RainyDay Projects Ltd


Envilope is a "virtual envelope" in which you can lock emails, digital files, or secure messages containing text, images, audio, video - anything that can be sent online. Envilope gives senders privacy and control over their content. If you ever suspect a breach, you can vaporize your content.


  • Privacy & Control for all your Digital Content
  • Senders content is locked inside a secure ‘virtual envelope’
  • Send anything to anyone (content, device and platform agnostic)
  • Sender allow (or retract) printing, editing, downloads, forwarding, expiry dates
  • Senders terms and conditions must be accepted to unlock envelope.
  • Sender immediately notified delivery has been opened or forwarded
  • The sender has complete control of their important data
  • Envilope operates via email, web, text, social media or app
  • “App” available to download free on OS, mobiles and desktops
  • Available for free, paid, small business or enterprise


  • Users content is kept confidential, private and under their authority
  • Users content is safe and compliant
  • A solution to expensive multi-platform and device issues
  • Users have control over your content even after sending
  • Users have unlimited Terms & Conditions to protect their content
  • Users know who, when and where viewed their content
  • Users can retract, freeze or even vaporise their content
  • Users can use the service to suit their schedule
  • It’s a convenient user interface for any situation
  • The service is available to download for free.


£0 to £5 per user per month

Service documents


G-Cloud 11

Service ID

5 0 9 0 3 9 4 5 9 6 7 6 9 1 9


RainyDay Projects Ltd

Tony Ferrier, Public Sector



Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email within 24hrs
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support No
Support levels Email support
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started All deployments of envilope via App, Desktop and browser are easy to use and have context sensitive documentation and a support section where users can feedback and ask any questions they like and get a prompt email response - within 1 working day but usually much quicker. Users also initially get a "Welcome to Envilope" document which outlines the basic usage
Service documentation No
End-of-contract data extraction We can provide the user data upon request.
End-of-contract process Any user logons would be disabled. All user data is retained.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are some limitations to the types of file that you can upload to envilope when using iOS but apart from that there is no difference in functionality. There are slight differences in layout dictated by screen size but no functional limitations.
Service interface No
Customisation available Yes
Description of customisation Users can have their own branding added to the product in the form of 'stamps' that they can upload. The envelope can also be customised with user branding upon request.


Independence of resources The system is engineered in such a way a to be flexible enough to handle spikes and increased in demand.


Service usage metrics Yes
Metrics types Users start of with a set amount of data depending on their Service Plan. When they send an envelope with a document this subtracts an amount of data from their allowance, dependent on the size of the document sent. Users can monitor how much data that have used in sending their envelopes.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can make a request and we will export their data for them.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99%, assured by Service provider assertion
Approach to resilience The system is deployed as a VMware High Availability cluster.
Outage reporting The system is constantly polled via a third party monitoring system which reports via SMS and email to designated staff as to any outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Fingerprint
Access restrictions in management interfaces and support channels There is an Admin Area where users profiles can be managed and access restricted. Authentication details are given out on a very limited basis. Connection is via VPN on a dedicated IP address.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 21/10/2009
What the ISO/IEC 27001 doesn’t cover SaaS environment hosted by Rackspace
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self Certified (SAQ-A)
PCI DSS accreditation date 01/03/2017
What the PCI DSS doesn’t cover All online Credit Card payments are handled by PayPal.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The ITIL Information Security Management processes are followed.
Information security policies and processes The ITIL Information Security Management processes are followed.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All Configuration Management and Change Management processes follow the ITIL methodology. All potential changes are assessed at a code level for vulnerabilities and all processes are fully documented therefore allowing us to track the lifecycle of each aspect of the system.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our cloud provider is responsible for monitoring infrastructure level vulnerabilities. When any vulnerabilities are found / published relating to any software in use then best endeavors are employed to apply any patches necessary a quickly as possible. We subscribe to all communications and security bulletins relating to all the software we employ to deliver the service.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Firewall logs and OS level Security Alerts are regularly checked as well as web server logs to check for any abnormal activity. When any potential compromises are found then we respond as quickly as possible to deal with the situation.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We utilise the ITIL Incident Management Process. Users can report incident via email or the feedback section in the App. We communicate directly with the reporter of the incident throughout the life of the incident and if deemed necessary communicate details with the user community through the FAQ section of the App.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)


Price £0 to £5 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Free trial is available which includes Advertising and limits the data type use.
i.e. No Video or Music files.
Department limited collaboration trials are also available.
Link to free trial Www.envilope.com

Service documents

Return to top ↑