| Topic | Our approach |
|---|---|
| Website data | Contact form submissions and basic technical server logs only |
| Clinical pilot data | Governed by institutional BAA and data-use agreement — separate from this website |
| Protected Health Information | Not collected through the public website under any circumstances |
| SMS communications | Used only for enrolled clinical pilot participants with documented institutional consent |
| Advertising & tracking | No behavioral advertising, tracking pixels, or third-party analytics |
| Data sale | We do not sell personal information |
| Cookies | No advertising or tracking cookies; hosting provider may process standard delivery metadata |
| Contact | hello@graftwisehealth.com |
GraftWise Health, LLC ("GraftWise Health," "we," "us," or "our") is a digital health company developing KTx-CONNECT, a clinical platform designed to support medication adherence in pediatric kidney transplant recipients. Our registered contact address for privacy matters is:
GraftWise Health, LLC
Email: hello@graftwisehealth.com
Website: www.graftwisehealth.com
This Privacy Policy applies to:
This policy does not apply to information collected through the KTx-CONNECT clinical platform in the context of a formal institutional pilot. That information is governed by a separate Business Associate Agreement (BAA) and data-use agreement executed with the participating institution, in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
When you complete the contact form on this website, we collect:
This information is submitted voluntarily. You are not required to provide it, but without it we cannot respond to your inquiry.
When you visit this website, certain technical information may be collected automatically by our hosting infrastructure, including:
This website does not currently use tracking pixels, behavioral advertising scripts, or cross-site analytics. If this changes, this policy will be updated accordingly.
This website does not set advertising, tracking, or analytics cookies. It does not use behavioral profiling or cross-site tracking technologies of any kind. Our hosting provider (Netlify) may process standard technical metadata — such as IP address and request headers — as part of delivering the site. This is inherent to how websites are served and does not constitute user tracking.
The KTx-CONNECT platform sends automated text messages to enrolled patients as part of the clinical adherence workflow. These messages are sent only to individuals who have been explicitly enrolled in an institutional pilot and have provided documented consent through their care team or institution.
No text messages are sent to website visitors or contact-form submitters. SMS enrollment is a separate, clinically supervised process. All enrolled recipients retain the right to opt out of text messages at any time by replying STOP to any message received. Opting out will halt all automated communications to that number.
Message frequency varies by clinical protocol and individual care plan. Standard carrier message and data rates may apply. GraftWise Health does not charge for SMS communications directly.
Phone numbers collected for SMS communication are used solely for clinical follow-up purposes within the pilot program. They are not shared with third parties for marketing and are not sold.
We use the information we collect for the following purposes:
We do not use any information collected through this website for advertising, behavioral profiling, or sale to third parties.
GraftWise Health understands its obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. The KTx-CONNECT platform is designed to operate as a Business Associate to covered healthcare institutions in the context of a formal pilot.
Before any Protected Health Information (PHI) is processed through the KTx-CONNECT platform, GraftWise Health executes a Business Associate Agreement (BAA) with the participating covered entity. This agreement defines the permitted uses and disclosures of PHI, the safeguards GraftWise Health maintains, and the obligations of each party.
GraftWise Health applies the HIPAA minimum necessary standard to all PHI access and use. The platform is designed to collect only the data required to support the clinical adherence workflow — no more.
The graftwisehealth.com website contact form is not a HIPAA-covered channel. Please do not submit Protected Health Information through the website contact form. If you are a patient or clinician with questions about data collected through a clinical pilot, contact your institution's privacy officer or reach us at hello@graftwisehealth.com.
GraftWise Health does not sell, rent, or trade your personal information. We may share information in the following limited circumstances:
We engage third-party vendors to help operate this website and the KTx-CONNECT platform (see Section 8). These providers access information only as necessary to perform services on our behalf and are contractually obligated to protect it.
In the context of a clinical pilot, de-identified or aggregated outcome data may be shared with the participating institution for quality improvement and research purposes, as described in the applicable data-use agreement.
We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of GraftWise Health, our users, or the public.
If GraftWise Health is involved in a merger, acquisition, or similar transaction, personal information may be part of the assets transferred. We would notify affected individuals of any material change in how their information is handled.
GraftWise Health uses the following categories of third-party services in the operation of this website and the KTx-CONNECT platform. Each provider is selected in part based on its data protection practices.
This website is hosted on Netlify, Inc. Netlify may collect standard server log data including IP addresses and request metadata. Netlify's privacy practices are described at netlify.com/privacy.
The KTx-CONNECT platform database infrastructure is provided by Supabase, Inc. In pilot deployments, Supabase operates under a Business Associate Agreement.
Patient text message communications are delivered via Twilio, Inc. Twilio processes phone numbers and message content solely to transmit messages on our behalf. Twilio operates under appropriate data processing agreements. Twilio's privacy policy is available at twilio.com/legal/privacy.
This website uses the system default sans-serif typeface and does not load fonts from external CDN services. No font-related data is transmitted to third parties.
Inquiries submitted through the contact form are delivered to our team via standard email. No third-party CRM or marketing automation platform is used to process website contact form submissions at this time.
GraftWise Health implements administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. Specific measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at hello@graftwisehealth.com.
We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law or contractual obligation.
You may request deletion of your information at any time by contacting us at hello@graftwisehealth.com.
This website is directed at healthcare professionals, institutional administrators, and research collaborators — not at children or the general public. We do not knowingly collect personal information from children under the age of 13 through this website.
The KTx-CONNECT platform serves pediatric transplant recipients (which may include minors) in the context of a supervised clinical pilot. All data collection involving minors occurs under the oversight of the participating institution, parental or guardian consent processes established by that institution, and applicable regulatory review (including IRB oversight). Data involving minors is treated with heightened care and is subject to the terms of the applicable BAA and data-use agreement.
If you believe a child under 13 has submitted information to this website without appropriate consent, please contact us at hello@graftwisehealth.com so we can remove it promptly.
Depending on your location and applicable law, you may have the following rights with respect to your personal information:
To exercise any of these rights, contact us at hello@graftwisehealth.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
California residents may have additional rights under applicable state privacy law, including the right to know what personal information we hold, request its deletion, and opt out of any sale of personal information. GraftWise Health does not sell personal information. To submit a request or ask a question, contact us at hello@graftwisehealth.com. We will not discriminate against you for exercising these rights.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify affected parties by email or by a prominent notice on this website.
We encourage you to review this policy periodically. Your continued use of this website following any changes constitutes acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.
GraftWise Health, LLC · Privacy Policy · Effective April 25, 2026 · Return to homepage