Provides cloud software to enable the management of datasets to allocate records as tasks to teams and users to review, update and track completions.


  • Data cleansing
  • Dataset collaboration
  • Dashboard reporting
  • Dataset review
  • Data import and export
  • Task driven data collaboration
  • Knowledge worker data capture
  • Data onboarding
  • Data transformation


  • Manage data and record reviews
  • Quickly allocate records in datasets to teams and users
  • Simplify manual data collection and cleansing activities
  • Reduce potential version control issues
  • Monitor progress of data reviews and completions against targets
  • Undertake data quality management for system migrations


£199 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 6 3 1 4 8 8 3 3 5 8 7 7 4 9


Telephone: 07889842417

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Requires datasets to be imported as CSV or XLS/XLSX formats. Upgrades and functionality improvements are undertaken during 00:00 and 06:00 GMT.
System requirements
  • Modern browser
  • Dataset in CSV or XLS/X format

User support

Email or online ticketing support
Email or online ticketing
Support response times
Tickets are responded to within 1 hour, support is available 7 days a week from 9am to 6pm.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Web chat support
Onsite support
Support levels
Support on all services procured is included in the cost of the subscription to the service, there is only a single support service available, though if additional support arrangements are required these can be factored in at additional cost dependent on the individual requirements of the client. General support is available 7 days a week 9am to 6pm GMT by email/ticket
Support available to third parties

Onboarding and offboarding

Getting started
Online training videos are available for both the administrator and the end users of the system. User guides are also available for download. Initial 30 min video training for the administrator is also available on paid plans.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The administrator is able to export their data at any time by selecting the export option against the datasets before the contract expires. Should the client wish to export following their contract expiring, they can raise a ticket to support and we will supply the data to them, providing that the request is made before the retention policy expires.
End-of-contract process
The contract will expire after 30 days notice is provided by the Client at which time the clients user accounts will be frozen. The Client's portal and the data contained is kept for a period of 90 days according to our retention policy. (In case of the Client wishing to export the data following contract expiry or if the Client decides to renew their service during the 90 day window). The Client can contact us within the 90 day window following contract end to either: a) Renew access to the service. b) Request that the data is permanently deleted upon request before the 90 day window. c) Request a single export of data from their portal. Subsequent requests for export following a first request following the contract expiry may be chargeable.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Cleata works on both desktop and mobile/tablet devices, however due to the nature of the service provided it is likely that the vast majority of customers would use the service from a laptop/desktop device. The manager (administrator) has to upload the dataset to Cleata so given limitations on mobile / tablet devices it's likely this would be done on a desktop/laptop. User login is limited to form based view rather than tabular view for reviewing and updating records on a tablet/mobile device.
Service interface
Description of service interface
The administrator has a login which provides them with the ability to load datasets and configure the setup to allocate the datasets to teams and users as well as add/amend users and teams.

The user has their own login which provides them with access to the dataset records allocated to them.

This is all done within a browser.
Accessibility standards
None or don’t know
Description of accessibility
All user interaction occurs through the web browser, where possible we have adhered to usability guidelines but have not tested this with assistive technology.
Accessibility testing
We haven't tested with users of assistive technology.
Customisation available
Description of customisation
Customisations are built in for the purpose of defining what datasets go to which teams and users. Column permissions are set by the manager on a team basis, so that one team can have limited access to data in specific columns than others also working on the same dataset. Additional customisations are built as options during the dataset configuration for the manager (administrator) of Cleata. Additional customisations or requests for functionality changes are requested via support and are triaged and potentially developed into the product in a later release for all clients of Cleata.


Independence of resources
Cleata has been designed with scalability as part of the development plan, with everything reviewed and checked for load testing. Cleata is hosted on elastic cloud so that as demand increases, the platform Cleata is hosted on also scales up to cope with demand so that users are not affected. Servers are hosted in a cluster to ensure failover and no loss of data or service.


Service usage metrics
Metrics types
Records loaded (either in total or by individual dataset) Number of users and teams (either in total or by individual dataset) Total records reviewed (either in total or by individual dataset) Total records outstanding (either in total or by individual dataset) Records reviewed/outstanding by team or user. Burndown chart of targets vs actuals if using a target complete date.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data at rest is encrypted at AES-256. Physical access control is managed by Amazon AWS and their controls apply.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is an export button in the Client's console.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XLSX

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service is guaranteed at 99.5% up-time over any monthly period excluding planned outages for maintenance, upgrades and improvements. Performance metrics are shared on a monthly basis. If performance in any given monthly period does not perform at the guaranteed service level, service credits will be provided to the cost of period of downtime over and above the guaranteed service level based on the service the client has subscribed to.
Approach to resilience
The configuration and setup of the servers that support the Cleata system are setup in a cluster that includes support for failover of any component of the service. Components of the cluster are also split over more than one data centre, so if a data centre suffers an outage - the service will continue and no data will be lost. If a component fails, then automated tools will redeploy the failed component to ensure continuity of service.
Outage reporting
Outages (either planned or unplanned) are reported by email alerts to all users.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
The client is provided with a single account for management interfaces with a single user name and password that is setup by the client and has a strict password policy.

Support channels are open to all end users and management users only, a separate registration process is used to confirm that users appear from the same domain that the client has a registered account to. Administrative actions can only be requested by the management user.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials Plus (In progress)
  • Server architecture is ISO27001 certified by AWS.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
At time of submission, we are starting Cyber Essentials Plus accreditation. We document each security incident and are developing security policies in line with the ISO accreditation process.
Information security policies and processes
All security incidents are flagged to the Director as the responsible party for Security for review and action. We are in the process of updating our policy documents, which include: risk log, risk reporting, risk management, IT security and operational security manual.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Cleata uses source control with documented revision history for each change.

All changes are tested, then pushed to a staging environment and verified before before deployed to a live environment.

Customers are then notified of new feature releases and the wiki site updated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Cleata operates a threat management policy which includes regular penetration testing, plugin and server patching.

We monitor CVEs from various websites to understand potential threat and risks to our infrastructure.

All servers are hosted by AWS and security updates are done with the most of 1 week following release unless identified critical.

We virus scan all code before deployment and monitor security updates for software packages we use.

We also review syslog messages and flag user authentication errors.

Plugins and libraries used by Cleata are automatically updated.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We employ active monitoring of the system and identifies any suspicious behaviour outside normal usage. All network, firewall and system log information is subjected to regular audit.

If a compromise was found, then immediate action is taken to remove the issue and identify any potential data breach/loss.

If required, the ICO would be informed as per GDPR requirements.
Incident management type
Supplier-defined controls
Incident management approach
We have an APM that actively monitors application performance to ensure that the system is behaving as intended.

Users can report via a ticketing system or by email.

For common issues, we provide a wiki which is frequently populated with updates and common answers to questions.

Common issues such as password resets are self service.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£199 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
Free tier consists of:
Maximum 1 team and 2 users
Single dataset
500 row limit.
Basic support

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.