Effective 2026-05-12
Privacy Policy
Misa is a Catholic companion app for Filipino families. The things you put into it — the candle you light for Mama, the intention you write for a sick titi, the line in your journal you'd never say out loud — are sacred. We treat them that way.
This page explains, in plain language, what we keep, what we don't, and how to ask us to delete it. If anything here is unclear, write to prince@yoshilabs.io and a real person will answer.
The short version
- We only collect what Misa needs to work: your email (for sign-in), the name you choose, your parish and language, and the candles and intentions you create.
- We do not sell your data. We do not run ads. We do not track you for advertisers. There are no streaks or leaderboards.
- Your intentions, candles, and journal entries are visible only to you. We do not share them with any parish, priest, or third party.
- You can ask us to delete everything tied to your account by emailing prince@yoshilabs.io. We will do it.
What we collect
We collect only what Misa needs to function as a prayer companion. Specifically:
- Email address — after you sign in. We use it to send the magic-link sign-in email and, rarely, to tell you something important about your account.
- Display name — the name you choose at onboarding (up to 40 characters). Shown inside Misa.
- Patron saint, preferred prayer time, language (English, Tagalog, Cebuano), and city — so Misa shows you the right parish, prayer, and reflection for who you are and where you are.
- Mass intentions and candle intentions — the short text (up to 140 characters) you write for a person or situation. Stored in our database. Visible only to you, except for mass intentions which are passed to the parish you chose.
- Journal entries — kept on your own device only. They never leave your phone or laptop. We cannot read them.
- Push notification details — if you opt in to Angelus reminders, we store the technical address your browser gives us (the push endpoint and its keys) plus your timezone, so we can reach you at 6 AM, noon, and 6 PM in your local time.
- Anonymous client ID — a random ID generated on your device the first time you open Misa. It lets your candles and intentions persist before you sign in, and links them to your account when you do.
We do not collect government IDs, baptismal records, location tracking, contacts, photos, or anything else not listed above.
How we use it
We use your data for exactly three things:
- To run Misa — sign you in, show your candles and intentions on your devices, send the notifications you asked for, pass your mass intention to the parish you chose.
- To keep Misa working — basic error logs and operational data so we can fix things when they break.
- To talk to you about your account — for example, a magic-link sign-in email, or a note if something serious happens (a security incident, an end of service).
We do not use your data to train AI models. We do not profile you for advertisers. We do not sell, rent, or trade your data with anyone.
Who else sees it
Misa runs on a few trusted services. Each of them only sees the minimum they need to do their job:
- Supabase (Singapore region) — our database and sign-in provider. Stores your account, candles, intentions, and push subscription.
- Resend (United States) — sends the magic-link email you use to sign in. They receive your email address and the email body.
- Vercel (global edge network) — hosts the app. Keeps short-term request logs as part of normal operations.
- DeepSeek — used only to write the daily-reading reflection. We send the scripture passage. We never send your name, email, intentions, or any personal data.
- PostHog (analytics, being rolled out) — aggregate product analytics so we can see which features people actually use. No advertising. No personal intention text shared.
Mass intentions are stored privately in your Misa account so you can remember whom you've prayed for. Today, Misa does not transmit intentions to parishes — if you want a priest to read your intention during mass, please continue to do so directly through your parish. When parish delivery becomes a real feature in Misa, this page will be updated and we will tell you before we send anything on your behalf.
Where your data lives
Our primary database is in Singapore — close to the Philippines, on purpose. Some of our service providers (Resend, Vercel) operate in the United States or on global infrastructure, so a small amount of your data may move across borders as part of normal operation. We pick partners who handle data responsibly and who let us delete your data on request.
How long we keep it
We keep your account and your data for as long as you actively use Misa. If you ask us to delete your account, we will remove your personal data within 30 days, except for limited records we are legally required to keep (for example, basic logs that show a deletion was performed).
Candles in Misa "breathe" for 24 hours and are then archived. They remain visible only to you in your history. Mass intentions are kept tied to the mass date you chose.
Your rights
You can ask us, at any time, to:
- See what data we hold about you.
- Correct anything that is wrong.
- Delete your account and your data.
- Stop receiving push notifications (you can also turn this off in your browser).
- Get an export of your candles and intentions.
For users in the Philippines, these rights are protected under the Data Privacy Act of 2012 (Republic Act 10173). For users in the European Union or the United Kingdom, the equivalent protections under GDPR apply. Wherever you are, the practical answer is the same: email us and we'll handle it.
How to delete your data
Send an email to prince@yoshilabs.io from the address you signed in with, and say "please delete my Misa account." We will confirm, then delete your account, your intentions, your candles, and your push subscription. You will get a written confirmation when it is done.
Children
Misa is not designed for children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, write to us and we will remove it.
Security
We protect your data with the usual modern safeguards — encrypted connections, encrypted storage at our providers, sign-in via one-time email links instead of passwords. No system is perfect. If we ever learn of a breach that puts your data at risk, we will tell you and the appropriate authorities, plainly and quickly.
Changes to this policy
If we change this policy in a meaningful way, we will update the effective date at the top and, where appropriate, let you know in the app or by email. The spirit of the policy — treat your prayers like prayers — will not change.
Who we are
Misa is built and operated by Yoshi Labs, a sole proprietorship owned by Prince Yoshiko Intes, based in Davao City, Philippines. Misa is an independent app. We are not affiliated with the Catholic Church, the CBCP, or any diocese, parish, or religious order.
Questions, requests, or anything else: prince@yoshilabs.io.