ForestStar
Privacy Policy
Last updated: June 2026
1. Who This Policy Applies To
This policy applies to all users of the ForestStar mobile application (iOS and Android) and the website at foreststar.app. By using the Service, you acknowledge that you have read and understood this policy.
2. What We Collect
Information you give us
- •Feedback form submissions — your name (optional) and email address if you use the feedback form. Used solely to respond to your message.
- •Push notification opt-in — if you consent, we store a device push token. No personal profile is created from this.
Information we collect automatically
- •Anonymous device identifier — a randomly generated ID used to sync your reading history (liked, saved, seen cards) across sessions. Not linked to your name, email, or any identifying information.
- •App usage events — which cards are opened, aggregated only. We do not track individual reading profiles.
- •Basic device information — OS version and app version, collected for crash reporting and compatibility.
What we do NOT collect
- •Your real name (unless you provide it via feedback)
- •Your location or GPS data
- •Your contacts, camera, or microphone
- •Any financial information
- •Social media profiles
3. Why We Collect It (Legal Basis)
| Purpose | Data Used | Legal Basis |
|---|
|---------|-----------|-------------|
| Sync reading history | Anonymous device ID | Legitimate interest |
|---|---|---|
| Respond to feedback | Name (optional), email | Consent |
| Push notifications | Device push token | Explicit consent |
| App stability and debugging | Device info, crash logs | Legitimate interest |
| Content performance | Aggregated card views | Legitimate interest |
Under India's DPDPA 2023, we rely on consent for personal data and legitimate interest for aggregated or anonymous data. You may withdraw consent at any time (see Section 8).
4. Third-Party Services
- •Supabase (Supabase Inc., USA) — backend database and authentication. SOC 2 Type 2 compliant. See Supabase Privacy Policy.
- •Expo / Expo Application Services — used to build and distribute the mobile app. No user data is shared.
- •Vercel (Vercel Inc., USA) — hosts the foreststar.app website. Processes standard web request logs. See Vercel Privacy Policy.
We do not use Google Analytics, Facebook Pixel, advertising SDKs, or any tracker that profiles individual users.
5. International Data Transfers
Supabase and Vercel are US-based services. Your data may be transferred to and stored in the United States or other countries. Where required by law, such transfers are made under appropriate safeguards (Standard Contractual Clauses for GDPR purposes).
6. Data Retention
| Data Type | Retention Period |
|---|
|-----------|-----------------|
| Feedback form submissions | 12 months from submission |
|---|---|
| Push notification tokens | Until you unsubscribe or uninstall |
| Anonymous device identifiers | 24 months from last activity |
| Aggregated analytics | Indefinitely (no personal data) |
| Server/access logs | 90 days |
7. Children's Privacy
ForestStar is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us at admin.foreststar@gmail.com and we will delete it promptly. In accordance with DPDPA 2023, we do not process personal data of children without verifiable parental consent.
8. Your Rights
All users (India — DPDPA 2023):
- •Right to access the personal data we hold about you
- •Right to correction of inaccurate data
- •Right to erasure ("right to be forgotten")
- •Right to withdraw consent at any time
- •Right to grievance redressal
EU/EEA users (GDPR):
- •All of the above, plus right to data portability, right to object to processing, and the right to lodge a complaint with your national supervisory authority
To exercise any right, email us at admin.foreststar@gmail.com with the subject line "Data Rights Request". We will respond within 30 days.
9. Data Security
We take reasonable technical and organisational measures to protect your data, including encrypted data transmission (HTTPS/TLS), Supabase Row Level Security (RLS) to restrict data access, and no storage of sensitive credentials in the app binary. No method of transmission or storage is 100% secure. Report security concerns to admin.foreststar@gmail.com.
10. Cookies & Tracking (Website)
The foreststar.app website uses strictly necessary cookies for session management only. We do not use advertising or analytics cookies. We do not use cookie banners because we have no tracking cookies to disclose. The website does not use cross-site trackers.
11. Push Notifications
If you opt in to push notifications, we will send you notifications about new editorial cards. You can opt out at any time via your device's notification settings or within the app's profile screen.
12. Grievance Officer (India — IT Act 2000)
In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines) Rules, 2021:
Name: Jayottam
Email: admin.foreststar@gmail.com
Response time: Acknowledgement within 24 hours; resolution within 15 days.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, by in-app notification. Continued use of the Service after changes are posted constitutes acceptance.
14. Contact
Email: admin.foreststar@gmail.com
Website: Feedback Form