Forestaller - Tracking made simple

Introduction

Forestaller is operated by Arity Craft, a company registered in the Republic of Mauritius (BRN: C25227854, Address: Coastal Rd, Suite 005, Grand Baie Business Park, Grand Baie, 1207-02, Mauritius). Arity Craft acts as the Data Controller for all personal data processed through Forestaller.

Forestaller is a health and symptom tracking application that processes personal data, including sensitive health information. We comply with the Mauritius Data Protection Act 2017 and, where applicable, the General Data Protection Regulation (GDPR).

By creating an account and entering medical information into Forestaller, you provide explicit, informed consent for the processing of your sensitive health data for the purposes described in this policy.

Information We Collect

Account and Identity Information

Name
Email address
Date of birth
Profile photo (optional)
Emergency contact information (optional)

Sensitive Health Data

We process health data that you voluntarily enter. Under the Mauritius Data Protection Act 2017, this constitutes Sensitive Personal Data.

Symptom logs and severity ratings
Medication details and adherence tracking
Vital signs (heart rate, blood pressure, glucose levels)
Medical history and conditions
Mood, stress, sleep, and lifestyle information

Technical and Usage Data

IP address
Device and browser information
Security logs
Usage analytics (only where consented)

Legal Basis for Processing

Explicit Consent: For sensitive health data
Contractual Necessity: To provide Forestaller services
Legal Obligation: Where required by Mauritian law
Legitimate Interests: Security, fraud prevention, and service improvement

You may withdraw consent at any time via your account settings or by contacting us.

Data Hosting and International Transfers

Forestaller data is hosted in the European Union (EU-North region) using Supabase infrastructure. As data is transferred outside Mauritius, we rely on adequate protection mechanisms consistent with the Mauritius Data Protection Act 2017 and GDPR safeguards.

Data Sharing and Processors

We may share data with:

Supabase (EU-North hosting provider)
Authentication providers
Analytics providers (with consent)
Authorities where legally required

All processors operate under written Data Processing Agreements.

Data Breach Notification

In the event of a personal data breach, Arity Craft will notify the Mauritius Data Protection Commissioner without undue delay where required by law. Where the breach poses a high risk to individuals, affected users will also be informed promptly.

Your Rights Under Mauritian Law

Right of access to your personal data
Right to correction of inaccurate data
Right to request erasure
Right to prevent processing likely to cause damage or distress
Right to object to direct marketing
Right not to be subject to automated decision-making
Right to withdraw consent
Right to compensation for unlawful processing
Right to lodge a complaint with the Mauritius Data Protection Office

Supervisory Authority

If you believe your data protection rights have been violated, you may contact:

Data Protection Office – Republic of Mauritius
Website: https://dataprotection.govmu.org
Email: dpo@govmu.org
Tel: +230 460 0251

Data Retention

We retain personal and health data only as long as necessary to provide services. Upon account deletion, data is permanently deleted within 30 days unless retention is required by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. The updated version will be posted within the application.

Contact Us

Arity Craft
Coastal Rd, Suite 005, Grand Baie Business Park, Grand Baie, 1207-02, Mauritius
Email: support@forestaller.ap

Health Data Compliance Notice

Forestaller processes sensitive health data under explicit consent. It is a personal health tracking tool and not a medical provider.