Arpacore B.V. does not collect, receive, or process any personal data through CTC-AE+. The information you enter into the App stays in your own Apple iCloud account, on devices you control, and is never sent to Arpacore B.V. or to any third party.
This privacy policy explains in detail how the App handles information.
Arpacore B.V. — Coolsingel 65, 3012 AC, Rotterdam, The Netherlands
Contact email: privacy@arpacore.com
Arpacore B.V. is the controller of the limited information described in the "Apple App Store" and "Website" sections below. Arpacore B.V. is not the controller of the data you enter into the App: that data is stored in your own private Apple iCloud account and only you and Apple's iCloud service have access to it. You remain the sole controller of that data.
The App has no Arpacore account system, no sign-up, no login, and no user profile maintained by us. We do not ask you for any personal information such as name, email address, or payment details.
The App contains no analytics SDKs, no advertising SDKs, no third-party crash reporting, no cookies, and no tracking technologies of any kind. We have no way of knowing who uses the App, when, or how.
Arpacore B.V. does not operate any server, database, or cloud service that receives data from the App. We have no infrastructure that the App talks to. Reference content (NCI CTC-AE v4.03 and v5.0, ECOG, Karnofsky, Lansky) is bundled inside the App at build time and is shown to you offline.
Any data you enter into the App — for example trial reference notes, patient reference notes, and adverse event entries — is stored:
This synchronization is implemented using Apple's CloudKit framework with a private database (container iCloud.info.peruzzi.CTCAE-4). The App also uses Apple's NSUbiquitousKeyValueStore to keep your favorites in sync. Both of these mechanisms store data inside your own iCloud account. They do not share data with other users, and they do not give Arpacore B.V. any access to your data.
Apple acts as the iCloud service provider and processes the data on your behalf in accordance with Apple's own privacy policy and the terms of your Apple ID. If you are signed out of iCloud, or if you disable iCloud for the App in your device settings, the App falls back to local-only storage on that device.
You remain the sole controller of the data you enter. You are responsible for ensuring that any data you choose to record in the App complies with the laws and professional obligations that apply to you — for example, regulations concerning patient data, clinical research data, or other sensitive information. CTC-AE+ is an educational and reference tool and is not a medical device; it is not intended to be used as a primary clinical record system.
You can optionally enable Face ID or Touch ID to lock the App. This feature is handled entirely on-device by Apple's LocalAuthentication framework. Arpacore B.V. never sees your biometric data, and no biometric information ever leaves your device.
The App allows you to export your data as a CSV file. The export is always initiated by you, from within the App. Once exported, the CSV file is handled by the standard iOS / macOS share and save mechanisms, and you decide where it goes — for example, to the Files app, to iCloud Drive, to another app, or to a third-party destination of your choice.
Once a CSV file leaves the App through an export you initiate, it is no longer under the App's control and is subject to the privacy practices of the destination you selected. Arpacore B.V. does not receive any copy of exported files.
The App is distributed through the Apple App Store. Apple may collect information related to your download and use of the App independently of Arpacore B.V., in accordance with Apple's own privacy policy. As a developer, Arpacore B.V. has access only to aggregated, anonymous statistics provided by App Store Connect (such as total downloads or aggregate crash counts).
If you contact Arpacore B.V. by email (for example to report a bug or to ask a privacy question), we will receive the email address and the content of the message you send, and we will use that information solely to respond to you. We do not use this information for marketing.
Because no data about you is stored on Arpacore servers, there is nothing for Arpacore B.V. to delete on your behalf. To remove the data you entered into the App:
Any CSV files you previously exported must be deleted from the locations where you saved them, as those files are no longer under the App's control.
The App is intended for healthcare professionals and is not directed to children. It does not knowingly collect information from anyone, including children.
Because Arpacore B.V. does not collect or process the personal data you enter into the App (it stays in your own Apple iCloud account, to which we have no access), the GDPR rights of access, rectification, erasure, restriction, portability, and objection cannot practically be exercised against Arpacore B.V. for that data — we hold none of it. To exercise these rights for the data stored in your iCloud account, please refer to Apple and to your Apple ID settings.
For any data you do share with Arpacore B.V. directly (for example by emailing us), you may exercise your GDPR rights by contacting privacy@arpacore.com. You always have the right to lodge a complaint with your national data protection authority.
If the App's behavior changes in a way that affects this policy, we will update this page. You are encouraged to review it periodically. Material changes will be reflected in the "last updated" date below.
Questions about this policy can be sent to privacy@arpacore.com.
Last updated: May 1, 2026