Emailcenter UK Limited

Xtremepush

An integrated multi-channel marketing automation platform:
- Intelligent analytics, segmentation, cohort analysis & targeting
- Email engagement
- SMS engagement
- Website engagement, utilising Web Push and On-Site Notifications
- Mobile app engagement, including Push & In-App Messaging
- Messaging on social channels, DSPs, Advertising displays etc.
- Proximity Marketing

Features

  • Email engagement
  • SMS engagement
  • Website engagement, Web Push and On-Site Notifications
  • Mobile app engagement, Push notifications & In-App Messaging
  • Automation Journey Builder - Multichannel
  • Smart channel for messaging on social channels, DSPs etc.
  • Proximity Marketing Solution with Geo-location
  • Behavioural Targeting
  • Intelligent analytics, segmentation, cohort analysis & targeting

Benefits

  • Drive revenue and maximise brand loyalty through digital channels
  • Powerful user insights with multi-channel engagement functionality
  • Analyse, segment and target mobile app, web and email users
  • Multi-channel communication in one single platform
  • GDPR compliance tools

Pricing

£00.005 per transaction

Service documents

G-Cloud 11

531268178183484

Emailcenter UK Limited

Jason McSweeney

44 1327 811884

jason.mcsweeney@xtremepush.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints No.
System requirements Supported Web Browsers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Confirmation immediate
Initial Response < 30 minutes.
Extended response dependant on query and inline with agreed SLA.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels We have 3 levels of support.
Standard includes office hours, tech support and an account manager
Silver and Gold levels add managed service time, enhanced SLA's, hands on account support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We have a full on-boarding process:
Kickoff call to plan resource, timeframes and contact details etc.
System user training
Technical sessions for SDK / API integration
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Full data extraction is provided in an agreed format and securely transferred to the client.
End-of-contract process At the end of a contract, the account becomes inaccessible, a full data extract is provided if required. All account data is then securely deleted.
The client is responsible for disabling/removing any integration with their websites, apps, data systems etc.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Users access the service through a web browser, logging in to their account.
All campaign, automation setup, data, analytics and programmes are managed via the interface.
Accessibility standards None or don’t know
Description of accessibility Users can input information relevant to the system, e.g. email information, recipient data, dynamic content.
Input fields are described with text. Action buttons are described with text as well as by defined icon and/or colours.
Accessibility testing Interface testing to controlled standards of common function, design and aesthetic is carried out for all UI components. Ease of use and intuitive UX are part of our design standard.
API Yes
What users can and can't do using the API The API supports methods to:
Create / Change / Remove Campaigns
Create / Change / Remove Message Content
Create / Change / Remove Data Segmentation
Create / Change / Remove Data Lists
Create / Change / Remove Geofences / iBeacon Locations
Post campaign delivery and tracking information to other system endpoints.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation System interface can be white-labelled.
This work is carried out by our systems admins, in collaboration with the client.

Scaling

Scaling
Independence of resources The Platform and messaging servers are also placed in load-balanced groups, within AWS data centres. They are deployed using an Amazon Machine Image and the load-balanced groups are auto-scaling, so when demand increases the throughput capability increases to suit.

Analytics

Analytics
Service usage metrics Yes
Metrics types Analytics provided as standard cover in depth metrics on end users for:
Campaigns
In-App Behaviour
Web Browser
Location
Device
Attribution
Reporting types
  • API access
  • Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are multiple types of data in the system.
Some types can be exported using the system API.
Other types an export file can be generated.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability All EC2 instances are stateless and immutable. All EC2 instances are deployed in auto scaling groups with multiple availability zones.
Even if only one EC2 instance is required it is deployed in an auto-scaling group. The auto scaling group points at a backed up Amazon Linux AMI containing the full server build, configuration etc. (equivalent to a VM).
This means if an EC2 instances fails it will automatically be replaced. Also if an Amazon
Availability Zone goes down a new instance will automatically launch in another availability zone.
Because EC2 instances are kept stateless and immutable, downtime rather than data loss is the
main concern when EC@ instances fail.
To prevent down time in the event of a failure a minimum of two instances, in different availability zones is preferred. This will prevent downtime in the event of a single EC2 failure or an availability zone failure as another EC2 will still be online while the failed instance is being replaced.
Uptime is 99.9%, excluding planned downtime. Non-performance credits are provided in the event that Xtremepush fails to meet its’ obligations related to Service Availability.
Approach to resilience All EC2 instances are stateless and immutable. All EC2 instances are deployed in auto scaling groups with multiple availability zones. Even if only one EC2 instance is required it is deployed in an auto-scaling group. The auto scaling group points at a backed up Amazon Linux AMI containing the full server build, configuration etc. (equivalent to a VM). This means if an EC2 instances fails it will automatically be replaced. Also if an Amazon Availability Zone goes down a new instance will automatically launch in another availability zone. Because EC2 instances are kept stateless and immutable, downtime rather than data loss is the main concern when EC@ instances fail. To prevent down time in the event of a failure a minimum of two instances, in different availability zones is preferred. This will prevent downtime in the event of a single EC2 failure or an availability zone failure as another EC2 will still be online while the failed instance is being replaced.
Outage reporting Clients are alerted by use of a public dashboard, by email alert or, depending on service agreement, by direct telephone call.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels All system access is governed by Role, with a centrally managed and audited ACL.
Role based access is implemented so that least privilege is granted.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 21/08/2018
What the ISO/IEC 27001 doesn’t cover Anything outside of: THE PROVISION OF MULTI-CHANNEL ANALYTICS AND ENGAGEMENT MARKETING PLATFORM AND SERVICES
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Information Security Management System is monitored, measured, analysed and evaluated by application of the procedures documented in our ISMS manual, which include auditing of procedure, management reviews on a 6 month basis and reporting to board level. The primary policies concerning security are:

Security Policy
Access Control Policy
Backup Policy
Clear Screen and Desk Policy
Data Protection Policy
Data Transfer Policy
Disciplinary Procedure
Email & Internet Acceptable Usage Policy
Grievance Procedure
Laptop Policy
Network Systems Monitoring Policy
Password Policy
Remote Access Policy
Virus Protection Policy

The CTO is assigned overall responsibility for security and is a member of the Information Management Forum, which maintains, monitors, audits and reports on the ISMS and adherence to it.

6 monthly refresher of ISMS procedures and policies, AWS security best practices and OWASP security awareness, and best practices are carried out.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach IT change management processes are carried out using Change Requests and records are maintained within our task management application for both general changes affecting security, and for bug fixes and software development changes. Security is a required consideration for all changes before a Change Request can be completed.
Defined authorisations and approvals are in place.
All concerned parties are informed of the status of the request as changes or progress is made as applicable.
Where necessary, a Data Protection Impact Assessment (DPIA) may be undertaken for GDPR purposes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use the Amazon Linux AMI on our EC2 instances. It is a supported and maintained Linux image provided by Amazon Web Services. Vulnerability & Patch Management is handled using the Amazon Linux AMI Security Center and the yum package management utility.
Updates are performed as soon as possible according to instructions provided on issue correction. We use the MySQL on our RDS instances. RDS is a managed database service provided by AWS. Vulnerability & Patch Management is handled by RDS. Updates are automatically applied in a predefined maintenance window. Bulletins for updates are provided by the AWS Security Center.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The network infrastructure is securely managed by AWS this includes a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. In Addition individual Instances running the XtremePush solution also use ClamAV for virus management and the OSSEC Host intrusion detection system.
Incident management type Supplier-defined controls
Incident management approach Customers should raise all incident reports describing the incident and the contact information of the person reporting the incident by submitting a support ticket to our support system. This support service is a paged service that will immediately page the appropriate resource.

Escalation is the process used by the Customer if any of the expectations of incident response time is not met including:

If an escalation contact cannot be reached within an agreed time, Customer may escalate to the next level.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £00.005 per transaction
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑