Privacy Policy

Effective date: April 26, 2026

This Privacy Policy describes how the AtlDevCon mobile application (the “App”) and its associated backend service (collectively, the “Service”) handle your information. The Service is operated by Ivan Ball-llovera (“we”, “us”, “our”). If you have questions about this policy, contact us at ivanball76@gmail.com.

By using the Service you agree to the practices described below.

1. What we collect

We only collect information that the Service needs to function. There is no advertising, no third-party analytics SDK, and no tracking across other apps or websites.

1.1 Information you provide directly

When you create an account or sign in:

• Email address — used as your login identifier and to send essential account messages.
• Password — never stored in plain text. Stored as a salted, one-way hash; we cannot read your password.
• Name — used to address you in the App and on session interactions.

1.2 Information generated by your use of the App

• Authentication tokens — short-lived JSON Web Tokens (JWTs) and longer-lived refresh tokens issued to your device after sign-in. Used to keep you signed in without re-entering your password.
• Session bookmarks — when you bookmark a conference session, we record the association between your account and that session so we can show your saved sessions across devices.
• Service logs — when your device contacts our backend, our servers automatically record technical information needed to operate the Service: source IP address, request timestamp, requested URL path, response status, and a generated correlation identifier. These logs are used to diagnose errors and protect against abuse.

We do not collect location data, contacts, photos, microphone or camera input, calendar entries, advertising identifiers, or device sensor data.

2. How we use your information

We use the information we collect only for the following purposes:

• Operate the App — sign you in, keep you signed in, show your bookmarked sessions, and synchronize them across your devices.
• Communicate with you about your account — for example, to confirm registration, reset your password, or notify you of changes to this policy.
• Diagnose and prevent problems — investigate errors, debug issues, and protect the Service from abuse such as brute-force login attempts or denial-of-service attacks.
• Comply with legal obligations — respond to lawful requests from authorities or enforce our terms.

We do not sell your information, share it with advertisers, or use it for behavioral advertising.

3. How we share your information

We share your information only in these limited situations:

• Service providers — we host the Service on Microsoft Azure (specifically Azure Container Apps and Azure SQL Database, in the United States). Microsoft acts as a data processor on our behalf and is contractually bound to handle the data only as we direct.
• Legal requirements — if required to do so by law, valid legal process, or to protect the rights, property, or safety of users or the public.
• Business transfers — if the Service is acquired by or merged with another company, we will notify you before your information is transferred and becomes subject to a different privacy policy.

We do not share your information with any third party for that party's own commercial use.

4. Where your data is stored

Your data is stored on Microsoft Azure infrastructure located in the central United States region. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service you acknowledge this transfer.

5. How long we keep your data

• Account data (email, name, hashed password): kept for as long as your account is active. If you delete your account, we delete this data within 30 days, except where we are legally required to retain it.
• Session bookmarks: deleted along with your account, or earlier if you remove the bookmark.
• Refresh tokens: deleted automatically when you sign out, or when they expire.
• Service logs: retained for up to 90 days for security and diagnostic purposes, then deleted.

6. Security

We use industry-standard practices to protect your information:

• All traffic between the App and our backend uses TLS (HTTPS).
• Passwords are stored as salted, one-way hashes and are never transmitted or logged in plain text.
• Backend access is restricted to authorized administrators using multi-factor authentication.
• We do not store payment card data; the App does not process payments.

No system is perfectly secure. If we discover a security incident affecting your information, we will notify you and the appropriate authorities as required by law.

7. Your rights and choices

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information by editing your profile in the App or contacting us.
• Delete your account and associated data. You can request deletion by contacting ivanball76@gmail.com from the email address on your account.
• Withdraw consent at any time by deleting your account. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Export a copy of the personal information we hold about you in a portable format. Contact us at the email above and we will respond within 30 days.

If you are in the European Economic Area, the United Kingdom, or California, you may have additional rights under the General Data Protection Regulation (GDPR), the UK GDPR, or the California Consumer Privacy Act (CCPA), including the right to lodge a complaint with your local data protection authority. We do not sell personal information as defined by the CCPA.

8. Children's privacy

The App is intended for a general audience (rated 4+ on the Apple App Store and Everyone in Google Play). It is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete the information promptly.

9. Third-party services

The App connects only to our own backend service hosted on Microsoft Azure. We do not use third-party analytics, advertising, or tracking SDKs. Distribution through the Apple App Store and Google Play Store is governed separately by Apple's and Google's respective privacy policies, which we do not control.

10. Push notifications

The App may, in future versions, request permission to send push notifications. Push notifications are delivered through platform-provided services — Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android. You can disable push notifications at any time in your device's Settings. We will only send notifications related to the App's functionality (for example, schedule changes for sessions you have bookmarked) — not promotional content.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will:

• Update the “Effective date” at the top of this policy, and
• Notify you in the App or by email at least 30 days before the change takes effect, where the change affects how we use your existing information.

Continued use of the Service after the effective date of an updated policy means you accept the updated terms.

12. How to contact us

For privacy questions, requests to access or delete your data, or any other concerns about this policy, contact:

Ivan Ball-llovera
Email: ivanball76@gmail.com

We aim to respond within 30 days.