This document explains the terms of service for the DecideApp platform managed by the DecideApp application developers (PAD). It contains important information about the service and addresses eligibility, suitability, User responsibilities, access, support, and maintenance.
PrefApp offers a free, easy-to-use, and secure method of flexible yet robust data collection. It is especially popular for use in health research projects where data including personal information may be collected. This implementation provides eligible research groups access to the software and is centrally managed by PAD.
1.3 Platform Description
PrefApp offers a suite of customizable survey templates that are tailored to the needs of preference elicitation research. PrefApp features will be maintained and security will be kept up-to-date. Only stable features will be available via PrefApp. Should new features be developed, these will be added as they become available.
The PrefApp servers are physically located in Canada at the UBC University Data Centre. See the PrefApp Security Statement and PrefApp Platform documents for detailed technical specifications and security information.
PrefApp is an online webapp designed to facilitate data capture, primarily for preference research. It is a useful self-service web application for the collection preference data, such as that collected via discrete choice experiments and best-worst scaling tasks. It is designed to meet the specific needs of preference elicitation research and to provide the technical controls necessary to allow for sensitive data capture. Like any tool, it has limitations; It is not the best tool for all projects. It is important to understand the limitations of PrefApp to ensure it is suitable for project needs. Reviewing the Frequently Asked Questions on the PrefApp website (www.PrefApp.org) can help can help potential users understand if the platform is appropriate for their project.
There are no representations or warranties, express or implied, as to the description, quality, completeness or fitness for any purpose of any services or information provided hereunder or described herein. Further, there is no ongoing commitment to ensure the operation of the PrefApp platform for any period of time. The PAD may terminate the operation of the PrefApp platform at any time, subject only to the requirement to use reasonable efforts to provide sufficient advanced notice to all users. It is the responsibility of the Project Owner to locate an alternate service and transfer all data.
All Users agree to use this platform in compliance with and only for purposes permitted by UBC Policy SC14 Acceptable Use and Security of UBC Electronic Information and Systems and associated information security standards. For more information, please refer to: https://cio.ubc.ca/information-security/policy-andstandards/information-security-policy-standards-and-resources
Faculty and students at postsecondary institutions in Canada may request a Primary User account.
All Users must have their own valid institutional email address in order to be provisioned access to the PrefApp platform. Valid institutional email addresses include those from universities, hospitals, colleges, research institutes and centres.
2.1 User Types
There are three (3) types of Users that may access the PrefApp platform:
2.2.1 Primary Users:
Are eligible postsecondary faculty or students. Primary users may create projects and can allow other users to access and modify their projects. Primary users are considered the owner of each project they create, and are responsible for ensuring their project(s) remain in compliance with these terms.
2.2.2 Participant Users:
Study participants who have been provided access to PreApp via an identifiable link to a specific project to enter data into the system. They do not have any administrative roles in PrefApp.
2.2.3 Anonymous Users:
Individuals who access PrefApp instruments without authentication. Typically, these are anonymous study participants but depending on the project design, they may also be part of the research team.
2.4 Account Suspension
Inactive User Accounts are automatically suspended by the system after 180 days of inactivity. To maintain an active account Users must login to the system at least once during this interval. There is no requirement to interact with the system apart from logging in. Users must contact PrefApp support directly to request a reactivation (refer to PrefApp website: www.PrefApp.org. Accounts that are inactive for 365 days will be deleted alongside all associated data.
2.5 User Responsibilities
· Must not share any access credentials with any other individual.
· Must notify PrefApp support in addition to following regular institutional procedures immediately in the event of a suspected privacy breach, in the event their access credentials are compromised or believed to have been compromised, or any other security incident.
· Must read, understand, and agree to these terms before using the PrefApp platform. Users are responsible for ensuring their use of the platform corresponds to all applicable regulations, research requirements, policies, and ethical requirements.
2.6 Project Suitability
The PrefApp software was designed as a secure data collection tool for preference elicitation studies. Other platforms, like REDCAP, are better suited for clinical research that requires collection of personal health information (PHI). The PrefApp API can be used to allow survey customization based on PHI without collecting PHI directly in PrefApp.
By requesting a project and through the use of the PrefApp platform, Primary Users agree to ensure that their use of the PrefApp platform is consistent and remains in compliance with all applicable institutional policies, regulations, laws, ethics requirements, and agreements. It is recommended that all Primary Users review UBC guidance on conducting online surveys:
2.7 Requesting a New Project
Primary Users can create, and thus own, up to three projects at any given time. Projects to which a user has access but does not own do not count towards the three projects limit. A user may request additional projects by emailing PrefApp Support at support@PrefApp.org. Requests will be reviewed on an individual basis.
2.8 Project Use
In all cases: projects may be used for testing while in development mode but it is the responsibility of the Project Owner to move the project into production before commencing active data collection. Regular audits of the system are in place to monitor all projects. The Project Owner will be contacted if a project, still in development mode, appears to be employed in active data collection.
Projects are limited to two (2) gigabytes (GB) in total file size (eg: attached files, PDFs, images etc). The Project Owner is responsible for ensuring the projects for which they are responsible are kept within this limit. The Project Owner will be notified if their project has exceeded this limit, and will be given 30 days to reduce their project size below this limit. Projects that exceed this limit beyond the 30 day window will revert to development mode.
2.9 Project Archive
Once data capture is complete, it is expected that data will be downloaded and the data hosted on PrefApp will be deleted.
3.1 Support Commitment
PrefApp support is available but limited. To conserve resources, users are advised to visit the PrefApp website before contacting PrefApp support. The PrefApp website includes frequently asked questions, how-tos, and tutorials that explain how to use PrefApp features. Programming knowledge is not required to use PrefApp but basic knowledge of HTML and CSS are useful for customization. PrefApp Support is available for the use of the platform, technical questions, and guidance regarding appropriate use of the platform and instrument configuration.
3.2 Accessing Support
Request support by contacting PrefApp Support (support@PrefApp.org). Support is provided on a best effort basis and by a team of individuals with distinct skill sets. The individual(s) that respond may change based on the nature of the request.
4.1 Maintenance Windows
To facilitate required upgrades and patches the PrefApp platform does not have a pre-set maintenance window, beyond those provided by the underlying ARC infrastructure. Users will be notified in advance when the maintenance window will be required in a given month and its estimated duration. Regular upgrades and patches will only be performed during this window.
4.2 System and Software Upgrades
Regular upgrades to the PrefApp platform will be performed as needed or as new features become available.
4.3 Add-On Modules
The PrefApp architecture supports software add-ons in the form of modules to extend the functionality of the system. Some add-ons are created by collaborating development teams outside the PrefApp project. Any included add-ons are listed on the PrefApp website (www.PrefApp.org).
Projects intending to use features provided by add-ons built by other teams should consider that these are not provided by the PrefApp project and may not continue to be maintained by their respective development team. PrefApp prioritizes maintenance of the core PrefApp platform, should an add-on module no longer function following a PrefApp software upgrade, it may be disabled or removed until such time as a new version is released. Security, Stability, and Urgent patches will also be prioritized in this manner. If an add-on is found to present a security or privacy vulnerability, it may also be disabled or removed.
Support for add-on modules is provided on a best-effort basis only.
5.1 Backup Procedure
The PrefApp platform follows a general procedure for backup. A complete database extract is performed daily; this extract is encrypted and maintained per the database retention schedule. In addition to this extract, the entire PrefApp application server is also captured weekly via a system snapshot, which is retained following the Virtual Machine (VM) retention schedule.
5.2 Schedule & Retention
PrefApp servers are backed up through UBC’s EduCloud and follow UBC IT’s business practices for backup, retention, and security.
The PrefApp database is backed-up once per day to a GnuPG 4096-bit key encrypted database to a disk in the Production environment. Encrypted database backups on the local disk are then backed up and replicated through EduCloud backup.
5.3 Restoration Requests
Restoration from backup is only available at the project-level and in exceptional circumstances. Backup processes are designed to protect against significant data loss/corruption events. Restoration of individual records or groups of records is not possible. The existence of backups should not be considered as a mitigation for record-level errors or data entry/deletion incidents.
The Project Owner responsible for a project may request restoration of the project from backup by submitting a request to support@PrefApp.org. Restoration requests will be considered on an individual basis, handled on a best-effort basis, and are subject to the availability of data under the schedule defined in section 5.2.
6. Data Retention and Destruction
6.1 Backup Procedure
See PrefApp’s Data Retention and Destruction policies document for details.