JustPark is a cashless parking payment provider for 18 local authorities and over 50 private operators including Universities and Hospitals. We provide parking payment options, through mobile applications, IVR and online. We focus on improving the customer experience and innovation including emissions pricing, EV charging and Blue Badge fraud prevention.


  • Mobile Applications, IVR, SMS and web payments for parking sessions
  • Comprehensive back office reporting tools for analysis of parking sessions
  • Dedicated account management and support for parking team
  • Integrated with hardware suppliers for pay-on-exit and autopay
  • Finance analysis and optimisation
  • Pre-booking service for revenue maximisation and optimisation
  • Tools to combat Blue Badge fraud
  • Predictive availability to reduce congestion and emissions
  • Pre-booking service for EV charging points
  • Dynamic and emissions based pricing


  • Fastest way to pay for parking
  • 3m+ registered customers
  • 99.9% uptime SLA
  • Forward thinking team focused on the future of mobility
  • Reduce congestion and emissions
  • Reduce costs associated with appeals
  • Improve your parking brand and customer experience
  • Secure (PCI certified) platform
  • Reduce cash collection costs and high merchant fees
  • Communicate effectively with motorists through online messaging


£0.00 to £0.10 per transaction

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

1 2 8 2 0 6 7 6 5 7 9 6 4 2 2



Anthony Eskinazi



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to ANPR Management
Payment Machine services
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints No
System requirements Internet Access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our response time is dependant on the contact method and the issue the user is experiencing.

When contacting us via by email Email/Tickets, there are 4 separate SLAs and they are as follows:

• Urgent - SLA of within 30 minutes
• High - SLA of within 4 hours
• Normal - SLA of within 24 hours
• Low - SLA of within 72 hours

When contacting us via Live Chat, during office hours, a user will typically receive a response within minutes.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use Zendesk to manage our customer support tickets, and they are currently working on meeting WCAG 2.1 AA.
Web chat accessibility testing To date, we have not done any testing with assistive technology users as we only recently began rolling out Live Chat.
Onsite support Onsite support
Support levels As a client of JustPark's, you will have your own dedicated client account manager, priority access to the client-facing account support team and direct contact with the sales director on the senior management team.

Your drivers will receive priority customer service support from our UK customer service team (available on a free phone, local rate number), who are also available out of hours to the client should any issues arise.

During implementation, you will have regular in person and conference call meetings with your account manager and the implementation team, as well as full client training on the back office product and driver facing products so your team is fully equipped for the switch to JustPark. Should any follow-up training be required, we can provide this via video call or in person if more suitable.

In person contract review meetings will take place at the frequency defined by the client - as frequently as once per quarter following initial implementation.

Our goal is for you to receive the support you and your drivers need, whenever it is required. All of the above is provided free of charge.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There will be an initial kick off meeting to outline the project plan, timelines and project scope. We will guide you thorough every step of the implementation. The account management and implementation teams have conducted over 18 local authority implementations over the last 18 months and all have gone very smoothly.

Throughout the implementation process, you will have regular in person and conference call meetings with your account manager and the implementation team.

For training, all relevant employees from the user's organisation will receive full training on the back office and driver facing products so the team is fully equipped for the switch to JustPark. Should anyone be absent, we will conduct a train-the-trainer process with the most senior team member.

Should any follow-up training be required, we can provide this via video call or in person if more suitable.

We will provide hard and soft copy (PDF) user guides for all of the products, and send updated versions to the user as and when updates are made to the training documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract, all data specific to the contract will be made available via our online export function. This will include all parking session data for the duration of the contract.
End-of-contract process At end of contract all signage will be removed and the new provider will be responsible for the erection of new provider signage.
The telephone service will be switched off at an agreed time and date.
All outstanding monies owed to the client will be calculated an paid within the 30 day SLA should the service be on a JustPark MID.
JustPark has the ability to contact all current customers to advise of the switch to a new provider.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We offer a mobile responsive website and all functionaility is available on mobile and well as desktop.
Service interface No
What users can and can't do using the API We can integrate our solution with your existing enforcement providers using our API.

We offer out-of-the-box integrations with Imperial Civil Enforcement Solutions (ICES), Conduent, ZatPark, Chipside, Civica, Spur, and WSP.

We can also use our API to integrate with barriers, payment machines, sensors systems and ANPR solution.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We can customise the brand on the checkout on web and mobile web. This represents one part of the user experience when the user is ready to buy. As a result, users can log in, pay and get a confirmation email on a web white-label experience.


Independence of resources We run containerised workloads on managed kubernetes (GKE on gcloud) for our applications. Kubernetes is an app deployment, networking and management platform, that let’s us easily scale applications running in containers. Our primary cluster straddles three different data centres equally for high availability. We then preform regular load test to ensure we are able handle additional load and understand our theorical limit.


Service usage metrics Yes
Metrics types We provide metrics for measuring car park performance and efficiency metrics including but not limited to:

- Usage/Registration Statistics (By platform)
- Motorist Demographics
- Occupancy rates
- Pricing Insights
- Payment Methods
- Transaction Volumes (broken down by Location, Zone)
- Parking Durations (broken down by Location, Zone)
- Revenue (broken down by Location, Zone)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach You can export data by using the back-office interface provided to every client or speaking to your account manager who can arrange an export. All data specific to this contract will be made available.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability - Smartphone Applications: 99.9%
- Back-Office System: 99.9%
- Enforcement API: 99.9%
- Payment Processing: 99.9%

See SLAs in Service Document for more information.
Approach to resilience We run containerised workloads on managed kubernetes (GKE on gcloud) for our applications. Our primary cluster straddles three different data centres equally for high availability. We run multiple replicas of each of these applications simultaneously and have the facility to horizontally scale these replicas automatically based on CPU usage when required. Both the backend services in this relationship use Redis as a cache layer and also as a queue system, configured in a Highly Available setup with failover replicas in separate data centres in the case that the primaries fail. Both the backend services use a MySQL database set up in a Highly Available configuration across multiple data centres with multiple read replicas to handle database read load, and a dedicated failover replica located in a different data centre ready to take over as the master in the case of an outage or hardware failure.
Outage reporting We provide a statuspage indicating any current issues, updates and expected resolution times.
In our client facing portal we have intergrated with this statuspage service to identify to customer when we are experiencing any issues
We utilise statuspage.io which provide a public dashboard, API access and email alerts on subscription basis.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels When the back office is set up, your account manager will liase with the key point of contact at the user's organisation. We will send a spreadsheet with each 'permission' and a list of what that 'permission' can see/do, and ask the client to fill out the names/emails of the team members who need each permission.

We will not set up any new users without the key point of contact's permission.

If any detailed requests from the user's team members come through our support channels, the request will be passed on to the account manager for review.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Elavon Security Manager
PCI DSS accreditation date 14/03/2019
What the PCI DSS doesn’t cover JustPark are PCI Level 2 compliant and complete a SAQ type D.
This include a quartly security scan and Self-assessment Questionnaire.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We comply with ISO9001, and have internal processes and procedures that are detailed and available to all employees. All employees go through training on induction with regards to security governance, and our governance procedures are reviewed regularly by the COO and CEO. Specific training is given on security to all relevant employees.
Information security policies and processes ISO9001 and internal processes, which are fully GDPR compliant

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes to the system, including configuration changes are made through our distributed version control system (Git) and must be approved by at least one other team member before they are merged and deployed. During this review process potentional vulnerability are idenifity and fix before releasing
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerabilities get identified though a few different channels, the yearly penetration tests, bug bounties or customer reports. The impact of customer data is reviewed then are treated with priotity 1 status. Getting fixed immediately being patch in up to 24 hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We utilise intelligent logging which looks for suspension activity and generates alerts. We then have a detailed Incident Response Plan indicating different escaltion steps and people to contact depending of different scenarios. All incidents are dealt processed with a few hours of us being made aware of the issue
Incident management type Supplier-defined controls
Incident management approach We have pre-defined incident response plan with clear escalation path. Users are able to report incidents via our customer support team. The issue will be idenified, priotied and fixed with the customer being informed at each step of the progress.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.00 to £0.10 per transaction
Discount for educational organisations Yes
Free trial available Yes
Description of free trial JustPark will provide a payment platform for a limited amount of time to operators, Local Authorities and other parking space providers to demonstrate the added value that our platform can bring.

Service documents

Return to top ↑