Privacy Policy
This Privacy Policy explains how personal data is collected, used, and shared when you use the ISF World Seed Congress 2026 mobile application (the "App"), available on the Apple App Store and Google Play. The App is provided in connection with the ISF World Seed Congress 2026 held in Lisbon, Portugal (18–20 May 2026).
1. Data Controller
SARL — Share capital: €33,000 · SIREN 513 481 457 · RCS Paris
Registered office: 11 rue Jouye-Rouve, 75020 Paris, France
VAT: FR90513481457
Publication director: Mr Stéphane Sourdillat
Email: contact@littlelessconversation.fr
Phone: +33 (0)6 73 35 55 07
Little Less Conversation acts as the data controller for personal data processed by the App. Delegate registration data originates from the congress registration system operated by K.I.T. Group GmbH, which acts as an independent data controller for registration purposes.
2. Data We Collect
2.1 Data you provide or that comes from your registration
| Category | Data | Source | Purpose | Legal basis (GDPR) |
|---|---|---|---|---|
| Identity | Full name, company / organisation, country, email address, QR code identifier | Provided by K.I.T. Group on successful login | Authentication, personalised congress experience, delegate identification on-site | Performance of contract (Art. 6(1)(b)) — your participation in the congress |
| Reservations | Trading table number, Private Meeting Room number | Provided by K.I.T. Group on successful login | Display your reserved locations inside the App | Performance of contract (Art. 6(1)(b)) |
| Profile photo (optional) | Image file you upload from your device | You (camera or photo library) | Display on your My Pass / account screen | Consent (Art. 6(1)(a)) — you choose whether to upload |
2.2 Data collected automatically
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| Push notification token | Expo push token associated with your device (anonymous identifier issued by Apple / Google) | Deliver event notifications (session reminders, room changes, live streams) | Consent (Art. 6(1)(a)) — granted at OS level when you allow push notifications |
| Analytics (product usage) | Pseudonymous events: screens viewed, buttons tapped, search queries, event IDs opened, reservation actions. No precise location, no advertising IDs. | Understand feature usage and improve the App | Legitimate interest (Art. 6(1)(f)) — improving a service you asked to use, with minimal privacy impact |
| Crash and error reports | Stack traces, device model, OS version, App version, anonymous device identifier | Diagnose and fix technical issues | Legitimate interest (Art. 6(1)(f)) — operational integrity of the App |
| Local-only preferences | Bookmarked events, read-notification states, "intro video viewed" flag | Remember your choices between app launches | Stored on-device only (no processing by us) |
3. Sensitive Permissions (Device Access)
The App requests the following OS-level permissions. You can revoke any of them at any time from your device settings; the App remains usable with reduced functionality.
- Camera — only when you choose "Take a photo" to upload a profile photo. Images are used solely for your avatar.
- Photo library — only when you choose "Choose from library" to select a profile photo.
- Contacts (write-only) — only when you tap "Add to my contacts" on another attendee's profile. The App writes the attendee's details into your device contacts; it does not read or upload your existing contacts.
- Push notifications — to deliver event-related notifications. No marketing push messages.
- Network — to sync congress data, authenticate, and upload your optional avatar.
The App does not access your calendar, microphone, precise location, or health data, and does not read your existing contacts.
4. Third-Party Processors
We rely on the following sub-processors. They act on our instructions, under data processing agreements that comply with GDPR.
| Processor | Purpose | Data processed | Hosting location |
|---|---|---|---|
| Railway Corp. (USA) | Application backend hosting | All backend-stored data listed in §2.1 | United States |
| K.I.T. Group GmbH (Germany) | Delegate authentication and registration lookup | Email, password (for authentication only), delegate profile | European Union |
| PostHog Inc. (EU instance) | Pseudonymous product analytics | Analytics events (§2.2) | European Union (eu.i.posthog.com) |
| Functional Software Inc. (Sentry) | Crash and error reporting | Crash diagnostics (§2.2) | United States |
| 650 Industries Inc. (Expo) | Push notification delivery | Push tokens and notification payloads | United States |
| Apple Inc. / Google LLC | Push notification delivery (APNs / FCM) | Push tokens and notification payloads | United States |
5. International Data Transfers
Some of our sub-processors are located in the United States. When we transfer personal data outside the European Economic Area, we rely on the Standard Contractual Clauses issued by the European Commission (Decision 2021/914) and, where applicable, the EU–U.S. Data Privacy Framework. We implement additional technical measures, including encryption in transit (TLS) and at rest.
6. Retention
| Data | Retention |
|---|---|
| Identity, reservations, profile photo | Until 6 months after the congress ends (deletion by 30 November 2026) |
| Push notification tokens | Deleted when you log out or when the device token expires |
| Analytics events (PostHog) | Rolling 12 months |
| Crash reports (Sentry) | Rolling 90 days |
| Server access logs (Railway) | Rolling 30 days |
| Local-only data on your device | Until you uninstall the App or sign out |
7. Your Rights
Under the GDPR and, where applicable, similar laws such as the California Consumer Privacy Act (CCPA), you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion ("right to be forgotten")
- Restrict or object to processing based on legitimate interests
- Request portability of your data in a structured, machine-readable format
- Withdraw consent at any time (for processing based on consent), without affecting the lawfulness of prior processing
- Lodge a complaint with a supervisory authority — in France, the CNIL (www.cnil.fr)
To exercise any of these rights, email us at contact@littlelessconversation.fr. We respond within 30 days.
You can also delete your App account and associated personal data directly from the App: My account → Delete my account. This permanently removes your profile, avatar and push notification subscription from our servers. Your congress registration with K.I.T. Group is not affected.
8. Security
We implement appropriate technical and organisational measures, including:
- TLS encryption for all data in transit
- Encrypted storage at rest on Railway persistent volumes
- Access control and audit logging for the administration backoffice
- Short-lived authentication tokens (JWT, 90-day expiry) with refresh on re-authentication
- Hashed passwords (via our authentication provider)
- Least-privilege access by maintainers
9. Children
The App is intended for professional use by congress participants and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can delete the data.
10. Apple App Store Privacy Labels
For transparency, the data types disclosed on our Apple App Store listing are:
- Linked to you: Name, Email, Company, User ID, Photo (avatar), Usage Data, Diagnostics
- Not linked to you: none
- Used to track you across other apps and websites: none
11. Google Play Data Safety
For transparency, on our Google Play listing we declare:
- Data collected: Name, Email, Company, User ID, Photos (avatar), App activity, Crash logs, Diagnostics
- Data shared with third parties: Diagnostics (with Sentry), App activity (with PostHog) — for app operation and improvement only
- Data is encrypted in transit
- You can request data deletion — see §7
12. Changes to This Policy
We may update this Privacy Policy to reflect changes to the App, our sub-processors, or applicable law. We will post the revised version on this page with an updated "Last updated" date. Material changes will be communicated via the App.
13. Contact
Questions, requests, or complaints about this Privacy Policy or the processing of your personal data:
Little Less Conversation — SARL
11 rue Jouye-Rouve, 75020 Paris, France
Email: contact@littlelessconversation.fr
Phone: +33 (0)6 73 35 55 07