Spotlight Data

Nanowire AI customer feedback data platform

The Nanowire Customer and staff conversation and feedback analysis platform employs Artificial Intelligence to automate the processing of client feedback data. Understand large amounts of free text captured in feedback forms or transcripts. Users can discover emerging trends and clusters of issues over time with tools to investigate specific issues.


  • Visualise and investigate insights hidden in freetext feedback data
  • Free-text analytics and Natural Language Processing
  • Artificial Intelligence driven sentiment, cluster and trend analysis
  • Machine learning model training for bespoke automated text classification
  • Export selected data to use in other applications (PowerBI, Tableau)
  • Powerful search, search visualisation, statistics and reporting
  • Expandable through new data connectors and analysis plugins
  • Deployable version for on-premise firewalled secure environments
  • Deployable to private and public cloud environments (AWS/Google/Azure)


  • Unlock patterns and actionable insights hidden in freetext feedback data
  • Make business decisions based on empirical evidence
  • Make business changes and monitor the effect through feedback
  • Gain understanding of emerging customer/worker issues
  • Save time on repetitive time consuming data preparation and analysis
  • Automated or user driven data capture, cleanse and processing.
  • Understand what makes customers/employees happy or frustrated
  • Easy to use interface means better accessibility for unskilled staff


£29 to £900 a person a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 2 1 0 5 6 1 5 1 8 1 8 1 1 7


Spotlight Data Tim Venison
Telephone: 0845 13 90 400

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Nanowire AI Customer conversation and feedback analysis platform is provided as a self-service system and deployed as a SaaS on AWS, Azure or Google Cloud Platform. Nanowire can also be deployed in-house or to other cloud platforms.

A set amount of cloud compute and data volume is included within the monthly price or can be charged separately. Users may therefore, process large amounts of data within the licence agreement by using their own infrastructure or cloud provider.
System requirements
Self-hosted - Ubuntu, RHEL or Centos

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times vary: Catastrophic situation and critical business impact: 1 hour Moderate business impact: 2 hours Minimal business impact: 8 hours Support Hours: Monday to Friday from 09:00 – 17:00, excluding Bank Holidays.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We provide layers of service support with a dedicated customer manager for each client. Initial support is via ticket through JIRA Service desk, further support includes phone, email and Skype and optional onsite visits if required.
Support available to third parties

Onboarding and offboarding

Getting started
Spotlight Data offer help and guidance to get started and familiar with the service.

All new customers are invited to regular 'onboarding' webinar or group Skype calls. These are designed to familiarise users with the key functionality and demonstrate how data is analysed. These are interactive sessions with opportunities for questions to be raised. We offer these sessions every month throughout the contract if required.

A user manual is also provided which details the functionality of the system.

The setup fee includes a half-day onsite training workshop and a user requirements workshop, to ensure the system meets the customers needs.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Up to 30 days after the end of contract, all user data within the system can be extracted via a CSV or as a database dump. Data can be provided to an individual user or to the organisation as a whole (only with authority from the customer contact point) via raising a support ticket. This data can either be in CSV, JSON or a database dump. All user data will deleted 30 days after the contract has ended.
End-of-contract process
30 days before contract end, Spotlight Data will work with the customer to ascertain data export requirements and complete a 'project end' process. This process is an opportunity for both ourselves and the customer to review the project and includes lessons learnt, feedback on the system, feedback on the contract, next steps and discuss further opportunities.

Data export is included in the contract. We offer export in a variety of formats and may be able to export the data for use in other systems, however, data conversion may be chargeable.

Users will continue to be able to use the system until the contract ends, whereupon after 30 days all user data will be deleted, overwritten and then decommissioned to ensure security.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Data in the system can be accessed via APIs if required.
Accessibility standards
None or don’t know
Description of accessibility
All user interaction occurs through the web browser, where possible we have adhered to usability guidelines but have not tested this with assistive technology.
Accessibility testing
We have not tested with assistive technology yet.
What users can and can't do using the API
The data processing capability of the system can be accessed via the user web panel or via a secure API. The API allows users to submit data for processing and then query an endpoint to retrieve data analysis results
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The SaaS user interface and data analysis methods are supplied "as-is", however new data analysis methods and data connectors can be added using 'plugins'. A plugin is a Docker container that takes data in and then outputs it for use in the system and web panel. We provide Python and Node.js plugin libraries and documentation so external developers can develop their own custom plugins and extend the system. Support for custom plugin development and new user interface features is available via the Nanowire support agreement.

Spotlight Data can also be contracted to extend the capability of Nanowire through custom development sprints. This could be updates to the web panel style, new charts, new reporting capability or new data analysis methods (e.g. custom machine learning algorithms).

Customers can set requirements for where the service and their data is hosted, however this may incur additional costs.


Independence of resources
Processing of datasets are generally carried out nightly ready for users the next day. When users process their own sub-datasets the processing is carried out via a queue. This means the system doesn't slow down but users my have to wait behind other users at busy periods. When processing speed is important for many concurrent users the system can utilse Kubernetes auto-scaling to scale analysis services. The resources are then scaled back when no longer required saving server costs.


Service usage metrics
Metrics types
All processing, access requests and error messages are centrally logged or connected to an organisations existing log capturing service on request.
Reporting types
  • API access
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export data themselves from the web panel as a CSV for reuse in Excel.
A database dump of all the data can also be provided via a support ticket request. We provide converters to CSV and other formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • CSV
  • XLS
  • Database dump
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Office - Word/PowerPoint/Excel
  • PDF
  • Text (CSV/JSON, TXT, XML)
  • HTML
  • Open Document Format for Office Applications
  • Custom files can be added on request

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The level of availability is 99.50% for when we host the SaaS. We use AWS, Azure or Google Cloud Platform for hosting.

We offer a service credit if we don't meet guaranteed levels of availability. A pro-rata credit for loss of service from the day the customer reports the fault until the day it is resolved, calculated by taking the annual service charge for the service, dividing it by the number of business days and multiplying it by the number of days of loss of service
Approach to resilience
We use Kubernetes to orchestrate and manage the system and data processing, which is designed for scalable data workloads. A Kubernetes cluster, features self-healing and redundant server nodes and the ability to autoscale depending upon CPU and RAM load. We use a loadbalancer with health checks to ensure all server nodes are 'alive', with a Slack alert to notify when a node doesn't respond.

Our deployments run in a single UK datacentre or UK cloud hosting provider (AWS/Azure/Google). Further resilience can be provided if required, but may attract additional costs.
Outage reporting
Email and Slack alerts are automatically pushed to ourselves and the customer if an outage is detected (depending on outbound internet availability) .

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
JSON Web Token for API usage or 3rd party auth such as Azure Active Directory
Access restrictions in management interfaces and support channels
Access is limited via IP address of connecting devices and users with administrative access rights.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • ISO27001 in progress

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We hold Cyber Essentials and at time of submission, are starting Cyber Essentials Plus and ISO 27001/ 9001 accreditation. We document each security incident and are developing security policies in line with the ISO accreditation process.
Information security policies and processes
All security incidents are flagged to the Information Security Officer for review and action. We are in the process of updating our policy documents, which include: risk log, risk reporting, risk management, IT security and operational security manual.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Spotlight Data use secure source control with revision history of each change. All changes are beta tested, then pushed to a staging environment and verified before before deployed to a live environment. Customers are then notified of new feature releases and a product update page updated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Spotlight Data operate a threat management policy which includes regular penetration testing and server updates. All servers managed by ourselves, are set to automatically apply security updates, we virus scan all code before deployment and monitor security updates for software packages we use. If we discover a threat, we apply patches within 24 hours of notification. We also review syslog messages and flag user authentication errors.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Spotlight Data employ active monitoring of the system and identifies any suspicious behaviour outside normal usage. All network log information is subjected to regular audit and we are working to flag anomalous behaviour using machine learning, using our own Nanowire pipeline. This information is then used to identify threats and respond to incidents.
Incident management type
Supplier-defined controls
Incident management approach
We use Atlassian JIRA to asign tasks for mitigation and ensure security events are handled. Events such as high CPU or memory usage, are monitored and then handled if there is an impact on the end user. All incidents are logged in an incident report template in Atlassian Confluence, this include time, causes, resolution and mitigation. Common problems and fixes are recorded in a knowledge base to avoid rework and improve efficiency. This documentation can be shared with the customer if required.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£29 to £900 a person a month
Discount for educational organisations
Free trial available
Description of free trial
A free trial is available on request by contacting us.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.