Privacy policy

This policy explains what personal data Miyasi Lyrics collects, why we collect it, who we share it with, and the rights you have over it. It applies to the Miyasi Lyrics website and the Miyasi Lyrics mobile app.

Last updated: 30 June 2026 · Version 1.0

1. Who we are

Miyasi Lyrics (“Miyasi”, “we”, “us”) is a digital anthology of Sinhala song lyrics and their attributions, available as a website and a mobile app. Miyasi Lyrics is an independent project operated by D. A. S. Wijerathna(the “data controller” responsible for your personal data under Sri Lanka’s Personal Data Protection Act No. 9 of 2022).

The data controller is an individual operator, not a company. You can reach us about anything in this policy — including data access, correction, or deletion requests — by email at miyasilyrics@gmail.com.

2. Information we collect

We collect only what we need to run the service. The categories below reflect the features that exist in the app today; we do not collect data we have no use for, and we do not show advertising.

  • Account & profile. Your email address, display name, and (if provided) profile photo. If you sign in with Google, we receive your Google account identifier, name, email, and avatar from Google Sign-In.
  • Authentication. Sign-in is handled by Google Firebase Authentication. If you register with a password, that password is held by Firebase — Miyasi never stores your raw password.
  • Your content & activity. Favourites, playlists you create, lyric contributions and edits you submit (with moderation status), feedback messages you send us, and your participation in shared “sync” sessions.
  • Uploaded media. Any images or files you submit (for example with a contribution) are stored in our cloud object storage.
  • Device & notifications. A push-notification token for your device, device/session records, and your notification preferences, so we can deliver and manage notifications.
  • Usage & diagnostics. App and feature usage events (analytics), plus crash and error diagnostics that help us fix problems.
  • Technical data. Information sent automatically by your device or browser, such as IP address, device/browser type, app version, and timestamps.
  • Purchases (only if/when offered). Miyasi does not currently sell in-app purchases. If paid features are introduced, purchase and validation data (handled via Google Play Billing) would be processed at that time, and this policy would be updated to describe it.

3. How and why we use your data

We use your data to provide and improve Miyasi Lyrics, and we rely on the following lawful bases under the PDPA (and, for users outside Sri Lanka, the equivalent GDPR-style bases):

  • To provide the service (performance of a contract). Creating your account, signing you in, saving favourites and playlists, accepting contributions, and running sync sessions.
  • With your consent. Sending push notifications, and processing optional data you choose to give us. You can withdraw consent at any time (see your rights below).
  • For our legitimate interests. Keeping the service secure, preventing abuse, moderating contributions, understanding usage through analytics, and diagnosing crashes — balanced against your privacy.
  • To meet legal obligations. Responding to lawful requests and honouring your data-protection rights.

We do not sell your personal data, and we do not use it for third-party advertising.

4. Push notifications

With your permission, we send push notifications (for example about new or featured lyrics and activity relevant to you) through Firebase Cloud Messaging. To do this we store a notification token tied to your device. You can turn notifications off at any time in your device settings and in the app’s notification settings; doing so stops the notifications and we stop using the token to reach you.

5. Cookies, local storage & analytics identifiers

The website uses cookies and your browser’s local storage to keep you signed in and remember your preferences (such as light/dark theme). Our apps and SDKs also use device and analytics identifiers to measure usage and stability. We do not use advertising cookies or ad trackers. You can clear cookies and local storage in your browser, and reset advertising/analytics identifiers in your device settings; signing out and deleting your account also removes the associated data as described below.

6. Sharing & third-party services

We do not sell your data. We share it only with the service providers (“processors”) that operate parts of Miyasi on our behalf, under their own security and privacy terms:

  • Google / Firebase — Authentication and Google Sign-In, Cloud Messaging (push), Analytics, Crashlytics (crash reporting), Realtime Database (sync sessions), and Remote Config.
  • Sentry — error and performance monitoring for the website and backend.
  • Cloud object storage — an Amazon S3-compatible service that stores uploaded media.
  • Google Play — if paid features are ever offered, Google Play Billing would process the purchase and we would validate it via Google’s developer API.

We may also disclose data where required by law, to protect the rights and safety of users or the public, or as part of a change of operator (in which case this policy would continue to apply to your data).

7. International data transfers

The providers above are global infrastructure services, so your data may be processed and stored on servers located outside Sri Lanka. Where data is transferred internationally, we rely on these providers’ security measures and contractual safeguards to protect it, consistent with the cross-border transfer requirements of the PDPA.

8. How long we keep data

We keep personal data only as long as needed for the purposes above, then delete or anonymise it:

  • Account data — for as long as your account exists; removed when you delete your account.
  • Favourites, playlists, preferences, device/notification records — until you remove them or delete your account.
  • Contributions — lyrics or edits you submitted may remain in the catalogue for quality and copyright workflow after deletion, but they are de-identified: your account is unlinked and your name is replaced with an anonymous pseudonym.
  • Diagnostics & analytics — kept for a limited period in aggregated or de-identified form.
  • Security & legal records — retained only as long as needed for abuse prevention or to meet legal obligations.

This mirrors what is described on our account deletion page.

9. Your rights & choices

Subject to the PDPA (and equivalent laws where you live), you have the right to:

  • Access the personal data we hold about you.
  • Correct or complete data that is inaccurate or incomplete.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Withdraw consent at any time, where we rely on consent.
  • Request a copy of data you provided, in a portable form.
  • Object to automated decision-making that has a significant effect on you (Miyasi does not make such automated decisions).

To exercise any of these, email us at miyasilyrics@gmail.com. We will verify your identity and respond within the time required by law. Exercising your rights is free, and we will not penalise you for it.

10. Deleting your account

You can request deletion of your account and associated personal data at any time. The fastest way is to sign in on the web and open Settings → Delete all your profile and data; if you cannot sign in, use the email form on our account-deletion page. Every request is reviewed by us before your data is removed, and until it is approved your account stays intact and a pending request can be cancelled. Full details, including exactly what is removed and what is retained in de-identified form, are on our account deletion page.

11. Children's privacy

Miyasi Lyrics is a general-audience service intended for users aged 13 and over, and it is not directed to children. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us data, contact us at miyasilyrics@gmail.com and we will delete it.

12. Security & data breaches

We take reasonable technical and organisational measures to protect your data, including encryption in transit, access controls, and reliance on established providers (Google/Firebase and others) for core infrastructure. No method of transmission or storage is completely secure, but if a data breach affects your rights we will act promptly and notify you and the relevant authority where the law requires.

13. Changes to this policy

We may update this policy as the app evolves or the law changes. When we do, we will revise the “Last updated” date at the top and, for significant changes, provide a more prominent notice. Continued use of Miyasi after an update means you accept the revised policy.

14. Governing law & complaints

This policy and any dispute relating to it are governed by the laws of Sri Lanka, and the courts of Sri Lanka have jurisdiction. We handle personal data in accordance with the Personal Data Protection Act No. 9 of 2022.

If you have a concern we have not resolved, you may lodge a complaint with the Data Protection Authority of Sri Lanka, the regulator that oversees the PDPA. We would appreciate the chance to address your concern first — please contact us at miyasilyrics@gmail.com.

15. How to contact us

Miyasi Lyrics, operated by D. A. S. Wijerathna.
Privacy & data requests: miyasilyrics@gmail.com

Related pages: About · Copyright & takedown · Account deletion · Send feedback