Gradient Limited


Gurn enables staff to navigate between their web-based resources, retrieve information and search across their tools instantly. With Gurn, users can open documents, tools and resources with just a single command from their browser's address bar. It's easy to use, requires minimal training and comes with no technical integration headaches.


  • Single point of entry for all web-based resources
  • Retrieve what you need using a single keyphrase
  • Open multiple resources at the same time
  • Save your open tabs for when you need them next
  • Machine Learning powered recommendation engine
  • Real-time analytics and dashboards
  • In-app notifications and alerts


  • Fast and easy access to web-based resources
  • Improves productivity by helping users find relevant information easily
  • Improves users workflow enabling seamless transition between tools and workspaces
  • Gurn remembers, so you don't have to
  • Improves collaboration amongst teams
  • Reduces the risk of using out of date resources
  • Understand what your organisation is using and when
  • No more bookmarks


£2 to £7 per user per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 6 5 6 2 8 3 2 3 2 0 9 1 6 6


Gradient Limited

Rory Macduff-Duncan


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Our software acts as an extension to the web browser. It can be deployed as a stand-alone service without requiring a browser extension. However, in this configuration some functionality may not be available.
Cloud deployment model Hybrid cloud
Service constraints No
System requirements Modern web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During the working week (exc. UK Bank Holidays) we endeavour to respond within 2 hours.
User can manage status and priority of support tickets No
Phone support No
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Real-time chat through browser pop-up.
Web chat accessibility testing We haven't completed in-house testing but we have worked with clients to test their requirements.
Onsite support Yes, at extra cost
Support levels Monday-Friday (exc. UK Bank holidays) 09.00-17.00 online support is included in the licence fee. A Technical Acccount Manager will be made available to liaise with the client on high priority support issues.

We can provide further support to meet with the client's requirements e.g. phone support, or extended hours support, but these support options would be subject to an extra cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There is an easy-to-follow onboarding process that is triggered once users have installed the software and created an account.

We also provide training materials, FAQs and support guides - these are included in the price.

We also offer support through web chat where users can receive assistance during the onboarding process and beyond.

We can provide onsite training, though this would be at an extra cost.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The buyer should contact the supplier and request for the data to be extracted. This request is subject to a charge.
End-of-contract process The service will be terminated and the supplier can purge all the client's data, there is no extra charge for this service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API Through our API it is possible to set up nearly all aspects of the service, although initial application deployment is configured through environment variables that are not controlled by the API.

Things that can be set up include:

- Create keyphrases
- Edit profile
- Create contexts
- Create lists
- Create teams
- Invite users
- Create Tabs collections
- Set permissions on resources
- Receive notifications
- Send notifications

It is possible to perform update and delete operations on nearly all aspects of information within the system.

- Update / delete keyphrases
- Update profile
- Update / delete contexts
- Update / delete lists
- Update / delete teams
- Update users
- Update / delete tab collections
- Update / delete permissions
- Delete notifications
API documentation No
API sandbox or test environment No
Customisation available No


Independence of resources We use autoscaling technology. Our system is built in a way that supports horizontal scaling. If demands exceed the appropriate tolerances of our system it will automatically provision more instances of the services under load to prevent negative impact on the wider user base.


Service usage metrics Yes
Metrics types We provide real-time metrics:
- Recently accessed resources
- Most active users
- Recently updated resources
- Trending resources

We provide regular reports:
- New resources added in the last week
- Updated resources in the last week
- Trending up in the last week
- Trending down in the last week

We provide on request reports covering a range of user and resource-based metrics.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Google hard drives leverage technologies like FDE (full disk encryption) and drive locking.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach On request users can export their data in CSV format from the system.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We provide a service level of 99% availability. Gradient provides a mechanism for refund up to 100% of the monthly subscription for sustained outages that are greater than 7 consecutive days.
Approach to resilience Our software is deployed in a high availability configuration across multiple data centres.
Outage reporting Email alerts to system administrators.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels We deploy role-based access through our management interface to restrict access to information and the ability to perform actions within our software.

Our support channels use user authentication to restrict access to tickets and escalation.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The underlying infrastructure is accredited to ISO 27001.
Information security policies and processes All employees sign up to Gradient's Information Security Policy that follows the principles of ISO 27001. Our CEO is responsible for ensuring adherence to the security policy and conducts an annual review of the policy in addition to reviews following any significant incidents or changes in UK or EU legislation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components are tracked in our change management systems.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We maintain all production systems at the most recent level of patches/fixes recommended. Detection and alerting mechanisms record all external attempts to access our network, or to interrupt/degrade service. Internal File-store and SQL servers don't initiate outbound traffic. Web servers respond to encrypted HTTPS connections and send computer-generated SMTP email notifications.
We subscribe to security alerts and CVE notices for 3rd party software our product is built upon.
Protective monitoring type Undisclosed
Protective monitoring approach Available on request
Incident management type Supplier-defined controls
Incident management approach Gradient’s incident management process has been developed to provide a consistent approach to incident response and to ensure normal service is restored to our customers promptly.

During high impact incidents we engage with our customers to keep them informed of the situation, and provide actionable information where necessary.

After every incident we conduct a root-cause analysis and review our response.

Users are able to report incidents via our online support portal or web chat.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2 to £7 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A fully functional trial is available for Gurn.

Onboarding process, training materials, FAQs and support are included in this trial.

The length of the trial, and the number of trial users, can be discussed with our account team.

Service documents

Return to top ↑