Security in Exorlive

Print Friendly and PDF

Are my ExorLive data safe? The short answer is yes. The slightly longer answer, with an overview of our security practices, as well as information on features that secure your data, can be found in this article, whether you are an instructor or therapist, administrator, legal person, or IT / support worker.


Go directly to: 

Information to professionals using ExorLive

Information to administrators using ExorLive

Useful legal information

Information for IT/support

Security FAQ


 Information to professionals using Exorlive

Who can I see in Exorlive?

In Exorlive you as a professional can see the contacts that you have entered into the system yourself. This happens either automatically via a jump-out from your medical record system or directly in Exorlive. If you are going to see other contacts in your unit, you must make an active choice to search for this contact. Before you open any programs stored on this contact, you must check that the contact has given their consent, and enter a comment. The access to personal data and training program is registered, and this can be checked by an administrator afterwards.


Signing / locking a program

When saving a training program to a contact, you can choose to sign it as you do with an entry in a medical journal. Signing a training program will prevent you, or anyone you have shared the program with, from making changes after signing. Read more about signing training programs HERE.


Signing/locking a training program

When a program is locked/signed to a contact, this cannot be deleted and it must be removed instead. This will leave a trace and therefore not be counted as a complete delete. 

Programs that are not locked to a specific contact can be deleted after they are locked. These can be unlocked and deleted by the person who created the program or an administrator.


Your custom exercises and GDPR

In ExorLive you can create your own custom exercises, with the possibility to upload your own photos and video. You retain the ownership rights of your own exercises and when uploading content you choose how this can be shared <example>. Read about content ownership and responsibility in our licence agreement. 

When you upload your own exercises in ExorLive, you are responsible for obtaining the necessary approval from the patient and possibly other licensees. You must therefore create an internal policy to safeguard this. Read more about safety and guidelines in your own exercises HERE and you can also read more about this in our FAQ.


Information to administrators using ExorLive

Roles and organisational structure in ExorLive

As the administrator, you are the person in charge and authority to add or disable instructors and other users in your organisation. For security reasons, ExorLive only approves changes in the user access initiated by the administrator in the organisation.

ExorLive has a flexible system where each person created in the system has assigned one or more roles. What each user can access will therefore depend on what roles the user has. Here you can read more about the different roles one can have in ExorLive.

In ExorLive, you also have the opportunity to represent your organizational structure in the form of a tree structure, and where users can be organized into different sub-units. The access to each person in the system will then depend on which roles you have and where you are placed in the tree structure. As an administrator, you have access to creating new users in the preferred device, as well as giving roles to them. You can read more about how you do that HERE.



In the Admin panel, you can change multiple settings to customize ExorLive to your organization. Here you can read more about the changes you can make.


Activity and access report

As an administrator, you have access to an overview over all activities and actions for a given user or a contact. Read more about reports in our help center.



Useful legal information

Licence agreement including data processor agreement

Our licence agreement and privacy policy is updated to acommodate changes in privacy legislation (GDPR), as well as including new features that will be introduced in ExorLive this coming year. 


To make your life easy we have included a Data Protection Agreement directly in our License Agreement. You will find this agreement by clicking here , as well as when you log into ExorLive or sign up for an account. There is no need to create a separate Data Protection Agreement using ExorLive as is. Our privacy policy is also available here

 To see our other agreements, e.g. Sale Terms and Conditions, Service Level Agreement and our API Terms of Service, you can go to our legal department. You can also find answers to frequently asked security questions in our Security FAQ



Information for IT/support

System description

ExorLive is a Software as a Service (SaaS) solution for planning workouts and for related administrative tasks. To see a brief description of the structure, security policy, system requirements and information about data storage, click here


Data Storage

ExorLive is running on a set of Microsoft Azure Servers by Microsoft, placed in Dublin, Ireland. Data is stored in a SQL database, and these servers are administrated by ExorLive's headquarters in Oslo. The database is configured in a master/slave-system, so that we always have two updated copies of the database. Only internal technical personnel in ExorLive authorized and located at ExorLive's office in Oslo have access to personal data. Microsoft's data storage policy is certified by ISO/IEC 27001, which you can read more about here. If agreed upon, it is also possible to store data on your own servers.

Every night at 01:00, a backup is done of ExorLive's slave server, to daily secure data. This is stored for 1 year, unless otherwise agreed upon. The product's life time is set to minimum 5 years. 


AD Integrations and SSO

ExorLive can be integrated with the customer’s AD (Active Directory). This means that access is managed in the AD and the users log in with their AD user to access ExorLive. Another IDP (identity provider) than Microsoft AD is also supported as long as the IDP supports either of the following protocols:

  • SAML2.0
  • OIDC 


ExorLive API

There are different ways a partner application may communicate with ExorLive.
This is described on our developer site: To learn more about our collaboration rules, you can read our API Terms of Conditions and our 
ExorLive Application Developer Policy

Do you have any more questions? See if you can find any answers in our Security FAQ, read more in our help centre, or contact us!