Spotlight Data

Nanowire Data Analysis Platform

The Nanowire data analysis platform uses Artificial Intelligence and machine learning to capture, extract, analyse, train and understand unstructured files and social media. Users can search, cluster, classify and report on hidden patterns across their data sources. The system features a user-friendly front-end and a scalable data processing pipeline.


  • Data analysis platform for file and social media analysis
  • Text analytics, text mining and Natural Language Processing
  • Optical Character Recognition (OCR) and text extraction
  • Machine learning model training, text and image classification
  • Integrated with SharePoint and Office365
  • Social media monitoring and insight (Twitter/Reddit/Youtube and Tumblr)
  • Data visualisation, statistics and reporting
  • Fraud and anomaly detection
  • Open source intelligence OSINT i.e. Companies House API mining
  • Data storage in graph database (Neo4j), Elasticsearch and MongoDB


  • Uncover hidden connections and clusters across data
  • Powerful search across millions of documents and files
  • Extract data from Office files, PDFs, images and social media
  • Scalable processing from 100s to millions of files
  • Expandable through new data connectors and analysis plugins
  • Docker containerised processing backed by Kubernetes
  • Deployable to public cloud (AWS/Google/Azure) or in-house in secure environments
  • Secure APIs to access processed data
  • Train machine learning models using TensorFlow and neural networks
  • Run as an isolated system with no internet out requirements


£160 to £900 per person per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 1 7 6 1 4 4 3 2 9 6 6 7 9 9


Spotlight Data

Thomas Parsons


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Nanowire is provided as a self-service system and deployed as a SaaS on AWS, Azure or Google Cloud Platform. Nanowire can also be deployed in-house or to other cloud platforms.

A set amount of cloud compute and data volume is included within the monthly price or can be charged separately. Users may therefore, process large amounts of data within the licence agreement by using their own infrastructure or cloud provider.

Machine learning training requires a GPU (Nvidia Cuda compatible) enabled server (additional charges apply for hosted), but all other deployments may run without a GPU.
System requirements
  • Self-hosted - Ubuntu, RHEL or Centos
  • Self-hosted - GPU card for machine learning (optional)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times vary: Catastrophic situation and critical business impact: 1 hour Moderate business impact: 2 hours Minimal business impact: 8 hours Support Hours: Monday to Friday from 09:00 – 17:00, excluding Bank Holidays.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide layers of service support with a dedicated customer manager for each client. Initial support is via ticket through JIRA Service desk, further support includes phone, email and Skype and optional onsite visits if required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Spotlight Data offer help and guidance to get started and familiar with the service.

All new customers are invited to regular 'onboarding' webinar or group Skype calls. These are designed to familiarise users with the key functionality and demonstrate how data is analysed. These are interactive sessions with opportunities for questions to be raised. We offer these sessions every month throughout the contract if required.

A user manual is also provided which details the functionality of the system.

The setup fee includes a half-day onsite training workshop and a user requirements workshop, to ensure the system meets the customers needs.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Up to 30 days after the end of contract, all user data within the system can be extracted via a CSV or as a database dump. Data can be provided to an individual user or to the organisation as a whole (only with authority from the customer contact point) via raising a support ticket. This data can either be in CSV, JSON or a database dump from Elasticsearch or Neo4j. Other export formats may be available. All user data will deleted 30 days after the contract has ended.
End-of-contract process 30 days before contract end, Spotlight Data will work with the customer to ascertain data export requirements and complete a 'project end' process. This process is an opportunity for both ourselves and the customer to review the project and includes lessons learnt, feedback on the system, feedback on the contract, next steps and discuss further opportunities.

Data export is included in the contract. We offer export in a variety of formats and may be able to export the data for use in other systems, however, data conversion may be chargeable.

Users will continue to be able to use the system until the contract ends, whereupon after 30 days all user data will be deleted, overwritten and then decommissioned to ensure security.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Data in the system can be accessed via APIs if required.
Accessibility standards None or don’t know
Description of accessibility All user interaction occurs through the web browser, where possible we have adhered to usability guidelines but have not tested this with assistive technology.
Accessibility testing We have not tested with assistive technology yet.
What users can and can't do using the API The data processing capability of the system can be accessed via the user web panel or via a secure API. The API allows users to submit files for processing and then query an endpoint to retrieve data analysis results for that file e.g. keyword analysis across a Word document or OCR of a scanned PDF.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The SaaS user interface and data analysis methods are supplied "as-is", however new data analysis methods and data connectors can be added using 'plugins'. A plugin is a Docker container that takes data in and then outputs it for use in the system and web panel. We provide Python and Node.js plugin libraries and documentation so external developers can develop their own custom plugins and extend the system. Support for custom plugin development and new user interface features is available via the Nanowire support agreement.

Spotlight Data can also be contracted to extend the capability of Nanowire through custom development sprints. This could be updates to the web panel style, new charts, new reporting capability or new data analysis methods (e.g. custom machine learning algorithms).

Customers can set requirements for where the service and their data is hosted, however this may incur additional costs.


Independence of resources The system uses Kubernetes auto-scaling to scale analysis services and resources inline with the volume of data throughput and the amount of data processing tasks queued in the message queues.

The resources are then scaled back when no longer required.

Customers are provided their own Kubernetes cluster which is hosted on shared infrastructure by default, but private infrastructure is available (e.g. dedicated AWS EC2 instances).


Service usage metrics Yes
Metrics types We provide logs of usage and data processing across users within that particular organisation. All processing, access requests and error messages are centrally logged within a Kubernetes service. Logs are archived outside the cluster in a secure UK AWS S3 bucket.

Service and usage metrics are available via an administrative dashboard (Kibanan/Grafana), but for now are available on request via a service ticket.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The system is designed to analyse large amounts of data, so we provide export facilities:
Users can export data themselves from the web panel as a CSV for reuse in Excel.
A database dump of all the data can also be provided via a support ticket request. The data is stored in Elasticsearch as JSON and JSON-LD (Linked-data) and can be imported into another Elasticsearch database or converted for reuse elsewhere. We provide converters to CSV and other formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Neo4j database dump
  • Elasticsearch database dump
  • GraphML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Microsoft Office - Word/PowerPoint/Excel
  • PDF
  • Text (CSV/JSON, TXT, XML)
  • HTML
  • Images - JPG/PNG/TIF
  • Open Document Format for Office Applications
  • Custom files can be added on request

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The level of availability is 99.50% for when we host the SaaS. We use AWS, Azure or Google Cloud Platform for hosting.

We offer a service credit if we don't meet guaranteed levels of availability. A pro-rata credit for loss of service from the day the customer reports the fault until the day it is resolved, calculated by taking the annual service charge for the service, dividing it by the number of business days and multiplying it by the number of days of loss of service
Approach to resilience We use Kubernetes to orchestrate and manage the system and data processing, which is designed for scalable data workloads. A Kubernetes cluster, features self-healing and redundant server nodes and the ability to autoscale depending upon CPU and RAM load. We use a loadbalancer with health checks to ensure all server nodes are 'alive', with a Slack alert to notify when a node doesn't respond.

Our deployments run in a single UK datacentre or UK cloud hosting provider (AWS/Azure/Google). Further resilience can be provided if required, but may attract additional costs.
Outage reporting Email and Slack alerts are automatically pushed to ourselves and the customer if an outage is detected. We are in the process of developing a public status dashboard.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication JSON Web Token for API usage
Access restrictions in management interfaces and support channels Access is limited via IP address of connecting devices and users with administrative access rights.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • ISO27001 in progress

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We hold Cyber Essentials and at time of submission, are starting Cyber Essentials Plus and ISO 27001/ 9001 accreditation. We document each security incident and are developing security policies in line with the ISO accreditation process.
Information security policies and processes All security incidents are flagged to the Information Security Officer for review and action. We are in the process of updating our policy documents, which include: risk log, risk reporting, risk management, IT security and operational security manual.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Spotlight Data use secure source control with revision history of each change. All changes are beta tested, then pushed to a staging environment and verified before before deployed to a live environment. Customers are then notified of new feature releases and a product update page updated.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Spotlight Data operate a threat management policy which includes regular penetration testing and server updates. All servers managed by ourselves, are set to automatically apply security updates, we virus scan all code before deployment and monitor security updates for software packages we use. If we discover a threat, we apply patches within 24 hours of notification. We also review syslog messages and flag user authentication errors.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Spotlight Data employ active monitoring of the system and identifies any suspicious behaviour outside normal usage. All network and Kubernetes log information is subjected to regular audit and we are working to flag anomalous behaviour using machine learning, using our own Nanowire pipeline. This information is then used to identify threats and respond to incidents.
Incident management type Supplier-defined controls
Incident management approach We use Atlassian JIRA to asign tasks for mitigation and ensure security events are handled. Events such as high CPU or memory usage, are monitored and then handled if there is an impact on the end user. All incidents are logged in an incident report template in Atlassian Confluence, this include time, causes, resolution and mitigation. Common problems and fixes are recorded in a knowledge base to avoid rework and improve efficiency. This documentation can be shared with the customer if required.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £160 to £900 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial is available on request by contacting us.

Service documents

Return to top ↑