone number, mailing address
- Credentials — username and password (passwords are hashed with bcrypt — never stored in plaintext)
- Profile — profile photo, bio text
- Communications — messages sent to other users
- Social connections — friend connections and requests
- Preferences — notification settings and account preferences
- Uploaded files — files you upload to the File Exchange
Information Collected Automatically
- IP addresses — recorded when you access the Service
- Login history — timestamps and IPs of login sessions
- Cookies — HttpOnly, Secure session cookies (see Section 10)
- Device info — browser type, OS, and device identifiers via standard HTTP headers
2. How We Use Your Information
- Account management — create and manage your account, authenticate identity, maintain profile
- Service delivery — provide messaging, friend connections, forums, file exchange, and notifications
- Communication — send verification codes, password resets, and service notifications
- Security — detect and prevent fraud, abuse, and unauthorized access
- Service improvement — understand usage patterns to improve functionality
- Legal compliance — comply with applicable laws and regulations
3. Legal Basis for Processing (GDPR)
For users in the EEA and UK, we process data on these bases:
- Consent — where you have given clear consent (withdrawable at any time)
- Contract — necessary to perform our contract with you (Terms of Service)
- Legitimate interests — maintaining security, preventing fraud, improving the Service
- Legal obligation — compliance with laws we are subject to
4. Information Sharing & Disclosure
WE DO NOT SELL YOUR PERSONAL INFORMATION. EVER.
We may share information only in these limited cases:
- Service providers — third-party SMTP services for email (verification, password resets, notifications) — contractually obligated to protect your data
- Law enforcement — when required by law or to protect rights, safety, or property
- Business transfers — in a merger, acquisition, or sale of assets (with prior notice)
- With your consent — in other cases where you explicitly agree
5. Data Retention
- Active accounts — data retained while your account is active
- Deleted accounts — data deleted or anonymized within 30 days, except where law requires retention
- Login history & IPs — retained up to 12 months for security, then purged
- Messages — retained while both sender and recipient accounts are active
- Uploaded files — retained while your account is active; removed upon account deletion
- Backups — deleted data may persist in encrypted backups up to 90 days
6. Your Rights
All Users
- Access — request a copy of your personal data
- Correction — update your info anytime in account settings
- Deletion — delete your account at /account/delete
- Data export — download your data at /account/export
European Residents (GDPR)
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
California Residents (CCPA)
- Right to know what data we collect and why
- Right to delete your personal information
- Right to opt-out of sale (we don't sell data — no opt-out needed)
- Right to non-discrimination for exercising your rights
7. How to Exercise Your Rights
- Self-service — update profile, preferences, and settings in your account
- Data export — /account/export
- Account deletion — /account/delete
- Contact us — support@6502ish.com — we respond within 30 days
We may verify your identity before processing requests.
8. Security Measures
- Password hashing — bcrypt algorithm — never stored in plaintext
- Encryption in transit — all data encrypted via HTTPS/TLS
- Secure cookies — HttpOnly and Secure flags prevent script access
- Database security — MariaDB with restricted access controls
- Access controls — admin access limited and protected by strong authentication
- Two-factor authentication — available (and required for staff accounts)
No system is 100% secure. We take reasonable measures to protect your data but cannot guarantee absolute security.
9. International Data Transfers
- 6502ish is operated from the United States
- Your data is stored and processed on US-based servers
- By using the Service, you consent to data transfer to the US
- For EEA/UK users, we implement appropriate safeguards (Standard Contractual Clauses)
10. Cookies & Tracking
We use a single session cookie for authentication:
- Set with HttpOnly and Secure flags
- Deleted when you log out or your session expires
We do not use:
- Third-party tracking cookies
- Analytics cookies
- Advertising cookies
- Cross-site tracking of any kind
11. Children's Privacy
- The Service is not intended for children under 13
- We do not knowingly collect data from children under 13
- If discovered, we will delete the data and terminate the account immediately
- Parents/guardians: contact us at support@6502ish.com if your child has provided personal information
12. Changes to This Policy
When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email
- Obtain your consent where required by law
Continued use after changes constitutes acceptance. If you disagree, stop using the Service and delete your account.
13. Additional Information for California Residents
Categories of Personal Information Collected
- Identifiers — name, username, email, phone, address, IP, date of birth
- Personal information (Cal. Civ. Code § 1798.80) — name, address, phone
- Protected classifications — sex, age
- Internet activity — login history, IPs, browser type
- Sensory data — profile photo
- Inferences — none — we do not create consumer profiles
Sale or Sharing
- We do not sell personal information — never have, never will
- We do not share data for cross-context behavioral advertising
Your CCPA Rights
- Right to know — categories and specific pieces of data collected
- Right to delete — request deletion (subject to legal exceptions)
- Right to correct — request correction of inaccurate data
- Right to non-discrimination — exercising rights has no adverse consequences
Exercise rights via /account/export, /account/delete, or email us.
14. Additional Information for European Residents
Data Controller
6502ish management and owners
support@6502ish.com
Your GDPR Rights
- Access (Article 15) — confirm whether your data is processed and access it
- Rectification (Article 16) — correct inaccurate data
- Erasure (Article 17) — request deletion ("right to be forgotten")
- Restriction (Article 18) — limit processing under certain conditions
- Portability (Article 20) — receive data in machine-readable format via /account/export
- Objection (Article 21) — object to processing based on legitimate interests
- Withdraw consent (Article 7) — withdraw at any time
- Automated decisions (Article 22) — we do not engage in automated decision-making or profiling
Right to Lodge a Complaint
You may lodge a complaint with your local supervisory authority. EU DPA list: edpb.europa.eu
Data Transfers
We rely on Standard Contractual Clauses (SCCs) for EU-to-US data transfers. Contact us for a copy.
15. Contact Information
Questions about this Privacy Policy? Contact us:
- Operated by: 6502ish management and owners
- Email: support@6502ish.com
- Website: https://6502ish.com
We respond to all legitimate requests within 30 days.