Stannp Hybrid Mail

Stannp Direct Mail Platform offer a SaaS web based solution to direct mail; offering companies a fully digital, integrated solution to their direct mail needs. With over 30 years experience in printing and mailing, our online platform has thousands of active customers, serviced through our capacity to mail over 50 million items annually.


  • Same Day Delivery
  • Granular Reporting
  • Custom Printing and Multiple Mailing Formats
  • Intergrated Platform Mail Tracking
  • Dedicated Account Management
  • Unlimited Users
  • Data Cleaning
  • Web Based Access
  • Supports API programmatic access


  • No volume commitment
  • Only pay for what you mail
  • Web based- can be accessed on the move
  • Simple pricing structure and volume discounts
  • International mailings
  • Free support and technical assistance
  • ISO9001 Quality Standard customer support
  • No minimum commitment


£0.32 to £0.88 per unit

Service documents

G-Cloud 11


Stannp Hybrid Mail

Lorien Hamilton

01271 344507

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements
  • Internet Connection
  • Web Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 30 minute initial response time Monday to Friday 9am-5pm.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Automated testing
Onsite support No
Support levels All clients receive the same level of support at no additional cost.

We provide a full support service as standard to all clients which includes;
Online and offline downloadable documentation.
Tutorial videos.
Downloadable templates.
Live web chat support.
Email support.
Telephone support.

Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All service users have their own unique login. our web wizard guides all users through campaign creation; a new user can go from sign up to print read campaign in just a few minutes.

We provide online training via webchat, support via email and telephone, and a comprehensive suite of user documentation, FAQs, videos and downloadable templates.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users are able to directly downloadable their data from our platform at anytime.
Users retain full control of their data within our system, and can amend, download or delete individual records or all of their data as required.
End-of-contract process At not additional cost, data will be destroyed inline with our data protection Procedures (available upon request) and ISO27001 guidelines.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile service is identical to desktop service (within the constraints of the capabilities and screen resolution of the device being used).
Service interface Yes
Description of service interface Web browser login
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Accessible via any standard browser
What users can and can't do using the API Our APIs provide programmatic access to your Stannp account. Things like configuring campaigns, feeding data and triggering mail pieces to be dispatched can all be achieved using simple yet secure HTTP requests.

We also offer webhook capabilities. Webhooks allow you to subscribe to events that happen within the Stannp Direct Mail platform. We will send a HTTP POST request to the webhook’s configured URL. Webhooks can be used to update any external software or notify you on key events such as the day a mailpiece is expected to be delivered.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Any part of your Direct Mail campaign can be customised by the user on the platform. Text & Images can be added as variable data and dynamically populated in your mail piece, giving full personalisation of your content.

Design features of the mail piece (font, colour, size, etc.) can also be customised within our campaign wizard.


Independence of resources Stannp's cloud based platform was designed from the start with high volumes of simultaneous user access in mind; the system capacities are designed to manage and operate whilst large volumes of users are accessing the system.

We actively monitor system resources and resource utilisation, and can load balance and scale responsively based on user demand.


Service usage metrics Yes
Metrics types The Stannp platform has a reporting section in the dashboard which displays a summary of campaigns and items that have been dispatched. The reports can be drilled down to an individual mail piece level to see the status of each item.

Audit trails can also be viewed and exported for user activity within the platform.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach Stannp is accredited annually to ISO 27001.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported on demand from the online dashboard if the user account has the correct authorisation role.

Data can be filtered and searched before exporting. Data exports include recipient data, campaign reports and billing. Any other data that we may hold can be requested.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • Xlsx
  • Word
  • PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Stannp uses third party service status monitoring to report the availability of our services. We are cloud based and have load balanced systems in place to ensure maximum service uptime, even during upgrade periods. Our SLA states we our service availability remains above 99%.
Approach to resilience Available on Request
Outage reporting If the service is partially degraded we will include a notification message within our dashboard. We also have a public service status reporting page which is hosted by a third party. We also have API end points to determine the current availability status.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Username and password
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 5th May 2019
What the ISO/IEC 27001 doesn’t cover No out of scope activities
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Barclaycard Data Security Manager
PCI DSS accreditation date 29/06/2018
What the PCI DSS doesn’t cover Nothing relevant to this service
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Stannp's policies and processes are in line with our ISO 27001 accreditation.

IS policies and processes include;
- Information Security Policy
- Access Control Policy
- Password Policy
- Virus & Malware Policy
- Application Security Policy
- Vulnerability Assessment Policy
- Information Security Education & Awareness Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We develop in an agile fashion, so we are constantly upgrading the platform with minor feature improvements. It’s common the platform will see weekly production upgrades. Before the upgrades happens, any code changes are automatically tested with our rigorous unit and integrations test suite which ensures we avoid any breaking changes or security vulnerabilities. Software upgrades happen in the cloud without any service disturbance.

The development revision history is maintained in GitHub which stores information on whether each code commit has passed unit tests and has been reviewed to adhere to our standards.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have internal vulnerability process in pace to maintain our ISO27001 and ISO9001 certifications. Penetration tests are scheduled to run every month on the platform by third party security experts Qualsys. Reports are produced with categorised and scored items that may have been found. All high risk vulnerabilities are acted upon immediately to patched and fix. A rescan is scheduled for proof of the fix.

When developing new software we have code standards and automated unit tests and security alerts in place to mitigate introduction of any new vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A firewall protects all access to our servers apart from public facing ports. Stannp use a service which monitors server logs for any suspicious activity such as failed login attempts or URL scanning for popular vulnerabilities. In the event anything being flagged the client is immediately blocked and notification is made to the information security managers. The information security managers assess the risk and allocates the need an urgency to act.
Incident management type Supplier-defined controls
Incident management approach Stannp have a predefined incident management policy with a separated GDPR data breach notification plan and a disaster recovery plan.

Users can easily report incidents using directly to account managers or using traditional contact methods including email, tickets or phone.

Staff have been well trained on how to report incidents to the information security managers.

Information security managers assess the incident report and it's risks using predefined metrics. Detailed incident reports are discussed and emailed to any users affected and the ICO if required.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.32 to £0.88 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Account set-up, user set-up, document testing,data upload, training materials and user guides are all included in the free trial.

We provide all new sign-ups with a free £1 credit for a trial send at no cost to the user. There is no time limit on the free trial.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑