We are doing what we can to prevent your data from getting lost or stolen.

What do we do to prevent you losing Data

1. Users can create new versions of their guideline, while having their previous versions easy accessible in their version history. For each new version we save a web version, a PDF and a data file. All these different formats will remain available for each version.
   
2. Non destructive deletes of data. For all critical data we only mark it deleted and not actually delete it. This has enabled us to recover deleted PICOs and recommendations in cases of mis-deleting. Currently this can be done by contacting support, but users will soon be getting access to to this themselves.
3. Daily snapshots/backup of the database. Keeping the last 35 days.
4. The use of relationships and constraints in our RMDBS helps to maintain data integrity
5. JSON exports (via the UI and API). Users can at any point generate a data-file copy of their whole guideline, or parts of it, and store that on their own machines
6. PDF exports (via the UI and API). Users can at any point generate a PDF copy of their guideline, and store that on their own machines
7. Word export (via the UI and API). Users can at any point generate a PDF copy of their PICO questions or recommendations, and store that on their own machines

What do we do to protect your data

1. We have an overall Terms of service that all users must adhere to.
2. Users can also set their own copyright statement and disclaimer.
3. We save no personal data.
4. We don't even have access to passwords. Passwords are encrypted with bCrypt.
5. ACLs at the section level.
6. Audits of every change is saved.
7. We only support SSL (encrypted) connections to the server.
8. CSRF enabled to prevent clicks jacking attacks for logins.
9. All db queries are protected from injection attacks.
10. All servers are behind at least 1 firewall.
11. All application logs are shipped to a logging server.