Time to Spare

Time to Spare

Time to Spare is a platform for voluntary and community organisations to manage data and to safely share reports of the work they do with funders and public bodies. These reports are used to estimate social value and to better allocate resources, support and funding.


  • Real time reporting
  • Volunteer recruitment and brokerage
  • Measure outcomes with standard surveys
  • Combine local data with public open data
  • Track and trace for community buildings
  • Customer and case management for VCS organisations
  • Quantitatively and qualitatively estimate social value
  • Mobile version
  • Referral network for voluntary and community services


  • Learn from monitoring reports
  • Calculate the social value of your VCS projects
  • Improve security of VCS data
  • Encourage collaboration between community organisations
  • Save time for VCS organisations doing monitoring and reporting
  • Encourage volunteering and participation
  • Better discovery of community services
  • Make referrals to VCS organisations


£480 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@timetospare.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 6 9 8 9 1 5 0 2 8 2 4 4 4 9


Time to Spare Tom Neill
Telephone: 07411495842
Email: tom@timetospare.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Web Browser
  • Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
On weekdays, the median response time for a support inquiry using our live chat is 4 minutes.

Our support is not guaranteed at weekends.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We use Intercom for our live chat, so rely on their testing for accessibility.
Onsite support
Yes, at extra cost
Support levels
As a small team, all our support is delivered by the core members of the team that wrote the software. We charge a daily rate for significant support requests, but will make small changes/bug fixes for free.
Support available to third parties

Onboarding and offboarding

Getting started
For buyers, we provide an onboarding call with a member of our team and can do an in-person demonstration (pandemic-permitting).

We have user guides in the form of video tutorials hosted on YouTube.
Service documentation
Documentation formats
Other documentation formats
End-of-contract data extraction
This can be done on request in CSV or JSON format.
End-of-contract process
Data extraction in CSV or JSON format comes included. Anything else is an additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The reports and analytics cannot be accessed from the mobile service.
Service interface
Customisation available
Description of customisation
Public bodies (the buyer) can customise the service by requesting custom dashboards, analysis and themes.

VCS organisations (third parties) can customise the data structure they use to collect their monitoring data. They can use standard impact surveys or they can create their own.


Independence of resources
We view our service as having 2 potential scaling bottlenecks and we have taken steps to address each one.

1) Database access - we use a "global-scale" NoSQL cloud database that is very robust to heavy read and write loads.

2) Hosting - we use a multi-cloud serverless hosting service, so that our hosting will scale automatically to increased requests.


Service usage metrics
Metrics types
Our core service is providing reports on the work of VCS organisations. As a result, we provide metrics on the number of people these organisations work with, the frequency of their interaction and a number of other characteristics.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Some views or reports have a built-in CSV export.

For other specific details, an export can be requested using our live chat service.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Approach to resilience
Available on request.
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All our management interfaces are restricted at account level. They require access to be specifically granted to each new team member.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We take security very seriously and all members of our small team are very clear of the steps we need to take to ensure data is kept securely. We conduct regular internal audits of our data security.
Information security policies and processes
We maintain a detailed breach policy available on request and ensure that we are fully GDPR compliant.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use Git and Github for our version control and to integrate with our build and deploy system. This enables us to test and preview each change before it's made publicly available and to monitor our dependencies for security vulnerabilities.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We deploy patches to our service as soon as we are able, usually within the day. We use Github's security vulnerability alerts to monitor our dependencies, and we proactively work internally to find security vulnerabilities in our software.
Protective monitoring type
Protective monitoring approach
We respond as quickly as possible to any identified compromises.
Incident management type
Supplier-defined controls
Incident management approach
We maintain a version-controlled internal document of all incidents. For users affected by incidents, we send out an email alert within 48 hours of being made aware.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£480 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
We provide a free version of our service to VCS organisations. We can offer a free trial of our community analytics on a case by case basis.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@timetospare.com. Tell them what format you need. It will help if you say what assistive technology you use.