Stannp Hybrid Mail

Stannp Direct Mail Platform offer a SaaS web based solution to direct mail; offering companies a fully digital, integrated solution to their direct mail needs. With over 30 years experience in printing and mailing, our online platform has thousands of active customers, serviced through our capacity to mail over 50 million items annually.


  • Same Day Delivery
  • Granular Reporting
  • Custom Printing and Multiple Mailing Formats
  • Intergrated Platform Mail Tracking
  • Dedicated Account Management
  • Unlimited Users
  • Data Cleaning
  • Web Based Access
  • Supports API programmatic access


  • No volume commitment
  • Only pay for what you mail
  • Web based- can be accessed on the move
  • Simple pricing structure and volume discounts
  • International mailings
  • Free support and technical assistance
  • ISO9001 Quality Standard customer support
  • No minimum commitment


£0.34 to £0.91 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 2 3 0 8 6 5 4 3 4 4 4 1 7 9


Stannp Hybrid Mail Lorien Hamilton
Telephone: 01271 344507

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Internet Connection
  • Web Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
30 minute initial response time Monday to Friday 9am-5pm.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Automated testing
Onsite support
Support levels
All clients receive the same level of support at no additional cost.

We provide a full support service as standard to all clients which includes;
Online and offline downloadable documentation.
Tutorial videos.
Downloadable templates.
Live web chat support.
Email support.
Telephone support.

Dedicated Account Managers are also assigned to each client to manage their requirements and can also provide an additional level of support.
Support available to third parties

Onboarding and offboarding

Getting started
All service users have their own unique login. our web wizard guides all users through campaign creation; a new user can go from sign up to print read campaign in just a few minutes.

We provide online training via webchat, support via email and telephone, and a comprehensive suite of user documentation, FAQs, videos and downloadable templates.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users are able to directly downloadable their data from our platform at anytime.
Users retain full control of their data within our system, and can amend, download or delete individual records or all of their data as required.
End-of-contract process
At not additional cost, data will be destroyed inline with our data protection Procedures (available upon request) and ISO27001 guidelines.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile service is identical to desktop service (within the constraints of the capabilities and screen resolution of the device being used).
Service interface
Description of service interface
Web browser login
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Accessible via any standard browser
What users can and can't do using the API
Our APIs provide programmatic access to your Stannp account. Things like configuring campaigns, feeding data and triggering mail pieces to be dispatched can all be achieved using simple yet secure HTTP requests.

We also offer webhook capabilities. Webhooks allow you to subscribe to events that happen within the Stannp Direct Mail platform. We will send a HTTP POST request to the webhook’s configured URL. Webhooks can be used to update any external software or notify you on key events such as the day a mailpiece is expected to be delivered.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Any part of your Direct Mail campaign can be customised by the user on the platform. Text & Images can be added as variable data and dynamically populated in your mail piece, giving full personalisation of your content.

Design features of the mail piece (font, colour, size, etc.) can also be customised within our campaign wizard.


Independence of resources
Stannp's cloud based platform was designed from the start with high volumes of simultaneous user access in mind; the system capacities are designed to manage and operate whilst large volumes of users are accessing the system.

We actively monitor system resources and resource utilisation, and can load balance and scale responsively based on user demand.


Service usage metrics
Metrics types
The Stannp platform has a reporting section in the dashboard which displays a summary of campaigns and items that have been dispatched. The reports can be drilled down to an individual mail piece level to see the status of each item.

Audit trails can also be viewed and exported for user activity within the platform.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Stannp is accredited annually to ISO 27001.
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All data can be exported on demand from the online dashboard if the user account has the correct authorisation role.

Data can be filtered and searched before exporting. Data exports include recipient data, campaign reports and billing. Any other data that we may hold can be requested.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • Xlsx
  • Word
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Stannp uses third party service status monitoring to report the availability of our services. We are cloud based and have load balanced systems in place to ensure maximum service uptime, even during upgrade periods. Our SLA states we our service availability remains above 99%.
Approach to resilience
Available on Request
Outage reporting
If the service is partially degraded we will include a notification message within our dashboard. We also have a public service status reporting page which is hosted by a third party. We also have API end points to determine the current availability status.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Username and password
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
5th May 2019
What the ISO/IEC 27001 doesn’t cover
No out of scope activities
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Barclaycard Data Security Manager
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Nothing relevant to this service
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Stannp's policies and processes are in line with our ISO 27001 accreditation.

IS policies and processes include;
- Information Security Policy
- Access Control Policy
- Password Policy
- Virus & Malware Policy
- Application Security Policy
- Vulnerability Assessment Policy
- Information Security Education & Awareness Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We develop in an agile fashion, so we are constantly upgrading the platform with minor feature improvements. It’s common the platform will see weekly production upgrades. Before the upgrades happens, any code changes are automatically tested with our rigorous unit and integrations test suite which ensures we avoid any breaking changes or security vulnerabilities. Software upgrades happen in the cloud without any service disturbance.

The development revision history is maintained in GitHub which stores information on whether each code commit has passed unit tests and has been reviewed to adhere to our standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have internal vulnerability process in pace to maintain our ISO27001 and ISO9001 certifications. Penetration tests are scheduled to run every month on the platform by third party security experts Qualsys. Reports are produced with categorised and scored items that may have been found. All high risk vulnerabilities are acted upon immediately to patched and fix. A rescan is scheduled for proof of the fix.

When developing new software we have code standards and automated unit tests and security alerts in place to mitigate introduction of any new vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A firewall protects all access to our servers apart from public facing ports. Stannp use a service which monitors server logs for any suspicious activity such as failed login attempts or URL scanning for popular vulnerabilities. In the event anything being flagged the client is immediately blocked and notification is made to the information security managers. The information security managers assess the risk and allocates the need an urgency to act.
Incident management type
Supplier-defined controls
Incident management approach
Stannp have a predefined incident management policy with a separated GDPR data breach notification plan and a disaster recovery plan.

Users can easily report incidents using directly to account managers or using traditional contact methods including email, tickets or phone.

Staff have been well trained on how to report incidents to the information security managers.

Information security managers assess the incident report and it's risks using predefined metrics. Detailed incident reports are discussed and emailed to any users affected and the ICO if required.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.34 to £0.91 a unit
Discount for educational organisations
Free trial available
Description of free trial
Account set-up, user set-up, document testing,data upload, training materials and user guides are all included in the free trial.

We provide all new sign-ups with a free £1 credit for a trial send at no cost to the user. There is no time limit on the free trial.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.