Privacy policy

When you sign in, we store the email address provided by your sign-in method (Google OAuth or magic-link). For Google sign-in we also store the provider's internal user identifier so we can recognise you on return visits. We do not store passwords — sign-in is handled by your chosen provider.

When you play a game, we store the parameters you chose, the pair you were given, your guess, and your score. This lets us show your history on the /account page and power the public leaderboards on /stats. Leaderboard entries are anonymised — each user is shown as a generated handle like SwiftHeron42, derived from your user ID. Your real name and email are never shown.

We use a first-party cookie (authjs.session-token) to keep you signed in — it contains a signed JWT with your user ID and an expiry. When PostHog analytics is enabled, it also sets a first-party cookie to remember a device between visits. We do not use third-party tracking cookies.

• Google — only when you choose to sign in with it. Google receives a request from us; they return your email and a stable user ID.
• Microsoft Azure Communication Services — delivers magic-link sign-in emails. Azure receives your email address and the link content.
• Microsoft Azure — our database and hosting. Your data lives in Azure SQL.
• Amazon and Apple— only if you click a "Where to watch" link on a game-result screen. Those links are affiliate links: clicking sends your browser and IP to Amazon or Apple, and we may earn a small commission if you rent or buy a title. We don't share your email or account details with them.
• Plausible Analytics — collects anonymous, aggregated page-view counts so we can see what parts of the site people use. No cookies, no personal identifiers, no cross-site tracking. Plausible processes data in the EU under GDPR. Read their data policy for the specifics.
• PostHog — product analytics. We record in-app events (puzzles started and completed, shares, and "Where to watch" link taps) so we can understand how the game is played and whether players come back day to day. If you're signed in, these events are associated with your account; signed-out play is attributed to an anonymous device identifier. We don't sell this data, and analytics are disabled entirely when the app runs without a PostHog key configured. Read their privacy policy for the specifics.

We do not sell or share your data with any other third parties.

The actor, movie, and TV show data comes from the IMDb non-commercial datasets and is used under that license. We do not display IMDb data we don't have rights to use.

Go to /account and click Delete my account. This removes your user record, your sign-in tokens, your game history, and your daily-puzzle results. The deletion is immediate and irreversible. Anonymised aggregate statistics (e.g. site-wide chain-length histograms) may still reflect plays you made before deletion, but no entry in them is linked back to you.

If you can't sign in to delete your account directly, email the maintainer of this app and they will delete it manually.

Sixdle isn't directed at children under 13, and we don't knowingly collect data from anyone under 13. If you believe a child has signed up, tell us and we'll remove the account.

We'll update the "Last updated" date at the top of this page when this policy changes meaningfully.