Curia | Eine Hoffnung mehr für informierte Krebspatienten.

Datenschutzerklärung für CURIA App

Verwendung unserer mobilen App

I. Information über die Erhebung personenbezogener Daten
(1) We, Innoplexus AG ) (“Innoplexus“), provide you with a mobile app (“CURIA” or the “Service“) that you can download to your mobile device. We respect your privacy and are committed to protect your personal data which you share with us. In the following, we provide information about the collection of personal data when using CURIA, manner in which we may use such personal data and your rights with respect to personal data you provide to us. Personal data includes all data that can be personally related to you, e.g. name, address, email addresses, user behavior, etc.

(2) The person responsible is
Innoplexus AG,
Frankfurter Str. 27, 65760 Eschborn, Germany (siehe unser Impressum:

Innoplexus is a German company.

Die betriebliche Datenschutzbeauftragte von Innoplexus ist unter der o. g. Anschrift, zu Hd. Datenschutzabteilung, beziehungsweise unter

(3) When you contact us via email or a contact form, we will store your email address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this connection after storage is no longer required or – in the case of legal storage obligations – restrict processing.

(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.


You are under no legal duty to provide us with any personal data. However, we do need your personal data in order to provide you with the Service. You hereby acknowledge and agree that you are providing us with such information at your own free will.

(6) We will not collect any personal data from you or related to you without your approval, which is obtained, inter alia, through your active use of and interaction with the Service, your acceptance of this Privacy Policy and your acceptance of our Terms of Use.

(7) This Privacy Policy is incorporated by reference to our Terms of Use, which are available at the following link: Terms of Use.

II. The purpose for which we collect your personal data 

We collect personal data for the purposes described in this Privacy Policy and in order to –

  1. provide and operate the Service, and to provide our users with information to use as applicable;
  2. study the information for personalized services and notifications;
  3. use on an aggregated, statistical basis to discover patterns and anomalies;
  4. enable us to further develop, customize and improve the Service based on users’ common preferences, uses, attributes and anonymized data;
  5. enable us to provide our users with a better user experience, with more relevant and accurate information, services, third party services, features and functionalities, statistical and research purposes, and
  6. deliver advertising and other commercial or sponsored content from our authorized partners which may be valuable to our users, etc.

III. Legal basis for collecting and using personal data

Wir erheben, verarbeiten und nutzen Ihre personenbezogenen Daten auf mindestens einer der folgenden Rechtsgrundlagen:

  1. Your consent – We ask for your consent to process your data for specific purposes, including by your acceptance of this Privacy Policy, and you have the right to withdraw your consent at any time.
  2. When Providing the Service and performing our agreement – We collect and process your personal data in order to provide you with the Service, following your acceptance of this Privacy Policy; to maintain and improve our Services; to develop new services and features for our users; and to personalize the Services in order to provide our users with an enhanced user experience. 
  3. Our Legitimate interests – We process your data for our legitimate interests while applying appropriate safeguards to protect your privacy. For example, we may process your data for detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with the Service, protecting against harm to the rights, property or safety of our properties, or our users, or the public as required or permitted by applicable law, exercising and enforcing rights and claims, including investigation of potential violations of this Privacy Policy; in order to comply with and fulfil our duties under applicable law, regulation, guidelines, industry standards and contractual requirements, legal process or governmental request, as well as our Terms of Use.

IV. Processing of personal data when using CURIA and which data we may collect on users

When downloading CURIA, the required information is transferred to the App Store or Google Play store, in particular user name, email address, time of download and the individual device ID number and is processed pursuant to Apple’s privacy policy or Play store privacy policy, linked here: and We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading CURIA to your mobile device.

Durch Deinstallation wird die aktive Verarbeitung Ihrer personenbezogenen Daten eingestellt. 30 months from the date of uninstalling, the data will be deleted due to the discontinuation of purpose, unless we are subject to any statutory retention obligations. We accept the loss of purpose after such period because we assume that it is no longer likely that you will use our services again after such period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g. because you deleted the app earlier for lack of necessity, we temporarily store the data for you.

Sofern Sie jedoch Ihre Einwilligung widerrufen möchten und nicht nur eine vorübergehende Einstellung der Nutzung wünschen, können Sie dem durch das Betätigen der Schaltfläche „Meine personenbezogenen Daten löschen“ nachkommen.

§1 Bei Nutzung von CURIA erheben wir die nachfolgenden Logfile-Daten:

– IP address, also in the API logs
– Date and time of the request
– Content of the request (concrete page, concrete API endpoint)
– Access Status/HTTP Status Code
– Amount of data transferred in each case
– End device from which the request comes
– User Agent
– Operating system and its interface
– Language and version of the User Agent.

On the one hand, this data is mandatory for us from a technical point of view in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA and, on the other hand, to enable a comfortable use of the Service and functions.

Die Löschung von IP-Adressen in Logfiles erfolgt nach 14 Tagen.

§2 Furthermore, when CURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete CURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA you are using is still up to date. CURIA can be updated to implement new features or to ensure data security, fix bugs, etc.

§3 You must register with your first and last name, e-mail address and telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account. We use this personal data for the execution of this contract. The data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection.

Alternatively, you can log in using your Google user account. For this we collect the following personal data:

– First and Last Name
- E-Mail Adresse

To what extent the personal data disclosed by you through the subsequent use of CURIA will be processed by Google, please refer to Google’s privacy policy.

You can delete your account at any time by clicking the “Delete my personal data” button within CURIA. The personal data processed by us will be deleted or blocked or restricted in their processing. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contrary to any legal storage or other obligations.

§ 4 Falls Sie Informationen zu möglichen Therapieoptionen, Ärzten und Klinischen Studien erhalten möchten, können Sie den von uns zur Verfügung gestellten Fragebogen mit Fragen zu Ihrem Krankheitsbild ausfüllen. Abgefragt werden dabei krebsspezifische Parameter, wie z.B. Angaben zu genetischen Mutationen, dem Status der jeweiligen Krebserkrankung, etc. Ihre Angaben sind freiwillig und dienen ausschließlich dem Zweck, dass wir durch sie in die Lage versetzt werden, Ihnen Informationen bereitzustellen. Die Verarbeitung erfolgt auf Grundlage Ihrer Einwilligung (Art. 6 Abs. 1 lit. a DSGVO). Es steht Ihnen jederzeit frei, Ihre Einwilligung ohne Angabe von Gründen mit Wirkung für die Zukunft zu widerrufen. Die Rechtmäßigkeit der bis dahin erfolgten Verarbeitung wird dadurch nicht berührt.

You are free to revoke your consent at any time with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.

You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app. This gives you the option to delete all personal data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation.

Die ausgefüllten Fragebögen und Anmeldungen zur Teilnahme an klinischen Studien werden in die Google-Cloud überführt, ein Dienst der Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, sodass Ihre Daten auf einem Server in den U.S.A. gespeichert werden. Wir haben mit Google sog. Standardvertragsklauseln abgeschlossen, die ein angemessenes Datenschutzniveau gewährleisten. Wenn Sie alle Eignungskriterien für die Anfrage der klinischen Studie erfüllt haben, werden die von Ihnen angegebenen personenbezogene Daten in das interne Innoplexus Dashboard für klinische Studien übertragen. Auf diese Daten kann das CURIA-App Team zugreifen, welches teilweise in Indien sitzt und Innoplexus Pune angehört. Hierbei wird ein angemessenes Datenschutzniveau durch den Abschluss von Standardvertragsklauseln abgesichert.

§5 Wir verwenden Google Analytics und Google Firebase, beides Dienste der Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, zur

  1. Analyse der allgemeinen Nutzung von CURIA, insbesondere App-Installationen/Deinstallationen, Fragebögen zur Erkrankung, Aktivitäten bei der Suche nach Behandlungsmöglichkeit und Einschreibungen zu klinischen Studien, Beginn einer Sitzung sowie beim Vergessen eines Passworts (Google Analytics).
  2. Zur Erhebung von Diagnosedaten für die Gewährleistung technischer Stabilität der App (Google Firebase).

Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymization purposes and is transmitted in shortened and anonymized form to Google servers in the USA. We use the anonymized reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no personal data.

Die Daten werden in den USA verarbeitet, wobei wir mit Google sog. Standardvertragsklauseln abgeschlossen haben, die ein angemessenes Datenschutzniveau gewährleisten.

Die Daten werden gelöscht, wenn sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind, weil die Option zur Erhebung und Weiterverarbeitung von Informationen zur Diagnose und Nutzungsverhalten in der CURIA App deaktiviert haben.

Es steht Ihnen jederzeit frei, Ihre Einwilligung ohne Angabe von Gründen mit Wirkung für die Zukunft zu widerrufen. Die Rechtmäßigkeit der bis dahin erfolgten Verarbeitung wird dadurch nicht berührt.

V. Processing of personal data and which data we may collect when using the Cancer Twin feature 

Ein Curia Zwilling ist ein Patient in der Curia-Community, dessen Krebsdiagnose Ihrer ähnelt. Curia Zwillinge können einen privaten Chat nutzen, um Erfahrungen auszutauschen. Der Chat basiert auf der Ethereum-Blockchain-Technologie. Das Ziel der neuen Funktionalität ist es, Krebspatienten zusammenzubringen.

§1 As part of a matching process, you as a user will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:

- Krebsindikation
- Stadium
- Hormonrezeptoren
- Genetische Marker
- Geschlecht
– Age
– Other health data, depending on cancer type
- Entfernung

Naturally, a CURIA user to whom your profile is proposed as a potential Cancer Twin can infer from such proposal that the parameters you provided correspond to the parameters provided by such user.

The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.

Wenn das letzte Anmeldedatum mehr als 6 Monate zurückliegt, wird das entsprechende Profil automatisch aus der Datenbank entfernt und kann nicht mehr mit neuen Cancer-Twins abgeglichen werden.

§2 Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.

Hierzu hat Innoplexus einen Knoten bereitgestellt, welcher die Funktion eines Vermittlers übernimmt, um die Chat-Nachricht auf die Ethereum-Blockchain weiterzuleiten. Bevor eine Nachricht übertragen und auf der Blockchain gespeichert wird, wird sie mittels Ende-zu-Ende- Verschlüsselung lokal auf dem mobilen Gerät des Patienten vollständig verschlüsselt. Der private Schlüssel, der für die Verschlüsselung der Nachricht notwendig ist, ist die ganze Zeit auf Ihrem physischen Gerät gespeichert und wird nicht mit Innoplexus oder anderen Nutzern geteilt. Erst wenn die verschlüsselte Nachricht vom Curia Zwilling empfangen wird, wird diese Nachricht mit einem entsprechenden Schlüssel auf dem mobilen Gerät des Curia Zwillings, welcher die Nachricht empfangen soll, entschlüsselt.

The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.

In this case, the chat associated with your profile will be deleted from your device. In such case, the private key is lost and no one can decrypt the data, not even CURIA or Innoplexus. The nickname and chat content on the device of the Cancer Twin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the Cancer Twin database if the last login date is more than 6 months ago.

Der Serverstandort kann aufgrund der Blockchain-Infrastruktur (Public Ethereum-Blockchain) im Allgemeinen nicht einem bestimmten Land zugeordnet werden, aber durch die Verschlüsselung des Chat-Inhalts unter Anwendung eines Public-Key-Verschlüsselungsverfahrens werden die Daten für alle anderen hochgradig pseudonymisiert, sodass ein Datentransfer in ein Drittland als "sicher" angesehen werden kann.

Gehashte Metadaten werden nicht auf der Ethereum-Blockchain gespeichert.

VI. Where do we store personal data?

Other than where otherwise described above, the data you provide will be transferred to Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection.

For additional information with respect to Google Cloud privacy practices you may visit the following link:

Sie erkennen hiermit den Ort der Speicherung und die Übermittlung von Informationen, wie in dieser Datenschutzrichtlinie beschrieben, an und stimmen dieser zu, einschließlich der Übermittlung außerhalb Israels.

VII. Sharing data with third parties

Wir geben keine persönlichen Daten, die wir über Sie sammeln, an Dritte weiter, außer in den folgenden Fällen:

  1. to provide the Service, at your request and choice, including specific features you elect to use;
  2. zur Erfüllung von Anforderungen gemäß geltendem Recht, Vorschriften, Gerichtsverfahren oder behördlichen Anfragen;
  3. to enforce this Privacy Policy and/or our Terms of Use, including investigation of potential violations thereof;
  4. to detect, prevent, or otherwise address fraud, security or technical issues;
  5. to respond to your support requests;
  6. to respond to claims that any content available on the Service violates the rights of third-parties;
  7. um auf Behauptungen zu reagieren, dass Kontaktinformationen (z. B. Name, E-Mail-Adresse usw.) einer dritten Person ohne deren Zustimmung oder in Form von Belästigungen veröffentlicht oder übermittelt wurden;
  8. um die Rechte, das Eigentum oder die persönliche Sicherheit von uns, unseren Nutzern oder der Öffentlichkeit zu schützen;
  9. im Falle eines Kontrollwechsels bei Innoplexus, einschließlich einer Fusion, einer Übernahme oder eines Kaufs des gesamten oder eines wesentlichen Teils des Vermögens des Unternehmens;
  10. to collect, hold use and/or manage your personal information through our third party service providers, as reasonable for business purposes (including for purposes of providing and promoting the Service) which may be located outside of Israel, as described below;
  11. to provide advertising and other commercial or sponsored content from our partners which may be valuable to you or
  12. nach Ihrer ausdrücklichen Zustimmung vor der Weitergabe.

Um Zweifel auszuschließen, können wir nicht-personenbezogene Daten nach eigenem Ermessen und vorbehaltlich der Bestimmungen dieser Datenschutzrichtlinie an Dritte weitergeben und offenlegen oder anderweitig verwenden.

VIII. Transfer of your personal data – third party software/service

We may transfer and share your personal data with our selected partners and service providers who assist us with various aspects of our operation and business. These include:

-Storage and processing services (such as Google LLC),
-Web and app analytics services (such as Google LLC)

These companies are authorized to use your personal data only as necessary to provide these services to us and not for their own promotional purposes. You hereby acknowledge and consent to such sharing and transfer of your data, including transferring outside of Israel. We do not sell your personal data to third parties.

IX. Access to personal data and modification of personal data

If you wish, we can provide you all your personal data which you provided to us. To do so, please contact us at

If for any reason you wish to update, modify or revise your personal data that is stored with us and identifies you, you may do so on the Service by editing your information on your account.

X. Security 

We implement measures to secure the Service and  your personal data. For example, personal data is hosted on Google Cloud servers, which provide advanced security features. However, such measures do not provide absolute information security and we do not and cannot guarantee that unauthorized access will never occur.

We recommend using the strongest password combination available on your mobile device to protect unauthorized access to your mobile device.

XI. Direct Marketing 

You acknowledge and agree that we may use your contact details for the purpose of informing you regarding our products and services and for sending you other marketing material, such as for example relevant medical data, updates and news, including as part of the Service as well as via the e-mail address or phone number you have provided.

We may also contact you as part of the Service for the purpose of informing you of treatments or clinical trials that might be relevant to you.

None of the above information (or any other information which we may provide to you) shall be considered as medical advice (see also our Terms of Use for more details).

You may withdraw your consent by notifying us to our following email address:

We may also contact you with information regarding our Service. For example, we may notify you (through any of the means available to us) of changes or updates to our Service, maintenance, etc. You cannot opt-out of receive such service notifications.

XII. Minors

To use our Service, you must be over 18 years old. We do not knowingly collect personal data from persons under the age of 18, unless it was provided by the user’s family member who is over the age of 18 and has the right to provide personal data on the minor’s behalf. We reserve the right to request proof of age at any stage so that we can verify that minors under 18 years old are not using the Service. In the event that we become aware of a person under 18 years old using the Service, we reserve the right to block such user’s access to the Service.

XIII. Changes to this Privacy Policy 

We reserve the right to change this Privacy Policy at any time, so we recommend you to re-visit this page frequently.

We will provide notice of substantial changes of this Privacy Policy on the Service and/or we will send you notice of such changes. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Service after the Last Revised date will constitute acceptance of and agreement to be bound by such changes. Please note that in the event that this Privacy Policy should be amended to comply with any legal requirements, such amendments may take effect immediately and without any prior notice, as may be required by law.

XIV. Questions, comments and complaints

Sollten Sie Fragen, Kommentare oder Beschwerden haben oder glauben, dass Ihre persönlichen Daten missbraucht wurden, wenden Sie sich bitte an uns unter Wir werden unser Bestes tun, um Ihr Problem zeitnah zu lösen. Wir können Sie bitten, uns bestimmte persönliche Informationen zur Verfügung zu stellen, damit wir Sie identifizieren können.

Last updated: 4th Jan 2022