Launchcloud's suite of iOS, Android and web apps, provides paperless data collection in the workplace eliminating the need for paper, and saving time and resources. Drag and Drop forms allow full customisation, and data capture can be done using web browser, phone or tablet.


  • Electronic paperless data capture
  • Two-Way Data from server to mobile device
  • Data includes rich media, photos, videos, sound & annotations
  • iOS, Android & Web App Supported
  • Drag & Drop Form Builder
  • Complex User Permissions & Security
  • Supports BYOD while protecting access and data
  • Data transmitted to server in real-time
  • Integrated with all major SaaS services
  • Full API & Webhooks facilitate enterprise IT integrations


  • Reduce the need for paper in the workplace
  • Save time by eliminating data entry
  • Allow in the field staff to get accurate annotated data
  • Witness data arriving in real time
  • Empower managers to make quick decisions with instant data
  • Capture offline data when network connections are not available
  • Automate various business processes simply and without high costs
  • Keep track of your staff locations with geostamping form data
  • Add team members, assign permissions and keep track of users


£8 per user per month

Service documents

G-Cloud 9



Matthew Doyle

+44 (0)20 3137 1867

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Launchcloud integrates into all the main SaaS services including cloud storage, cloud apps like G-Suite, cloud financial accounting, mail sending services, project management and CRM.
Cloud deployment model Public cloud
Service constraints Our native iOS and Android apps do not support some older handsets or tablets running older versions of the respective software. As a general rule, we do not support handsets more than 4 years old or handsets or browsers not supporting TLS1.2.
System requirements
  • Up to date and secure web browsing software
  • Up to date iOS or Android software

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard email response times are within 2 hours Monday to Friday during UK and US (EST) business hours. Typical response times are much faster.

Service level agreements are available and agreeable depending on plan and contract.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing No such testing has been yet completed however we use the widely supported Intercom platform.
Onsite support Yes, at extra cost
Support levels We are able to provide support at bespoke levels as required and agreed in an SLA and contract.

Potential support levels may include training, site visits, telephone assistance, screen sharing with presenter and web chat.

The cost of different levels of support varies greatly with the amount of users and the level of technical help the customer requires. Account managers are assigned for larger customers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide on-site training, online training with screen sharing, a large library of support articles and community support. We use a monitoring system to identify sources of frustration with our new users and proactively reach out to them, to ensure they are onboarded with a fluent working knowledge of the Launchcloud system.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction They are able to extract their data using the entire range of methods available to active customers for an agreed period of time at the conclusion of the contract. This period is normally 30 days but can be extended upon request,

In the event that a user has what could be considered an extraordinary amount of data, non-conducive to what can be reasonably downloaded normally, we are able to provide an enterprise service to make available compressed password protected zip file(s) or an appropriate upload to a user's FTP. This is a bespoke service agreed on an individual basis.
End-of-contract process The user is able to download their data within a 30 day period at the end of the contract.

Any special operation required to facilitate data transfer to the user is subject to an individual agreement of cost.

Launchcloud always notifies a user in plenty of time, prior to permanent deletion of their data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop web based service often contains new features prior to roll out on the iOS and Android apps.

Using the browser based service on a mobile device, could result in data loss should the device lose power or the user closes the browser. Using the mobile device native apps, allows offline data capture when a connection is not present.
Accessibility standards None or don’t know
Description of accessibility All user designed form controls are fully keyboard accessible however certain form controls may not have non visual alternatives. The choice is on the form designer as to whether to include these form controls in forms.

We do use libraries that are both tested and built for accessibility and attempt to provide accessible alternatives wherever possible.
Accessibility testing We have not done any direct testing, however many of the libraries we use have been tested and we do have clients with users who use assistive technologies to access our services.
What users can and can't do using the API Users with accounts assigned appropriate permissions can use the Launchcloud API to read and write data from the Launchcloud system. The API can be used to integrate Launchcloud into any cloud based service offering an API or an enterprise IT solution with the respective EDI capabilities.

The following functions are not yet available in the API: User, User Group & Permission Modification, User Authentication Details, Form Creation, Audit Information
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users can customise all aspects of forms using the Drag & Drop form builder. This includes logos, colours and layouts, to offer a fully branded customised experience.

This customisation is done at the form building stage, and results in all customised forms retaining the look and feel of the design, when present on ALL devices and web browsers. The form architect has full control over how the form displays at all times.


Independence of resources The cloud hosting architecture on which Launchcloud is based, makes extensive use of auto-scaling technology. Web servers, database read copies, caches and bandwidth and other micro services are automatically scaled up and down based on demand.

The response time for auto-scaling is a few seconds. This guarantees fast and lag free access to Launchcloud at all times.


Service usage metrics Yes
Metrics types All usage of the Launchcloud system is continually monitored and we use metrics to create our billing plans. Our metrics include numbers of forms/records submitted, storage used and data transfer used. We also record customer service overhead in supporting users.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Launchcloud is hosting entirely on Amazon Web Services (AWS) Cloud hosting which itself is fully compliant to G-Cloud alongside ISO:27001, 27107, 27018 and UK Cloud Security Principals.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Our users can download their data at any time in raw CSV format, or in the format they selected when creating the form workflow; such as PDF, JPG, MP3, MP4 Video.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 98% uptime and availability of our services. Time assigned for server and application maintenance work shall not exceed 4 hours per calendar month.

We are unable to offer refunds for periods of unavailability on standard account types but we are able to offer bespoke SLAs for enterprise accounts, which may involve multi data centre hosting, or even multi-cloud braced hosting in mission critical situations. Requirements are individual and subject to application.
Approach to resilience Launchcloud uses the AWS hosting infrastructure to ensure high availability. Within the single data centre, micro services are configured in load-balanced auto-scaling groups so that servers, databases and caches can be scaled up within a few seconds.

Furthermore, Launchcloud makes use of redundancy in multiple data centres in different regions to mitigate against region failure or catastrophe. Should one region or data centre fail, traffic would automatically be routed to another.
Outage reporting We have internal monitoring software to provide a continual health check of our infrastructure and application, and external monitoring to ensure reachability.

In the event of an outage, our users receive an email advising them of the potential cause, and course of action we are taking to resolve the issue.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Launchcloud personnel (admin users and managers) require multi-factor authentication each time they log in, using an authenticator app, or SMS message to their verified phone number.

Incorrect admin log-in attempts are limited to 3 before another member of admin must unlock the account.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Freecert
ISO/IEC 27001 accreditation date 10/04/2017
What the ISO/IEC 27001 doesn’t cover Our hosting platform at Amazon Web Services falls under the scope of their own ISO 27001 compliance with their own certificate.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We have a security policies document which we work to internally. This includes usage controls on BYOD, computers and storage media.

Data within the Launchcloud system in transit and at rest, exists solely within the AWS cloud infrastructure. AWS is compliant to a multitude of frameworks including ISO27001, 27017, 27108. Launchcloud's users' data is not transferred between AWS and Launchcloud's personnel's devices.

Computers and mobile devices used by Launchcloud personnel have appropriate antivirus software installed, email is provided by Google G-Suite and has anti-virus at (Google) server level. Multi-factor login is used by admin personnel.
Information security policies and processes We have a fully documented internal process of information security which is applied to all stages of software development and hosting. We apply a check-listing system within our project management application to ensure that such policies are implemented, including comments and completion. This is logged to individuals attesting compliance to this document.

The result of this internal compliance is available at any time in a report which can be run against any task set, subset or project in entirety.

The documented process is quite extensive including but not limited to: IP address limitations, multi-factor authentication for data access, web application firewall settings, automatic penetration testing in all user scenarios; we also use zero day live threat information and CVEs at all stages in development to identify potential approaching issues.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management is handled in compliance with our internal change management plan. Requests for change are submitted to the Development Manager for approval. It is the responsibility of the Development Manager to authorise changes.

Completed changes are then tested after completion and signed off by the Development Manager before deployment . All code changes are stored in code repositories for historical tracking.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We perform weekly security audits and vulnerability scans of our platform and services.

Urgent security patches are prioritised through the Change Management Process and can be deployed within two hours of vulnerability discovery.

Daily checks are made for vulnerabilities to our server architecture and updates are implemented immedaitely that a know, tested, patch becomes available.

We use the CVE database for establishing potential problems with software but also resources such as attack map services to help identify potential attack patterns.
Protective monitoring type Supplier-defined controls
Protective monitoring approach In addition to the protective monitoring done at the vendor level with AWS constantly monitoring the network for breaches, we perform daily checks across the server audit and security logs, as well as our own application logs, to identify any possible attempted attacks.

In the event of a compromise being detected we will immediately research and deploy fixes to shut down the vulnerability. In the event the compromise cannot be immediately remedied we will suspend service until it can.

We respond immediately to any possible security vulnerability with the intent of preventing compromise.
Incident management type Supplier-defined controls
Incident management approach We have a predefined process for reporting incidents. Users may report incidents to us through a variety of channels including email and live on site chat.

These incidents are logged and passed on to the development team to resolve. Incidents are treated as priority through the Change Management Process and deployed as quickly as possible.

In cases where incidents affect multiple users we provide reports back to all of our users by email.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a standard free trial of 14 days for our fully featured Professional account.

Everything is included.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑