PatronBase (UK) Partners LTD

PatronBase Box Office & CRM

PatronBase is a flexible, user-friendly & intuitive modular Ticketing & CRM system that allows you to build and sustain your audience, your way.
The system fully integrates with Marketing, Reporting, Fundraising, Venue Management, Retail and many more modules available.


  • User friendly interface, efficient to set up and use
  • Remote access
  • Support via phone, email or online with out of hours
  • Effectively scheduled maintenance and upgrades
  • Fully integrated with online, mobile and agency ticketing
  • Simple administration
  • Printed or Print at Home scanned entry ticketing
  • Full reporting
  • Unlimited users
  • Configurable seating algorithm


  • Manage ticketing through box office and web sales
  • Unlimited number of venues and seating plans
  • Fast Ticketing for effective management of walk ups
  • Record relationships between patrons
  • Define fees, discounts and ticket pricing
  • Revenue tracking with production and product links
  • Readily available support from our team of dedicated analysts
  • Time saving utilities including de-duplication
  • 130+ standard reports available plus our bespoke reporting service
  • Build customer loyalty using the memberships & Patron Points.


£5000 per licence per year

Service documents


G-Cloud 11

Service ID

3 5 1 3 6 2 8 8 3 0 8 9 6 6 0


PatronBase (UK) Partners LTD

Sales Team

029 2000 3490

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Planned maintenance is scheduled at a time to suit organisations using the system.
System requirements PC or Mac capable of Remote Desktop connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hour for issues agreed as classified as Emergency priority
* Within 6 hours (during business hours) for issues agreed as classified as High priority.
* Within 1 working day for issues agreed as classified as Normal priority.
* Within 2 working days for issues agreed as classified as Low priority. Remote assistance will be provided in-line with the above timescales dependent on the priority of the support request.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels PatronBase business support is included within the software subscription price. This provides unlimited support to your end users in operating the system. Your assigned PatronBase account manager will ensure you're getting the most out of the inclusive support and additional services we offer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Your PatronBase implementation project manager, an experienced user of the system with an industry background, will guide you through the process of getting your organisation up and running with the system. Each project is unique, so we tailor our template plan to your organisation and your needs, with typical go live projects taking around 6 weeks.

Key activities include scoping, data migration (importing the data your previous supplier provides into PatronBase), setup, installation of hardware and training. Training is provided on site and is accompanied by comprehensive documentation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction A final export is sent by PatronBase. PatronBase will also assist with the transition to a new supplier.

PatronBase will also securely store an inactive back-up of the database for a short period of time to assist with any queries following transition.
End-of-contract process PBUKP will assist with the transition to a new supplier.

PBUKP will contact the Customer to confirm the impending end date/termination date as it approaches.
• At midnight before the last extraction, PBUKP will close down online web sales.
• PBUKP will securely store an inactive back-up of the database for a short period of time to assist with any queries following transition.
• Back up is then deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile devices may access public-facing aspects of the service.
Internal aspects are optimised for PC, Mac and tablet.
Service interface Yes
Description of service interface Public facing services are available for integration into the venue or organisation's existing website.
Accessibility standards None or don’t know
Description of accessibility The venue interface of the system uses predominantly standard Windows controls which we believe to be compatible with screen readers and assistive technology.

The customer facing components' accessibility will depend on the integration with the venue's website styling.
Accessibility testing Internal testing only.
What users can and can't do using the API We provide a read-only API to allow organisations to populate the What's On information on their own website, and a writable API to allow organisations to register and validate users. Additional API documentation is available on request.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users may at any time customise the service through:
- Changing wording internally and in the public facing service
- Setting a range of configurable options
- Creating custom CRM fields
- Flexible event setup including fully self-managed creation of additional venues, events, seating plans, pricing plans, season subscriptions, offers and more
- Custom report development using Microsoft technologies

In conjunction with us, customisation of reports and dashboards, styling of integrated pages, development of additional API endpoints and development of new features and plugins is available on request.


Independence of resources Each organisation using PatronBase has a dedicated database ensuring that data and the demands placed on the database are isolated. Applications are load balanced across multiple servers and shared between organisations, with proactive monitoring to ensure that any peaks in demand are swiftly identified and acted upon. Where necessary, we can provide a private cloud solution or isolate resources for high demand users.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Comma separated values (CSV) files, or other formats on request
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability A commitment to provide 99.95% uptime in any calendar month (excluding scheduled maintenance)

PatronBase will respond to service related incidents and/or requests submitted by the Customer(s) within the following time frames:
* Within 1 hour for issues agreed as classified as Emergency priority
* Within 6 hours (during business hours) for issues agreed as classified as High priority.
* Within 1 working day for issues agreed as classified as Normal priority.
* Within 2 working days for issues agreed as classified as Low priority.
Remote assistance will be provided in-line with the above timescales dependent on the priority of the support request.
Approach to resilience This information is available on request.
Outage reporting Email alerts are sent as required.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels A fully configurable permissions system is provided, allowing users to be assigned to security groups and read or write access configured for a variety of system features and modules by a suitably privileged user.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self-certified
PCI DSS accreditation date July 2018
What the PCI DSS doesn’t cover Your own website, outside the PatronBase booking pages.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We take an approach consistent with ISO 27001.
Information security policies and processes Information Security Policy has been reviewed in line with the change in regulation (GDPR) and is available upon request.
The Technical Director is responsible for ensuring all policies are kept up to date and evolve in line with any change in regulation. Employees are provided with these policies as part of the on-boarding process and training provided whenever there is a change made. Regular reviews are undertaken

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes pass through a defined agile development process, with approval from senior members of the development team to ensure potential security impact is assessed.

The update schedule for core applications is unique to each client organisation, allowing updates to the software to be aligned to each organisation's desired frequency and convenience. Where appropriate, a test environment allows venues to try out new functionality prior to upgrading.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Windows, SQL Server, .NET and other Microsoft components, as well as our open source web technology stack, are patched weekly using Windows Updates, to ensure we continue to operate the latest and most secure operating system and system software versions. Where an urgent fix is released, our team monitors the security bulletins and applies updates as required. Whilst we avoid being “early adopters”, preferring new versions to settle in before adopting new software, we ensure that all software we use benefits from full support by using current versions.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Incidents must be triaged within 24 hours of identification, with more severe risks being triaged immediately.

Recovery procedures will be commensurate with the incident that has occurred. This will be determined on a case by case basis with all aspects of the recovery process full documented.
Incident management type Supplier-defined controls
Incident management approach Where incidents are identified we work on an ‘identify, triage, notify and mitigate’ model. it's the responsibility of all users to actively identify any potential incident. Then, the impact of the issue is gauged and the asset, system or person responsible isolated. Summarised, if a user identifies any incident, it needs to be reported to the Technical Director and Compliance Lead as soon as possible.
Triage takes place within 24 hours of the identification, with priority set as per the risk. Incidents are recorded on our centralised incident log and the log reviewed each month.
Regulators are notified where necessary.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5000 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑