Found ltd

Found provides the most efficient lost property management solution available for both businesses and the public.

Found's innovative App suite uses sophisticated software including photo recognition technology to automatically match lost and found items, which drastically speeds up the process of reporting and repatriating found items.


  • App based Available on any IOS or Android enabled handset
  • Additional admin panel for call handlers / LPO offices
  • Uses market leading photo recognition to identify Items
  • Uses an A.I. engine that learns as items are registered.
  • A searchable database across multiple organisations (organisation dependant)


  • Reduces lost and Found calls
  • Significant reduction in LPO time requirements
  • Removes paper record requirements
  • Full audit capability
  • Full permissions controls


£0 to £0 per licence

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 1 0 7 0 9 0 4 1 5 1 6 1 4 3


Found ltd

Jenny Rae

+44 7790956858

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
There are Service Level and Support Agreements in place to ensure that constraints in usage are avoided.
System requirements
  • Internet browser
  • Internet connection
  • A digital camera (optional)
  • Printer connectivity (If the courier returns option is selected)
  • An Android or IOS enabled handheld device

User support

Email or online ticketing support
Email or online ticketing
Support response times
9-5 UK time, Monday - Friday with additional support available 24/7/365
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is included with subscription.

Onsite work, hardware installs and associated on site activities are charged at a pre arranged fee or hourly rate on a case by case basis.
Support available to third parties

Onboarding and offboarding

Getting started
Via online instructions
Service documentation
End-of-contract data extraction
Via CSV export
End-of-contract process
Log in access is removed for all users should the contract not be extended, however access can be reinstated whenever required. Any data is kept inline with GDPR.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
Accessing the service through either a mobile or desktop browser allows use of the same functions.

There is dedicated app for both Android and IOS enabled handheld devices that can be used in conjunction with the browser based service or as a standalone option.
Service interface
What users can and can't do using the API
API's can be used to integrate Found's software with third party software.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Found can integrate with third party software (subject to feasibility)


Independence of resources
Additional capacity is automatically added on demand as required.


Service usage metrics
Metrics types
Log in and registration by user. Other metrics are being added on a regular basis.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
CSV export
Data export formats
Data import formats
Other data import formats
  • Via the App
  • Via the website

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.95% with service credits for SLA breaches.
Approach to resilience
Found is hosted within AWS Ireland using AWS best practice serverless deployments and mutisite ie. multiple AWS availability zones for added resiliency. This means that if a whole AWS data centre goes down, Found will still be available within another AWS data centre AWS itself operates as a Tier3+ data centre.

The database is hosted by Mongo within AWS and using highly available, resilient configuration of three availability zones with a 99.995% SLA.

Backups are automatically provided by the fully managed backup service with continuous, consistent backups and point-in-time recovery.
Outage reporting
Outage reporting via email, users can also monitor for availability.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All users are individually identified and authenticated.

Roles based access is in place and is a top down process. Users can only access data based on their assigned roles.

Searchable data is restricted based on the organisation and requirements.

Direct access to the database is not permitted to anyone outside of Found.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Accreditation via provider
PCI DSS accreditation date
Accreditation via provider
What the PCI DSS doesn’t cover
Accreditation via provider
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Self assessed inline with typical expected standards
Information security policies and processes
Found has internal policies based around the 3 principals of Confidentiality, Integrity and Availability.

The policy outlines the following points in detail;
- User access controls & authorisations
- The keeping of resource access logs
- The reporting of access violations
- The classification of sensitive information
- GDPR, Data Protection, Media storage and Data transfer policies
- Security awareness
- Responsibilities for Information security
- Links to relevant legislation

Full policy available upon request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Found's tech team undertake a fully documented approach to configuration and change management. All actions are recorded, reviewed for security and implemented using best practice.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Found use managed AWS services where we don't have access to the host machines, these are automatically patched by the provider. AWS Inspector is run weekly on the environment and automatically detects and reports on CVEs.

In addition, security notifications from multiple sources are actively monitored for relevant security/patch alerts. Components will be proactively patched if an alert is deemed to be relevant.

Monitored alerts:

**- Operating System Providers:**

- Ubuntu

- Microsoft

- Apple

**- Service Providers:**

- - Amazon Web Services:
- - Microsoft Azure

**- General/Aggregated:**

- National ​Vulnerability​ Database
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Found primarily use AWS GuardDuty for automated threat detection. Found are notified whenever suspicious activity is detected and the appropriate action for the type of threat is then taken.
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents to our support team via email. These are ticketed, reviewed and ranked for severity. These are then investigated and analysed in line with our policies and once resolved satisfactorily reported back to users by way of email. Incident reports are available by way of a full copy of the incident ticket.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£0 to £0 per licence
Discount for educational organisations
Free trial available
Description of free trial

Service documents

Return to top ↑