Are my ExorLive data safe? The short answer is yes. The slightly longer answer, with an overview of our security practices, as well as information on features that secure your data, can be found in this article, whether you are an instructor or therapist, administrator, legal person, or IT / support worker.
Go directly to:
Information to professionals using ExorLive
Information to administrators using ExorLive
Information to professionals using Exorlive
Who can I see in Exorlive?
In Exorlive you as a professional can see the contacts that you have entered into the system yourself. This happens either automatically via a jump-out from your medical record system or directly in Exorlive. If you are going to see other contacts in your unit, you must make an active choice to search for this contact. Before you open any programs stored on this contact, you must check that the contact has given their consent, and enter a comment. The access to personal data and training program is registered, and this can be checked by an administrator afterwards.
Signing / locking a program
When saving a training program to a contact, you can choose to sign it as you do with an entry in a medical journal. Signing a training program will prevent you, or anyone you have shared the program with, from making changes after signing. Read more about signing training programs HERE.
Signing/locking a training program
When a program is locked/signed to a contact, this cannot be deleted and it must be removed instead. This will leave a trace and therefore not be counted as a complete delete.
Programs that are not locked to a specific contact can be deleted after they are locked. These can be unlocked and deleted by the person who created the program or an administrator.
Your custom exercises and GDPR
In ExorLive you can create your own custom exercises, with the possibility to upload your own photos and video. You retain the ownership rights of your own exercises and when uploading content you choose how this can be shared <example>. Read about content ownership and responsibility in our licence agreement.
When you upload your own exercises in ExorLive, you are responsible for obtaining the necessary approval from the patient and possibly other licensees. You must therefore create an internal policy to safeguard this. Read more about safety and guidelines in your own exercises HERE and you can also read more about this in our FAQ.
Information to administrators using ExorLive
Roles and organisational structure in ExorLive
As the administrator, you are the person in charge and authority to add or disable instructors and other users in your organisation. For security reasons, ExorLive only approves changes in the user access initiated by the administrator in the organisation.
ExorLive has a flexible system where each person created in the system has assigned one or more roles. What each user can access will therefore depend on what roles the user has. Here you can read more about the different roles one can have in ExorLive.
In ExorLive, you also have the opportunity to represent your organizational structure in the form of a tree structure, and where users can be organized into different sub-units. The access to each person in the system will then depend on which roles you have and where you are placed in the tree structure. As an administrator, you have access to creating new users in the preferred device, as well as giving roles to them. You can read more about how you do that HERE.
In the Admin panel, you can change multiple settings to customize ExorLive to your organization. Here you can read more about the changes you can make.
Activity and access report
As an administrator, you have access to an overview over all activities and actions for a given user or a contact. Read more about reports in our help center.
Useful legal information
Licence agreement including data processor agreement
To see our other agreements, e.g. Sale Terms and Conditions, Service Level Agreement and our API Terms of Service, you can go to our legal department. You can also find answers to frequently asked security questions in our Security FAQ.
Information for IT/support
ExorLive is a Software as a Service (SaaS) solution for planning workouts and for related administrative tasks. To see a brief description of the structure, security policy, system requirements and information about data storage, click here.
ExorLive is running on a set of Microsoft Azure Servers by Microsoft, placed in Dublin, Ireland. Data is stored in a SQL database, and these servers are administrated by ExorLive's headquarters in Oslo. The database is configured in a master/slave-system, so that we always have two updated copies of the database. Only internal technical personnel in ExorLive authorized and located at ExorLive's office in Oslo have access to personal data. Microsoft's data storage policy is certified by ISO/IEC 27001, which you can read more about here. If agreed upon, it is also possible to store data on your own servers.
Every night at 01:00, a backup is done of ExorLive's slave server, to daily secure data. This is stored for 1 year, unless otherwise agreed upon. The product's life time is set to minimum 5 years.
AD, ADFS and SSO
ExorLive supports AD ( Active Directory) by ADFS (Active Directory Federation Services): Microsoft ADFS version 2016 OpenConnect and 2012 WsFederated. ExorLive uses OAUTH 2.0 & OPEN ID for authentication and Authorization. SSO is supported by ADFS and OAUTH 2.0.
There are different ways a partner application may communicate with ExorLive.
This is described on our developer site: developer.exorlive.com/api/. To learn more about our collaboration rules, you can read our API Terms of Conditions and our ExorLive Application Developer Policy
Do you have any more questions? See if you can find any answers in our Security FAQ, read more in our help centre, or contact us!