Zyper helps brands and organisations identify their top 1% of users. We don't find influencers, and it's more than just content creation: Zyper creates a network of your most passionate users.
- Live reporting and monitoring
- Mobile access
- Analytics and statistics
- Publish content from mobile apps
- Review submitted content
- Quickly view up-to-date analytics
- Visualise end-to-end conversion funnel
£9000 per unit per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
General guidance cases < 24 hours.
Weekend/public holidays within 48 hours.
|User can manage status and priority of support tickets||No|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||You can sign in to the Zyper dashboard using your Zyper credentials.|
|Web chat accessibility testing||None|
|Support levels||We provide varying support levels, depending on contract requirements and objectives.|
|Support available to third parties||No|
Onboarding and offboarding
We provide an enrolment schedule which is as follows:
- 30 minute introductory setup call and navigation of the service.
- opt-in newsletters about how to optimise use of the service.
- continued email support for the service for the duration of any campaign.
|End-of-contract data extraction||Brands & organisations can extract related data at any time during or after completion of their campaign.|
The software and management fee are included in the service cost - any additional cost will be due to a change in scope from the pre-agreed Statement of Work.
At the end of a contract, the client may choose to negotiate a form of continuation or choose not to employ our service in the future.
Any data shared between parties will be closed off and passwords will be reset.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Different use cases and users:
- End users (the community) use mobile app (iOS, Android) for the community features
- Brands & Organisations use dashboard to monitor campaign progress and analytics
|Accessibility standards||None or don’t know|
|Description of accessibility||You can sign in to the Zyper dashboard using your Zyper credentials.|
|What users can and can't do using the API||
Limited functionality is exposed via an API.
Brands & Organisations can use an API to send conversion events to Zyper that will be linked to their campaign's performance.
Zyper support will create and maintain API access.
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||Brands & organisations can customise image and text assets in coordination with Zyper support. Depending on service level, this can also be updated by the buyer. Customisation occurs via admin interface on the web dashboard.|
|Independence of resources||Zyper uses automatic scaling for all services. Additional resources can be added on short timescales. Constant monitoring is in place to ensure performance is not degraded.|
|Service usage metrics||Yes|
Brands & organisations:
Campaign metrics, including agreed targets, can include: reach, engagement rates, posts, community size, broken down as totals and weekly numbers.
Depending on type of campaign, additional information related to conversions (link clicks) are provided.
Individual (custom) deeper analysis is provided on request at a cost.
Regular (weekly) reports are sent by email.
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
Zyper ensures data is only accessible and discoverable by authenticated users that have the required permissions level to access a resource (both internal and external users).
Data that is publicly accessible (though not indexible) includes assets that are displayed on our website, dashboards and within the mobile apps.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users can export their data by contacting Zyper support.|
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
|Guaranteed availability||SLAs do not define a minimum level of availability.|
|Approach to resilience||We rely on 3rd party cloud hosting providers to ensure their datacentres and services have a resilient setup.|
|Outage reporting||Zyper reports any outages via email alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Zyper uses multiple permission levels to ensure access is only granted to resources required by the individual user.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||Less than 1 month|
|How long system logs are stored for||Less than 1 month|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||No|
|Security governance approach||We perform 3rd party enterprise auditing in situations where this is required by clients.|
|Information security policies and processes||
Regarding information security, we have internal/external data privacy policies, information protection and acceptable use policies, security, security breach/incident response and disaster recovery policies all applied and viewable to all staff.
All staff are required to follow internal training materials to assess their knowledge in these processes and we have access limitations based on seniority and requirement to access particular data sets within the company (management level employees have entry access; senior software level employees have advanced access).
Processes, training and policies are reviewed quarterly.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Are process is as follows:
- request for change logged
- impact of change analysed
- change approved or denied
- change implemented operationally and technologically
- team briefed on operational changes required as a result
- improvement resulting from change reviewed from a user service impact and security impact perspective
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||We have internal data logs that proactively alert us to any attacks/threat to our system. These are sent to at least 3 members of our team who follow our security policy and security breach/incident response protocol to assess potential threats.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Internal logs would notify our development team preemptively to a potential breach; response is as per our incident management guideline of 1) flagging the breach, 2) assessing the point of compromise and scope/data breached/number of subjects impacted, 3) notifying the Data Protection Authority and subjects of the breach and 4) containing unauthorised access to the data, setting up IT security protections and stress-testing new measures.
We respond within 2 hours and notify relevant parties within 72 hours.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have internal structures to handle typical and atypical incidents.
If the incident is part of the user journey, they have direct personal and user-specific email addresses as well as instant messaging via Intercom as a way of flagging an incident.
Incident reports are produced internally and submitted via PDF form in SFTP transfers to users.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£9000 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||No|