An integrated multi-channel marketing automation platform:
- Intelligent analytics, segmentation, cohort analysis & targeting
- Email engagement
- SMS engagement
- Website engagement, utilising Web Push and On-Site Notifications
- Mobile app engagement, including Push & In-App Messaging
- Messaging on social channels, DSPs, Advertising displays etc.
- Proximity Marketing
- Email engagement
- SMS engagement
- Website engagement, Web Push and On-Site Notifications
- Mobile app engagement, Push notifications & In-App Messaging
- Automation Journey Builder - Multichannel
- Smart channel for messaging on social channels, DSPs etc.
- Proximity Marketing Solution with Geo-location
- Behavioural Targeting
- Intelligent analytics, segmentation, cohort analysis & targeting
- Drive revenue and maximise brand loyalty through digital channels
- Powerful user insights with multi-channel engagement functionality
- Analyse, segment and target mobile app, web and email users
- Multi-channel communication in one single platform
- GDPR compliance tools
£00.005 per transaction
Emailcenter UK Limited
44 1327 811884
|Software add-on or extension||No|
|Cloud deployment model||
|System requirements||Supported Web Browsers|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Initial Response < 30 minutes.
Extended response dependant on query and inline with agreed SLA.
|User can manage status and priority of support tickets||No|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We have 3 levels of support.
Standard includes office hours, tech support and an account manager
Silver and Gold levels add managed service time, enhanced SLA's, hands on account support.
|Support available to third parties||Yes|
Onboarding and offboarding
We have a full on-boarding process:
Kickoff call to plan resource, timeframes and contact details etc.
System user training
Technical sessions for SDK / API integration
|End-of-contract data extraction||Full data extraction is provided in an agreed format and securely transferred to the client.|
At the end of a contract, the account becomes inaccessible, a full data extract is provided if required. All account data is then securely deleted.
The client is responsible for disabling/removing any integration with their websites, apps, data systems etc.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of service interface||
Users access the service through a web browser, logging in to their account.
All campaign, automation setup, data, analytics and programmes are managed via the interface.
|Accessibility standards||None or don’t know|
|Description of accessibility||
Users can input information relevant to the system, e.g. email information, recipient data, dynamic content.
Input fields are described with text. Action buttons are described with text as well as by defined icon and/or colours.
|Accessibility testing||Interface testing to controlled standards of common function, design and aesthetic is carried out for all UI components. Ease of use and intuitive UX are part of our design standard.|
|What users can and can't do using the API||
The API supports methods to:
Create / Change / Remove Campaigns
Create / Change / Remove Message Content
Create / Change / Remove Data Segmentation
Create / Change / Remove Data Lists
Create / Change / Remove Geofences / iBeacon Locations
Post campaign delivery and tracking information to other system endpoints.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
System interface can be white-labelled.
This work is carried out by our systems admins, in collaboration with the client.
|Independence of resources||The Platform and messaging servers are also placed in load-balanced groups, within AWS data centres. They are deployed using an Amazon Machine Image and the load-balanced groups are auto-scaling, so when demand increases the throughput capability increases to suit.|
|Service usage metrics||Yes|
Analytics provided as standard cover in depth metrics on end users for:
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
There are multiple types of data in the system.
Some types can be exported using the system API.
Other types an export file can be generated.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
All EC2 instances are stateless and immutable. All EC2 instances are deployed in auto scaling groups with multiple availability zones.
Even if only one EC2 instance is required it is deployed in an auto-scaling group. The auto scaling group points at a backed up Amazon Linux AMI containing the full server build, configuration etc. (equivalent to a VM).
This means if an EC2 instances fails it will automatically be replaced. Also if an Amazon
Availability Zone goes down a new instance will automatically launch in another availability zone.
Because EC2 instances are kept stateless and immutable, downtime rather than data loss is the
main concern when EC@ instances fail.
To prevent down time in the event of a failure a minimum of two instances, in different availability zones is preferred. This will prevent downtime in the event of a single EC2 failure or an availability zone failure as another EC2 will still be online while the failed instance is being replaced.
Uptime is 99.9%, excluding planned downtime. Non-performance credits are provided in the event that Xtremepush fails to meet its’ obligations related to Service Availability.
|Approach to resilience||All EC2 instances are stateless and immutable. All EC2 instances are deployed in auto scaling groups with multiple availability zones. Even if only one EC2 instance is required it is deployed in an auto-scaling group. The auto scaling group points at a backed up Amazon Linux AMI containing the full server build, configuration etc. (equivalent to a VM). This means if an EC2 instances fails it will automatically be replaced. Also if an Amazon Availability Zone goes down a new instance will automatically launch in another availability zone. Because EC2 instances are kept stateless and immutable, downtime rather than data loss is the main concern when EC@ instances fail. To prevent down time in the event of a failure a minimum of two instances, in different availability zones is preferred. This will prevent downtime in the event of a single EC2 failure or an availability zone failure as another EC2 will still be online while the failed instance is being replaced.|
|Outage reporting||Clients are alerted by use of a public dashboard, by email alert or, depending on service agreement, by direct telephone call.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
All system access is governed by Role, with a centrally managed and audited ACL.
Role based access is implemented so that least privilege is granted.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QMS International|
|ISO/IEC 27001 accreditation date||21/08/2018|
|What the ISO/IEC 27001 doesn’t cover||Anything outside of: THE PROVISION OF MULTI-CHANNEL ANALYTICS AND ENGAGEMENT MARKETING PLATFORM AND SERVICES|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The Information Security Management System is monitored, measured, analysed and evaluated by application of the procedures documented in our ISMS manual, which include auditing of procedure, management reviews on a 6 month basis and reporting to board level. The primary policies concerning security are:
Access Control Policy
Clear Screen and Desk Policy
Data Protection Policy
Data Transfer Policy
Email & Internet Acceptable Usage Policy
Network Systems Monitoring Policy
Remote Access Policy
Virus Protection Policy
The CTO is assigned overall responsibility for security and is a member of the Information Management Forum, which maintains, monitors, audits and reports on the ISMS and adherence to it.
6 monthly refresher of ISMS procedures and policies, AWS security best practices and OWASP security awareness, and best practices are carried out.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
IT change management processes are carried out using Change Requests and records are maintained within our task management application for both general changes affecting security, and for bug fixes and software development changes. Security is a required consideration for all changes before a Change Request can be completed.
Defined authorisations and approvals are in place.
All concerned parties are informed of the status of the request as changes or progress is made as applicable.
Where necessary, a Data Protection Impact Assessment (DPIA) may be undertaken for GDPR purposes.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We use the Amazon Linux AMI on our EC2 instances. It is a supported and maintained Linux image provided by Amazon Web Services. Vulnerability & Patch Management is handled using the Amazon Linux AMI Security Center and the yum package management utility.
Updates are performed as soon as possible according to instructions provided on issue correction. We use the MySQL on our RDS instances. RDS is a managed database service provided by AWS. Vulnerability & Patch Management is handled by RDS. Updates are automatically applied in a predefined maintenance window. Bulletins for updates are provided by the AWS Security Center.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The network infrastructure is securely managed by AWS this includes a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. In Addition individual Instances running the XtremePush solution also use ClamAV for virus management and the OSSEC Host intrusion detection system.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Customers should raise all incident reports describing the incident and the contact information of the person reporting the incident by submitting a support ticket to our support system. This support service is a paged service that will immediately page the appropriate resource.
Escalation is the process used by the Customer if any of the expectations of incident response time is not met including:
If an escalation contact cannot be reached within an agreed time, Customer may escalate to the next level.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£00.005 per transaction|
|Discount for educational organisations||No|
|Free trial available||No|