1. Introduction
The EPC/IAP Istanbul 2026 mobile application (“Application”) is developed by Devent Turizm Organizasyon A.Ş. (“Company”, “we”, “us”, or “our”).
This Privacy Policy explains how information is handled when you use the Application. It applies to releases 1.0.2 and later on Apple App Store and Google Play, and supersedes the privacy policy used for version 1.0.0 where they differ.
By using the Application, you agree to this Privacy Policy.
2. Personal Data Collection — Overview
The Application does not require user registration and does not collect:
- Name, email address, or phone number
- Precise or continuous location data
- Advertising ID or advertising profiles
- In-app analytics or behavioral tracking SDKs
You can use most features without creating an account.
Limited technical data is processed to operate the Application, as described in Sections 3–6 below. This data is not used for advertising or sale to data brokers.
3. Data Stored on Your Device
The Application stores certain data locally on your device:
| Data | Purpose |
|---|---|
| Notes you create | Personal notes feature |
| Favorite programme sessions | Quick access to saved sessions |
| Theme preference (light / dark / auto) | Display settings |
| Last registered push token (cache) | Avoid duplicate server registration |
This local data:
- Remains on your device unless you delete it or uninstall the Application
- Is not uploaded to our servers as part of notes or favorites
- Is removed when the Application is uninstalled (subject to your device OS behaviour)
Local data uses the device’s secure storage mechanisms (e.g. AsyncStorage).
4. Data Sent to Our Server
When you use the Application, our secure API may receive:
| Data | When | Purpose |
|---|---|---|
Application key (X-App-Key) |
Every API request | Identify the event app client |
Application version (X-App-Version) |
Every API request | Compatibility and support (e.g. 1.0.2) |
| Expo push token | After you grant notification permission | Deliver event-related push notifications |
Platform (ios or android) |
With push token registration | Route notifications correctly |
Push token registration uses: POST /public/pushtoken with body { "token", "platform" }.
We do not receive your name, email, or phone number through this process unless you separately contact us (see Section 12).
Event content (programme, speakers, announcements, abstracts, static pages) is retrieved via HTTPS. That content is public event information and does not include your personal profile.
5. Push Notifications
5.1 Permission
The Application may ask for permission to send notifications:
- iOS: system notification permission
- Android 13+:
POST_NOTIFICATIONSpermission
You may decline permission; the Application will continue to work, but you will not receive push notifications.
5.2 What we do with push tokens
- A unique push notification token is generated for your device by the push infrastructure.
- If permission is granted, the token (and platform) is sent to our server so we can send notifications about the congress (e.g. announcements, programme updates).
- Tokens are used only for event-related messaging, not for third-party advertising.
5.3 Third-party push infrastructure
Push delivery relies on industry-standard services that process tokens on our behalf:
Provider: Expo (Expo Notifications)
Role: Token generation and relay
Privacy information: https://expo.dev/privacy
Provider: Apple Push Notification service (APNs)
Role: iOS delivery
Privacy information: https://www.apple.com/legal/privacy/
Provider: Google Firebase Cloud Messaging (FCM)
Role: Android delivery
Privacy information: https://firebase.google.com/support/privacy
We do not control these providers’ independent processing; their policies apply to their services.
6. Add to Calendar (Optional Feature)
From version 1.0.1 onward, you may add programme sessions or favorites to an external calendar (Apple Calendar, Google Calendar, Outlook, Yahoo, or .ics-compatible apps).
- This action is initiated by you only.
- Session details you choose to export (e.g. title, date, time, location text from the event programme) are passed to the calendar app or service you select, not stored by us as a separate “calendar profile.”
- Those third-party services have their own privacy policies.
We do not receive a copy of your personal calendar data from those providers.
7. Event Content Retrieved from Server
The Application retrieves event-related content from our secure server, including:
- Scientific programme details
- Speaker information
- Announcements
- Abstracts / declarations
- Static informational pages
- Application configuration (menu, language, theme defaults)
This content:
- Does not include your personal account data (there is no login)
- Is publicly available or event-related information
- Is transmitted over HTTPS
8. Data Sharing
We do not sell your personal data.
We may share limited technical data only as necessary to:
- Operate push notifications (Section 5.3)
- Host and deliver event content on our infrastructure
- Comply with applicable law or valid legal requests
We do not share data with advertisers or unrelated analytics/marketing platforms.
9. Data Security
We apply reasonable technical measures, including:
- HTTPS encryption for API communication
- No advertising SDKs or cross-app tracking in the Application
- No background location tracking or profiling
Push tokens and server logs are protected according to our operational security practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Cookies and Tracking Technologies
The Application is a native mobile app and does not use cookies in the web sense.
Embedded web content (e.g. static pages shown in a WebView) may be subject to the policies of linked external sites if you open them in a browser.
We do not integrate analytics trackers or advertising cookies in the Application code.
11. Data Retention
| Data type | Retention |
|---|---|
| Local notes, favorites, theme | Until you delete them or uninstall the Application |
| Push token on our server | Until the event service ends, you revoke notification permission, or we no longer need it for congress communications; we delete or anonymise when no longer required |
| Server logs (IP, request metadata) | Short-term operational retention as needed for security and troubleshooting, per our internal policies |
| Event content on server | For the duration of the congress and a reasonable archive period thereafter |
12. Your Rights and Choices
Depending on your location (including KVKK and GDPR), you may have rights to access, correct, delete, or restrict processing of personal data.
- Notifications: disable in device Settings or deny permission when prompted.
- Local data: delete notes/favorites in the app or uninstall the Application.
- Push token: contact us to request deletion from our notification list (provide approximate device/platform if possible).
Because we do not operate a user account system, we may need additional information to identify a specific push token request.
Contact for privacy requests: info@devent.com.tr
13. Children’s Privacy
The Application is intended for congress participants and is not directed at children under 13.
We do not knowingly collect personal information from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.
14. International Transfers
Our servers and service providers may process data in Turkey and other countries where our infrastructure or push providers operate. By using the Application, you acknowledge that such transfers may occur with appropriate safeguards where required by law.
15. Changes to This Policy
We may update this Privacy Policy for new app versions or legal requirements. The version number at the top of this document will change when we do. Continued use after an update constitutes acceptance of the revised policy where permitted by law.
Previous version: privacy_policy_1.0.0
16. Contact Information
Devent Turizm Organizasyon A.Ş.
Email: info@devent.com.tr
Website: https://www.devent.com.tr
17. Legal Compliance
This Privacy Policy is prepared in accordance with:
- Turkish Personal Data Protection Law (KVKK – Law No. 6698)
- EU General Data Protection Regulation (GDPR), where applicable
- Apple App Store App Review Guidelines (privacy disclosures)
- Google Play User Data policy and Data safety form requirements
- U.S. COPPA (children under 13), where applicable
Appendix A — Store disclosure summary (Apple & Google)
For App Store Connect and Google Play Console data safety forms:
| Category | Collected? | Notes |
|---|---|---|
| Name, email, phone | No | No registration |
| Location | No | Not collected |
| User content (notes) | Device only | Not transmitted to our servers |
| Device or other IDs | Yes | Expo push token; not used for ads |
| App activity / analytics | No | No analytics SDK |
| Crash logs | Only if OS/provider default | Not a dedicated third-party crash SDK in app |
| Calendar | User-initiated export | Data goes to user-chosen calendar app |
| Data encrypted in transit | Yes | HTTPS |
| Data deletion | User can uninstall; contact us for push token removal |