Online entry, fee collection and result publishing for endurance events. Suitable for road and off-road running (10k, 5k, marathons) and triathlons. Includes dedicated landing page, online entry, online payment, team entry, entry management including offline entries, online promotion and direct email promotion to out subscribers.
- Online ticket purchase and entry.
- Online entry management for one or more events.
- Publishing and promotion of your race and results.
- Single or multi person entry with a simple forms.
- Flexible entry form, UKA ready, and bespoke age categories.
- Real-time collaboration to share the workload.
- Charity donations can be collected as part of race entry.
- Discount codes.
- Direct email communication with your entrants.
- Manual entry to handle offline entries, such as postal entries.
- Manage all your races and entrants from one place.
- Sell more tickets, fill your event.
- Easy entry and ticket purchase with no login required.
- Access on the move by mobile and tablet.
- Reduce risk with our proven platform.
- Collect more for your chosen charity with in-purchase donations.
- Track how your race is selling in real-time.
- Consistent and correct club names from our club database.
- Entrant download suitable for chip and manual timing equipment.
£0 per transaction
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Currently only accepts Pounds Sterling.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Typically same-day including weekends and bank holidays.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), 7 days a week|
|Web chat support||No|
|Support levels||We have a single level of support by telephone and email and aim to answer all enquiries with one working day. We also take support requests through Facebook and Twitter.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Our system has been designed and is continually improved to eliminate the need for training. All documentation and help is embedded in the system where needed. Event organisers are able to sign up online and get their race listed in minutes without assistance. Support is provided by email and telephone.|
|End-of-contract data extraction||Entrant data, including all information captured except payment card data, can be downloaded at any time in CSV format for each event/race. Results are published and can be copied easily from the system at any time into a suitable spreadsheet. Race information can be printed or copied from the public pages.|
|End-of-contract process||Access to data continues for up to five years after the event date after which entrant data is archived. Event information and results will normally continue to be published and available on our site. There are no additional costs.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Every feature works on mobile and tablet as it does on desktop. Presentation is different to accommodate narrower screens on mobile and tablet.|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||We have both event organisers and entrants with visual impairments that have used our system for years. We regularly involve all organisers in testing new features and actively solicit feedback. As a high-traffic system that has been refined over years we quickly get reports of any issues that entrants encounter.|
|Description of customisation||Each event/race gets its own custom page with over a hundred options. Race organisers or collaborators can customise how races are described and how people enter. Main customisation includes race title, short description and full description, banner image, price points, discount codes, age categories, UKA affiliation, charity collections, custom entry fields, courseinformation and event information. Our specialist race configuration page walks you through all of the options to ensure your race is listed correctly to maximise entries.|
|Independence of resources||We currently handle hundreds of events per year across dozens of customers with heavy usage spikes without incident. System use is highly predictable due the time-based nature of events and we use this to ensure we have sufficient capacity on key dates. We have automated monitoring in place and are able to scale the system at any time.|
|Service usage metrics||Yes|
|Metrics types||Live entrant numbers compared against entry limit across all races. Live statement of income and costs for each event. The statement covers each price point, charity, refunds and other costs separately.|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Never|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||There is a download option for each event/race that provides a CSV file in various formats. There are download options specifically tailored for chip timing equipment.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||Secure Linux Shell restricted to RSA keys.|
Availability and resilience
|Guaranteed availability||Typically, we see no unplanned downtime for months. The service is occasionally interrupted for a couple of minutes during certain types of upgrade. We have not had an incident causing prolonged downtime for over three years.|
|Approach to resilience||We use a public cloud infrastructure provider that has high levels of redundancy in all of their equipment across two data centres. We are able to move the entire system to a different provider within one hour should there be a total failure of their systems. The underlying database technology provides real-time multi-master replication, a feature that we mainly use for downtime-free upgrades.|
|Outage reporting||We have an online dashboard provided by Uptime Robot covering the current status and last three months of downtime. This checks every 5 minutes and at the time of writing shows 100% uptime for three months.|
Identity and authentication
|User authentication needed||No|
|Access restrictions in management interfaces and support channels||Each event/race has it's own access control list allowing the creator to invite collaborators. All collaborators get the same level of access. Support is provided over email and phone and is not restricted, although we may take steps to verify the identify of the person requesting support for certain actions.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||First Data|
|PCI DSS accreditation date||24/01/2019|
|What the PCI DSS doesn’t cover||Servers only, SAQ type A.|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||All our secure services are run at a third-party data centre with the security managed according to PCI-DSS and ISO 27001. We do not keep data on any other devices except for temporary handling. All our workstations are managed in line with Cyber Essentials, although we are yet to apply for accreditation.|
|Information security policies and processes||
As a micro-business, both the reporting structure and ensuring policies are followed is far less complex that in a larger business.
All security decisions and reviews are taken at board level. All security reporting is made by board members to the board. Infrastructure security is handled by a named board member.
GDPR compliance is handled by a named board member. We do not manage our own infrastructure, we use a cloud service that has a range of security accreditations. We do not have any workstations that share a network, either physical or logical, with our infrastructure except at its internet connection points.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All changes are approved by the board and peer reviewed before consideration for deployment. The board determines the level of testing that is appropriate and performs GDPR and security assessments. Testing options include the use of the main test environment and/or a live-data upgrade rehearsal on a staging system. Our cloud platform provides a management interface to track existing assets and their configuration throughout their lifetime.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Our infrastructure provider managed network and physical security in accordance with ISO27001 and PCI-DSS. We manage operating systems and install security patches automatically as soon as they are available, typically within one day. Our bespoke software tools provide information about out-dated or known vulnerable components used in our systems. Our testing includes verifying key multi-tenant separations in our system that divides access for different customers.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We use an automated monitoring system that makes regular checks of our systems and infrastructure. This is under continuous development and review.|
|Incident management type||Undisclosed|
|Incident management approach||Due to the rarity of security incidents, all incidents are referred to the company board, and the board will take action and produce incident reports where appropriate. Users can report incidents by email, telephone or social media.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0 per transaction|
|Discount for educational organisations||No|
|Free trial available||No|