TuGO Ride Share

BookingLab combine a number of key technologies to deliver Mobility-as-a-Service (MaaS) solutions to support a range of transportation schemes. This service provides a personalised ride sharing service to deliver joined up travel. Driven by an event or specific community, our smart ride sharing connects people with common goals and interests.


  • Mobile friendly customer journeys for finding and booking travel
  • Peer to Peer ride sharing with user profiles
  • Interest and event driven communities configured by admin
  • Full API integration, seamlessly integrating with travel apps
  • Profile management with end user scoring / ratings
  • Designed to accessibility standards, WCAG 2.1 AA
  • Notification management including email and SMS communication
  • Sophisticated reporting and data management tools for admin
  • Access to anonymised data for travel behaviour insight
  • Geospatial driven routing for journey matching


  • Ability to search, plan and book travel 24/7
  • Integrates multi-modal transport services to simplify access
  • Reduces congestion, improving air quality
  • Improved customer experience, with seamless, mobile friendly, accessible journeys
  • Enable interest driven schemes to drive uptake
  • Reduce fuel costs and private mileage expenses
  • Support communities by enabling a safe shared economy
  • Encourage sustainable travel by delivering ease of use
  • Built-in reporting and exportable data, providing improved data management
  • Automated communication with users via customisable email and SMS


£250 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11



Chad Duggan


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Modern web browser
  • Internet connection to mobility service

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Please refer to our Service Level Agreement included with our Terms and Conditions.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Core support is provided between 9am – 5pm Monday to Friday. Our supported customers receive access to our Support Desk; SLAs for response and resolution are included as standard and part of the annual license fee. 'How to' video guides, FAQ knowledge-base and a getting started training manuals available. As well as proactively monitoring your performance and providing regular platform-wide improvements, our Support Team will answer general queries about the solution, resolve technical issues and manage any escalations.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started 1) Welcome pack provided 2)Service launched and branded 3)Support portal setup and access provided.

In addition, BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data is completely exportable, transferable and secure.
End-of-contract process Off-boarding follows the publication of automated emails and then the closure of their account. It is the customer’s responsibility to download all collected data prior to the project completion. This can be exported directly from the platform admin interface. All booking and customer data can be extracted in a number of formats to ensure a safe and secure migration to any new systems being used. This would be an agreed format between the supplier and buyer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences between mobile or desktop.
What users can and can't do using the API The API is typically used to create or cancel bookings, create or delete rides / journeys, or to access trip data.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Yes, the following can be configured:
- Schemes / Groups / Events
- User Profiles and Data Fields
- Journeys

Users configure these via an Admin Portal.


Independence of resources Via a dedicated cloud service or auto scaling policies.


Service usage metrics Yes
Metrics types Service metrics available on request.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data can only be provided on request.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SLA's not defined but we guarantee that the Booking Service will be available 99.5% of the time.
Approach to resilience Available on request.
Outage reporting Quarterly reports available on request.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Named representatives only by user role.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our security governance policy can be provided on request.
Information security policies and processes We follow and comply with The General Data Protection Regulation 2016/679

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Service components continue to be tracked and reviewed monthly, with risk assessments on security impacts.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Servers are built and attached to configuration management systems before being tested and permitted to access data, or accessed by the internet. These systems apply security requirements, including remedial actions found during penetration tests. Weekly reviews of CVE vulnerabilities are performed. Staff subscribe to updates from core news sources. Security incidents and vulnerabilities are investigated by Operations. Issues are dealt with on the associated threat. Key contact points exist with customers. Patches are deployed on a priority basis, critical patches being deployed as soon as possible.
Protective monitoring type Supplier-defined controls
Protective monitoring approach BookingLab monitors availability using traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability packages. Real-time Intrusion Detection Systems are installed on all servers. Logs and activities are monitored. Core files that are managed by central configuration management are monitored and reverted if changes are found. Alerts are directed to the operations team.
Incident management type Supplier-defined controls
Incident management approach BookingLab have a pre-defined process that is documented for internal use.

Users can report incidents directly to our support team via our online support desk tool, email or telephone.

BookingLab incorporates automation of issue resolution actions, where possible. Other issues have defined steps stored in an incident management wiki.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £250 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Test bucket and user journey example available on request.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑