Privacy Policy

Last updated: 12 April 2026

1. Data Controller

PINE LINES SRL
CUI: 40670956
Str. Horea 88-90, Ap. 13, 400275 Cluj-Napoca, Romania
Email: hello@pinelines.eu

2. What Grafta Does

Grafta is a free health-tracking web application for kidney transplant recipients. It lets you log medications, vitals, and lab results. All health data is stored in a Google Sheets spreadsheet inside your own Google Drive. Grafta does not have its own database and cannot access your health data.

3. Health Data — Stays on Your Device and Google Drive

Grafta does not collect, store, or process your health data on any server we control. Your medication logs, lab results, blood pressure, weight, temperature, fluid intake, and notes are written directly to your Google Sheets file via the Google Sheets API. The data lives in your Google account and is subject to Google's Privacy Policy.

We never see, read, or have access to any health values you enter.

4. Google Sign-In and API Access

Grafta uses Google Sign-In to authenticate you. When you sign in, we request permission to:

• Create and edit spreadsheet files that Grafta creates in your Google Drive

We do not request access to your contacts, emails, photos, or any other Google services. The OAuth token is stored locally in your browser and is never sent to our servers.

5. Analytics

We use Umami, a self-hosted, open-source, cookieless analytics tool. Analytics data is collected only after you explicitly consent via the consent banner shown on your first visit.

If you consent, we collect:

• Page views and session duration
• Button clicks and feature usage (e.g., which features you open)
• Error events (to fix bugs)
• Your selected language

We never collect:

• Any health data (creatinine, doses, weight, blood pressure, notes, etc.)
• Your name, email, or Google account information
• IP addresses (Umami anonymizes them by default)
• Cross-site tracking data

Umami does not use cookies. No data is shared with or sold to third parties. Analytics are hosted at analytics.pinelines.eu on infrastructure we control.

6. Cookies and Local Storage

Grafta does not set any cookies. We use browser localStorage to store:

• Your language preference
• Your analytics consent choice
• Temporary offline data (synced to your Google Sheet when back online)
• App settings (water target, display preferences)

This data never leaves your browser.

7. Legal Basis for Processing

Under the GDPR, we process data based on:

• Consent (Art. 6(1)(a)) — for analytics, collected via the consent banner. You can withdraw consent at any time.
• Legitimate interest (Art. 6(1)(f)) — for essential localStorage data needed to make the app function.

8. Data Retention

• Health data: Stored in your Google Drive indefinitely — you control it.
• Analytics data: Retained on our Umami instance. Aggregated, no personal identifiers.
• localStorage: Persists until you clear your browser data or uninstall the app.

9. Your Rights

Under the GDPR, you have the right to:

• Access — request what data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Restriction — limit how we process your data
• Portability — receive your data in a portable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email us at hello@pinelines.eu.

10. Supervisory Authorities

You have the right to lodge a complaint with a data protection authority:

• Romania: ANSPDCP — www.dataprotection.ro
• Hungary: NAIH — www.naih.hu
• Or the supervisory authority in your EU member state of residence.

11. International Transfers

Your health data is stored by Google in accordance with their data processing terms. Analytics data is stored on a Hetzner server in the EU. No data is transferred outside the EU/EEA by us.

12. Children

Grafta is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact us and we will delete it.

13. Changes to This Policy

We may update this policy. The "last updated" date at the top will reflect the latest revision. Material changes will be communicated via the app.

14. Contact

For any privacy-related questions:
PINE LINES SRL
Email: hello@pinelines.eu

Politica de confidentialitate

Ultima actualizare: 12 aprilie 2026

1. Operatorul de date

PINE LINES SRL
CUI: 40670956
Str. Horea 88-90, Ap. 13, 400275 Cluj-Napoca, Romania
Email: hello@pinelines.eu

2. Ce face Grafta

Grafta este o aplicatie web gratuita de monitorizare a sanatatii pentru beneficiarii de transplant renal. Permite inregistrarea medicamentelor, semnelor vitale si rezultatelor analizelor. Toate datele de sanatate sunt stocate intr-un fisier Google Sheets din propriul tau Google Drive. Grafta nu are o baza de date proprie si nu poate accesa datele tale de sanatate.

3. Datele de sanatate — raman pe dispozitivul tau si in Google Drive

Grafta nu colecteaza, stocheaza sau prelucreaza datele tale de sanatate pe niciun server pe care il controlam. Inregistrarile medicamentelor, rezultatele analizelor, tensiunea arteriala, greutatea, temperatura, aportul de lichide si notitele sunt scrise direct in fisierul tau Google Sheets prin API-ul Google Sheets. Datele se afla in contul tau Google si sunt supuse Politicii de confidentialitate Google.

Nu vedem, nu citim si nu avem acces la nicio valoare de sanatate pe care o introduci.

4. Autentificarea Google si accesul API

Grafta foloseste Google Sign-In pentru autentificare. Cand te conectezi, solicitam permisiunea de a:

• Crea si edita fisiere de tip spreadsheet pe care Grafta le creeaza in Google Drive-ul tau

Nu solicitam acces la contacte, emailuri, fotografii sau alte servicii Google. Token-ul OAuth este stocat local in browser si nu este trimis niciodata pe serverele noastre.

5. Analize (Analytics)

Folosim Umami, un instrument de analize open-source, auto-gazduit, fara cookie-uri. Datele de analize sunt colectate doar dupa ce iti exprimi acordul explicit prin bannerul de consimtamant afisat la prima vizita.

Daca esti de acord, colectam:

• Vizualizari de pagini si durata sesiunii
• Click-uri pe butoane si utilizarea functiilor (de exemplu, ce functii deschizi)
• Evenimente de eroare (pentru remedierea erorilor)
• Limba selectata

Nu colectam niciodata:

• Date de sanatate (creatinina, doze, greutate, tensiune arteriala, notite etc.)
• Numele, emailul sau informatiile contului tau Google
• Adrese IP (Umami le anonimizeaza implicit)
• Date de urmarire cross-site

Umami nu foloseste cookie-uri. Nicio data nu este partajata sau vanduta tertilor. Analizele sunt gazduite pe analytics.pinelines.eu pe infrastructura pe care o controlam.

6. Cookie-uri si stocare locala

Grafta nu seteaza cookie-uri. Folosim localStorage din browser pentru a stoca:

• Preferinta ta de limba
• Alegerea ta privind consimtamantul pentru analize
• Date temporare offline (sincronizate cu Google Sheet cand revii online)
• Setari ale aplicatiei (tinta de apa, preferinte de afisare)

Aceste date nu parasesc niciodata browserul tau.

7. Temeiul legal al prelucrarii

Conform GDPR, prelucram datele pe baza:

• Consimtamantului (Art. 6(1)(a)) — pentru analize, colectat prin bannerul de consimtamant. Poti retrage consimtamantul oricand.
• Interesului legitim (Art. 6(1)(f)) — pentru datele esentiale din localStorage necesare functionarii aplicatiei.

8. Perioada de pastrare a datelor

• Datele de sanatate: Stocate in Google Drive-ul tau pe termen nedeterminat — tu le controlezi.
• Datele de analize: Pastrate pe instanta noastra Umami. Agregate, fara identificatori personali.
• localStorage: Persista pana cand stergi datele browserului sau dezinstalezi aplicatia.

9. Drepturile tale

Conform GDPR, ai dreptul la:

• Acces — solicita ce date detinem despre tine
• Rectificare — corecteaza datele inexacte
• Stergere — solicita stergerea datelor tale
• Restrictionare — limiteaza modul in care prelucram datele tale
• Portabilitate — primeste datele tale intr-un format portabil
• Opozitie — opune-te prelucrarii bazate pe interes legitim
• Retragerea consimtamantului — oricand, fara a afecta prelucrarea anterioara

Pentru a exercita oricare dintre aceste drepturi, scrie-ne la hello@pinelines.eu.

10. Autoritati de supraveghere

Ai dreptul de a depune o plangere la o autoritate de protectie a datelor:

• Romania: ANSPDCP — www.dataprotection.ro
• Ungaria: NAIH — www.naih.hu
• Sau autoritatea de supraveghere din statul tau membru UE de resedinta.

11. Transferuri internationale

Datele tale de sanatate sunt stocate de Google conform termenilor lor de prelucrare a datelor. Datele de analize sunt stocate pe un server Hetzner in UE. Nicio data nu este transferata in afara UE/SEE de catre noi.

12. Copii

Grafta nu se adreseaza copiilor sub 16 ani. Nu colectam in cunostinta de cauza date de la copii. Daca crezi ca un copil a furnizat date, contacteaza-ne si le vom sterge.

13. Modificari ale acestei politici

Putem actualiza aceasta politica. Data „ultima actualizare" de sus va reflecta ultima revizie. Modificarile semnificative vor fi comunicate prin aplicatie.

14. Contact

Pentru orice intrebari legate de confidentialitate:
PINE LINES SRL
Email: hello@pinelines.eu

Adatvedelmi szabalyzat

Utolso frissites: 2026. aprilis 12.

1. Adatkezelo

PINE LINES SRL
CUI: 40670956
Str. Horea 88-90, Ap. 13, 400275 Kolozsvar (Cluj-Napoca), Romania
Email: hello@pinelines.eu

2. Mit csinal a Grafta

A Grafta egy ingyenes egeszsegkovetest szolgalo webalkalmazas vesetranszplantalt paciensek szamara. Lehetove teszi a gyogyszerek, letjelek es laboreredmenyek rogziteset. Minden egeszsegugyi adat egy Google Sheets fajlban tarolodik a sajat Google Drive-odban. A Graftanak nincs sajat adatbazisa, es nem ferhet hozza az egeszsegugyi adataidhoz.

3. Egeszsegugyi adatok — a keszulekedenen es a Google Drive-ban maradnak

A Grafta nem gyujt, tarol vagy dolgoz fel egeszsegugyi adatokat semmilyen altunk uzemeltetett szerveren. A gyogyszernaplo-bejegyzesek, laboreredmenyek, vernyomas, testsuly, homerseklet, folyadekbevetel es jegyzetek kozvetlenul a Google Sheets fajlodba irodik a Google Sheets API-n keresztul. Az adatok a Google-fiokodban talalhatok, es a Google adatvedelmi szabalyzata vonatkozik rajuk.

Soha nem latjuk, olvassuk vagy ferunk hozza semmilyen egeszsegugyi ertekhez, amelyet megadsz.

4. Google bejelentkezes es API-hozzaferes

A Grafta a Google Sign-In szolgaltatast hasznalja a hitelesiteshez. Bejelentkezeskor engedelyt kerunk a kovetkezokhoz:

• A Grafta altal a Google Drive-ban letrehozott tablazatfajlok letrehozasa es szerkesztese

Nem kerunk hozzaferest a nevjegyeidhez, emailjeidhez, fotoihoz vagy mas Google-szolgaltatasokhoz. Az OAuth-token helyben, a bongeszoben tarolodik, es soha nem kerül a szervereinkre.

5. Analizak (Analytics)

Az Umami nevu nyilt forrasu, sajat szerveren uzemeltetett, suti nelkuli analitikai eszkozt hasznaljuk. Az analitikai adatok gyujtese csak az explicit hozzajarulasod utan tortenik, amelyet az elso latogataskor megjeleno hozzajarulasi banneren keresztul adsz meg.

Ha beleegyezel, a kovetkezoket gyujtjuk:

• Oldalmegtekintest es munkamenet idotartamat
• Gombkattintasokat es funkciohasznalatot (pl. mely funkciokat nyitod meg)
• Hibaeseményeket (hibak javitasahoz)
• A valasztott nyelvet

Soha nem gyujtjuk:

• Egeszsegugyi adatokat (kreatinin, dozisok, testsuly, vernyomas, jegyzetek stb.)
• Nevedet, email-cimedet vagy Google-fiok informacioidat
• IP-cimeket (az Umami alapertelmezetten anonimizalja oket)
• Oldalak kozotti kovetesi adatokat

Az Umami nem hasznal sutiket. Az adatokat nem osztjuk meg es nem adjuk el harmadik feleknek. Az analizak az analytics.pinelines.eu cimen, az altunk uzemeltetett infrastrukturan vannak tavololva.

6. Sutik es helyi tarolas

A Grafta nem allit be sutiket. A bongeszo localStorage-at hasznaljuk a kovetkezok tarolasara:

• Nyelvi preferenciad
• Analitikai hozzajarulasi dontesed
• Atmeneti offline adatok (szinkronizalva a Google Sheet-tel, ha ujra online vagy)
• Alkalmazasbeallitasok (vizcel, megjelenites)

Ezek az adatok soha nem hagyjak el a bongészodet.

7. Az adatkezeles jogalapja

A GDPR alapjan az adatokat a kovetkezo jogalapokra hivatkozva kezeljuk:

• Hozzajarulas (6. cikk (1)(a)) — az analizakhoz, a hozzajarulasi banneren keresztul gyujtve. A hozzajarulast barmikoer visszavonhatod.
• Jogos erdek (6. cikk (1)(f)) — az alkalmazas mukodesehez szukseges alapveto localStorage-adatokhoz.

8. Adatmegorzesi idoszak

• Egeszsegugyi adatok: A Google Drive-odban tarolva határozatlan ideig — te iranyitod.
• Analitikai adatok: Az Umami-peldanyunkon tarolva. Osszesitett, szemelyazonositok nelkul.
• localStorage: Addig marad meg, amig nem torlod a bongeszo adatait vagy nem tarlitod el az alkalmazast.

9. Jogaid

A GDPR alapjan jogod van a kovetkezokhoz:

• Hozzaferes — kerd le, milyen adatokat tarolunk rolad
• Helyesbites — javitsd a pontatlan adatokat
• Torles — kerd az adataid torlesét
• Korlatozas — korlatizd az adatkezeles modjat
• Adathordozhatosag — kapd meg az adataidat hordozhato formatumban
• Tiltakozas — tiltakozz a jogos erdeken alapulo adatkezeles ellen
• Hozzajarulas visszavonasa — barmikoer, a korabbi adatkezeles erintese nelkul

Barmely jog gyakorlasahoz irj nekunk: hello@pinelines.eu.

10. Felugyeleti hatosagok

Jogod van panaszt benyujtani egy adatvedelmi hatosagnal:

• Romania: ANSPDCP — www.dataprotection.ro
• Magyarorszag: NAIH — www.naih.hu
• Vagy a lakhely szerinti EU-tagallam felugyeleti hatosaga.

11. Nemzetkozi adattovabbitas

Egeszsegugyi adataidat a Google tarolja az adatkezekesi felteteleiknek megfeleloen. Az analitikai adatokat egy EU-beli Hetzner-szerveren taroljuk. Altunk nem tortenik adattovabbitas az EU/EGT-n kivulre.

12. Gyermekek

A Grafta nem 16 ev alatti gyermekeknek szol. Nem gyujtunk tudatosan adatokat gyermekektol. Ha ugy velod, hogy egy gyermek adatokat adott meg, lepj kapcsolatba velunk, es toroljuk azokat.

13. A szabalyzat modositasai

Frissithetjuk ezt a szabalyzatot. A felul lathato „utolso frissites" datum az utolso modositast tukrozi. A lenyeges valtozasokrol az alkalmazason keresztul ertesitunk.

14. Kapcsolat

Barmilyen adatvedelmi kerdessel fordulj hozzank:
PINE LINES SRL
Email: hello@pinelines.eu