Pogo Studio

Hybrid Mobile App Design and Development

Providing hybrid mobile app development from a team of certified app developers. All apps are designed by an in-house professional designer. Hybrid web apps utilize native features in a web form. Our web apps can be downloaded onto the phones home screen via the App Store and Google Play Store.


  • Professional web and hybrid mobile-app development for SME's and enterprises
  • Custom mobile apps to meet business needs with enterprise-level features.
  • Research services into customers needs and requirements
  • Scoping sessions, feasibility studies, analysis and design and consultancy
  • Custom designs, wireframes and Adobe InDesign prototypes and MVP
  • Certified web and hybrid developers. Microsoft Certified professionals
  • Content managed mobile apps and development (iOS/Android)
  • E-commerce interrogation into mobile and hybrid apps
  • Microsoft .NET web application and service communication applications
  • Ongoing support and maintenance SLA's contracts. Online service desk.


  • Market/sell directly and instantly to customers via hybrid mobile app
  • Increase outreach and visibility to customers with hybrid mobile-app
  • Improved digital presence by increasing customer engagement using hybrid app
  • Seamless customer experiences with enterprise features on mobile
  • Highly tailored content on hybrid-app according to a customers preferences.
  • Content-manage apps in realtime from multiple devices (iOS/Android/Windows)
  • Utilize instant updates for better customer experience on mobile
  • Provide a faster alternative to web-browsing with mobile hybrid-app
  • Hybrid mobile app can increase sales with e-commerce functionality
  • Extend the features of a Website with a mobile hybrid-app


£300 to £850 per person per day

Service documents


G-Cloud 11

Service ID

7 2 3 1 0 9 5 8 7 5 4 9 6 5 3


Pogo Studio

Jack Francis



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times We provide email and telephone support as well as support via an online portal. Support hours are between 9am - 5.30pm Monday to Friday.
We will seek to respond to the customers issue, by way of an acknowledgement, within the following timescale:

High priority: Response time 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Assessment & Resolution

Assessment of what is needed to rectify each item within the following times of its initial response to the customer:

High priority: Assessment time 12 hours
Medium priority: 36 hours
Low priority : 72 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels We provide support on a contractual basis. Our minimum charge is £75 per hour of support charged. Clients can take out a contract on a monthly rolling period or a fixed term. This support contract provides the client with a dedicated Account Manager who will be your point of contact.

Response times:

High priority: 2 hours
Medium priority: 4 hours
Low priority: 24 hours

Priority of issues: the following definitions of priority will be used:
High Priority (Significant business impact)
Definition – the overall application has failed leading to it becoming unavailable or non-performant to all or most users.

Medium Priority (Moderate business impact)
Definition – the overall application is usable and performant, but the ability to use or operate one or more core components is compromised, and this is impacting on multiple users.

Low Priority (Limited business impact)
Definition – the problem or request does not significantly impact operations for most users. The application is usable, but some features (not critical to operations) are unavailable or not performant.

We will provide the relevant staff member to support your app. We also allow you to use your support time for standard development such as updates to your app application.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training to use the content management system on any hybrid app that we build. We also provide a training manual at the request of the client.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We at Pogo Studio store all data securely within a SQL Server database in Microsoft Azure. At the end of the contract, we delete any personal data and clients always have access to the data on their hybrid app and are free to remove the data from it when they wish.
End-of-contract process Our contracts are fixed-cost, which means both parties agree what will be developed before the project begins. Any changes will require an additional cost and require written confirmation. Hosting is a monthly charge on top of the project fee.

A support and maintenance contract is an optional addition to the project cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile apps are designed to be "mobile first" which ensures that the best user experience is on a mobile device. The app will work across all mobile devices and device sizes. The app will also function on desktop-sized screens, however, it will be optimised for mobile.
Service interface No
Customisation available Yes
Description of customisation We define customisation to mean the customisation of the content of the website after it has been built. We offer content managed progressive web apps using Umbraco. Umbraco is a popular content management system that utilises Microsoft technologies to make it easy for users to update their applications and add additional content. Our hybrid apps can be configured to allow a large number of customisation tools that can include adding and editing page contents and layouts, themes and giving access to additional users.

This would all be achieved via a dedicated back office that is designed to be as intuitive as possible.

Users with administration rights are able to set up other users and set the level of control they have over content updates.


Independence of resources Our database and hosting platforms are designed to scale with demand. This ensures that they are not overloaded and the service will not be impacted.


Service usage metrics Yes
Metrics types For hybrid apps we can provide website analytics data using two different services. Google Analytics which provides useful data around metrics such as the number of visitors in a period, where they originated from, operating system used, pages viewed etc.

We can also provide Hotjar analytics, which is more concerned with the journey visitors take when using your site. This service provides heatmaps, conversion funnels and videos of your user's actions as they use the application.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data from the content management system using a CSV export.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Management portals and support channels are managed behind a user authentication login.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security. The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy). Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions. Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform aka.ms/stp

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Details of project requirements are outlined in a Statement of Work prior to work commencing. Any change requests that deviate from the requirements in the Statement of Work require written confirmation that is signed between both parties. All requested changes must be vetted by the Technical Lead on the project before being approved.
Vulnerability management type Undisclosed
Vulnerability management approach Senior members of staff must be aware of any IT vulnerabilities in our projects. It is the job of the Technical Lead to assess what needs to be done if any vulnerabilities are discovered. We give all vulnerabilities the highest priority and aim to fix the issue as soon as possible.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause. Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents to us via telephone, email, or using our support ticketing system. We evaluate each issue and assign it a level of priority. High impact issues are given the highest level of priority, an issue is considered high impact if it has a serious detrimental impact on the operation of the software.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £300 to £850 per person per day
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑