Privacy Policy

Last updated: February 21, 2026

Introduction

At UpulWeerasinghe.LK, your privacy and security are paramount. We are deeply committed to ensuring that your personal data remains protected and used responsibly. This Privacy Policy comprehensively details our practices regarding the collection, usage, and safeguarding of your information within our Learning Management System (LMS), which exclusively caters to Advanced Level students studying SFT under the guidance of Mr. Upul Weerasinghe. This policy applies to both our website (upulweerasinghe.lk) and our mobile application available on Google Play Store.

1. Information We Collect

Google Authentication:

Users can log in using the "Continue with Google" option. Initially, only basic information such as email and name are obtained through this login method. However, for purchasing classes and accessing additional services, users are required to complete their profile with further details.

Profile Completion Information:

  • National Identity Number (NIC): Necessary for verifying the identity of students and ensuring that access is provided only to genuine users.
  • Residential Address: Collected strictly for the purpose of delivering printed tutorial materials, study notes, and important administrative documents.
  • Contact Number: Essential for communicating vital updates regarding lessons, materials distribution, customer support inquiries, and emergency notifications.

Academic Interaction Data:

We monitor content access within the LMS to provide personalized learning experiences, track progress, and ensure that tutorial materials effectively reach our students. This includes recording lessons viewed and resources accessed by registered users.

2. How We Protect Your Data

  • Encryption: All sensitive personal information is encrypted both during data transfer and at rest to guarantee its confidentiality and security.
  • Controlled Access: Only authorized and trained staff members have access to your data, with strict compliance enforced through internal policies.
  • Periodic Security Audits: Regular assessments are conducted to identify and mitigate vulnerabilities proactively, ensuring a secure digital environment.
  • Secure Payment Process: Payments processed via OnePay.LK are highly secure. We never store or handle sensitive payment details on our servers, and users should refer to OnePay.LK's policies for more information.

3. Usage of Collected Data

The information we collect is used solely for academic, operational, and administrative purposes. These include verifying student identities, enabling secure content delivery, administrative communications, providing customer support, and ensuring compliance with legal regulations. No personal information is shared externally or used for marketing purposes without explicit consent from the users.

4. User Responsibilities and Prohibitions

  • Unauthorized Distribution: Students must refrain from sharing or distributing LMS content externally or internally without prior authorization.
  • Account Security: Users must safeguard their login credentials diligently and avoid unauthorized sharing or use.
  • Intellectual Property: Violations related to copyright infringement or misuse of LMS content are prohibited and may lead to legal consequences.
  • Tampering: Any attempts to compromise, alter, or disrupt LMS functionality or security are strictly forbidden and will result in immediate account termination and possible legal action.

5. Notification System

Our LMS provides a built-in notification system that delivers important updates, such as new course materials or administrative announcements. Notifications are delivered when users are actively accessing the LMS platform.

Push Notifications (Mobile App):

For users of our Android mobile application, we utilize Firebase Cloud Messaging (FCM) to deliver push notifications. These notifications may include class updates, payment confirmations, new lesson availability, and important announcements. Users can control push notification preferences through their device settings. When you use our mobile app, we collect your FCM device token to send push notifications. This token is stored securely on our servers and is associated with your student account.

6. Mobile Application

Our Android mobile application is built as a Trusted Web Activity (TWA), which means it wraps our existing web platform using Chrome's browser engine. The app shares the same session and security context as the web platform. The app requires an active internet connection and a compatible version of Google Chrome installed on your device.

7. Device Information

When you use our mobile application, we may collect the following device-related information:

  • FCM Device Token: A unique identifier generated by Firebase Cloud Messaging, used solely for delivering push notifications to your device. This token may change periodically and is automatically updated.
  • Device Type: We record whether you are accessing our service from Android, iOS, or web to optimize your experience.

We do not collect device identifiers such as IMEI, advertising IDs, or other hardware identifiers.

8. Third-Party Payment Processing

All transactions made via our platform are securely handled by OnePay.LK. We strongly encourage users to review OnePay.LK's Privacy Policy separately, as we neither store nor directly process any payment information.

9. Account Deletion

Users can request account deletion at any time through the Settings page in their dashboard. Upon submitting a deletion request:

  • Your request will be reviewed and processed within 30 days.
  • All personal data, including your profile information, class access, payment history, and notification preferences will be permanently deleted.
  • Any active class subscriptions will be terminated without refund.
  • FCM device tokens associated with your account will be deactivated.

To request account deletion, navigate to Dashboard > Settings > Delete Account or contact us at [email protected].

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After an account deletion request is processed:

  • Personal data is permanently deleted within 30 days of request approval.
  • Anonymized usage data may be retained for analytical purposes.
  • Transaction records may be retained as required by applicable financial regulations.

11. Children's Privacy

Our LMS is designed for Advanced Level (A/L) students who are typically 16 years of age or older. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at [email protected].

12. Compliance with Legal Standards

UpulWeerasinghe.LK adheres strictly to Sri Lankan data protection and privacy legislation. We maintain full compliance with national regulations and reserve the right to take legal action against any breaches or violations of these standards.

Contact Information

If you have queries, concerns, or suggestions related to our Privacy Policy, please contact us via email at [email protected].