Privacy Policy

1. Introduction

The EPC/IAP Istanbul 2026 mobile application (“Application”) is developed by Devent Turizm Organizasyon A.Ş. (“Company”, “we”, “us”, or “our”).

This Privacy Policy explains how information is handled when you use the Application. It applies to releases 1.0.2 and later on Apple App Store and Google Play, and supersedes the privacy policy used for version 1.0.0 where they differ.

By using the Application, you agree to this Privacy Policy.


2. Personal Data Collection — Overview

The Application does not require user registration and does not collect:

You can use most features without creating an account.

Limited technical data is processed to operate the Application, as described in Sections 3–6 below. This data is not used for advertising or sale to data brokers.


3. Data Stored on Your Device

The Application stores certain data locally on your device:

Data Purpose
Notes you create Personal notes feature
Favorite programme sessions Quick access to saved sessions
Theme preference (light / dark / auto) Display settings
Last registered push token (cache) Avoid duplicate server registration

This local data:

Local data uses the device’s secure storage mechanisms (e.g. AsyncStorage).


4. Data Sent to Our Server

When you use the Application, our secure API may receive:

Data When Purpose
Application key (X-App-Key) Every API request Identify the event app client
Application version (X-App-Version) Every API request Compatibility and support (e.g. 1.0.2)
Expo push token After you grant notification permission Deliver event-related push notifications
Platform (ios or android) With push token registration Route notifications correctly

Push token registration uses: POST /public/pushtoken with body { "token", "platform" }.

We do not receive your name, email, or phone number through this process unless you separately contact us (see Section 12).

Event content (programme, speakers, announcements, abstracts, static pages) is retrieved via HTTPS. That content is public event information and does not include your personal profile.


5. Push Notifications

5.1 Permission

The Application may ask for permission to send notifications:

You may decline permission; the Application will continue to work, but you will not receive push notifications.

5.2 What we do with push tokens

5.3 Third-party push infrastructure

Push delivery relies on industry-standard services that process tokens on our behalf:

Provider: Expo (Expo Notifications)

Role: Token generation and relay

Privacy information: https://expo.dev/privacy

Provider: Apple Push Notification service (APNs)

Role: iOS delivery

Privacy information: https://www.apple.com/legal/privacy/

Provider: Google Firebase Cloud Messaging (FCM)

Role: Android delivery

Privacy information: https://firebase.google.com/support/privacy

We do not control these providers’ independent processing; their policies apply to their services.


6. Add to Calendar (Optional Feature)

From version 1.0.1 onward, you may add programme sessions or favorites to an external calendar (Apple Calendar, Google Calendar, Outlook, Yahoo, or .ics-compatible apps).

We do not receive a copy of your personal calendar data from those providers.


7. Event Content Retrieved from Server

The Application retrieves event-related content from our secure server, including:

This content:


8. Data Sharing

We do not sell your personal data.

We may share limited technical data only as necessary to:

We do not share data with advertisers or unrelated analytics/marketing platforms.


9. Data Security

We apply reasonable technical measures, including:

Push tokens and server logs are protected according to our operational security practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.


10. Cookies and Tracking Technologies

The Application is a native mobile app and does not use cookies in the web sense.

Embedded web content (e.g. static pages shown in a WebView) may be subject to the policies of linked external sites if you open them in a browser.

We do not integrate analytics trackers or advertising cookies in the Application code.


11. Data Retention

Data type Retention
Local notes, favorites, theme Until you delete them or uninstall the Application
Push token on our server Until the event service ends, you revoke notification permission, or we no longer need it for congress communications; we delete or anonymise when no longer required
Server logs (IP, request metadata) Short-term operational retention as needed for security and troubleshooting, per our internal policies
Event content on server For the duration of the congress and a reasonable archive period thereafter

12. Your Rights and Choices

Depending on your location (including KVKK and GDPR), you may have rights to access, correct, delete, or restrict processing of personal data.

Because we do not operate a user account system, we may need additional information to identify a specific push token request.

Contact for privacy requests: info@devent.com.tr


13. Children’s Privacy

The Application is intended for congress participants and is not directed at children under 13.

We do not knowingly collect personal information from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.


14. International Transfers

Our servers and service providers may process data in Turkey and other countries where our infrastructure or push providers operate. By using the Application, you acknowledge that such transfers may occur with appropriate safeguards where required by law.


15. Changes to This Policy

We may update this Privacy Policy for new app versions or legal requirements. The version number at the top of this document will change when we do. Continued use after an update constitutes acceptance of the revised policy where permitted by law.

Previous version: privacy_policy_1.0.0


16. Contact Information

Devent Turizm Organizasyon A.Ş.
Email: info@devent.com.tr
Website: https://www.devent.com.tr


17. Legal Compliance

This Privacy Policy is prepared in accordance with:


Appendix A — Store disclosure summary (Apple & Google)

For App Store Connect and Google Play Console data safety forms:

Category Collected? Notes
Name, email, phone No No registration
Location No Not collected
User content (notes) Device only Not transmitted to our servers
Device or other IDs Yes Expo push token; not used for ads
App activity / analytics No No analytics SDK
Crash logs Only if OS/provider default Not a dedicated third-party crash SDK in app
Calendar User-initiated export Data goes to user-chosen calendar app
Data encrypted in transit Yes HTTPS
Data deletion User can uninstall; contact us for push token removal