1
Company overview
Commonplace is an independent, private company owned by founders, staff and investors. We are a social business with social objects in our Articles of Association: to increase participation; to surface unheard voices; and to help activate communities as better collaborators.
We are purpose-led with a belief that by creating positive impact we will also achieve commercial success. We do this by:
- Facilitating a shared understanding of needs between our customers and the community. We do this as early in the project as possible.
- Capitalising on the strengths of digital tools to create trusted conversations.
- Generating constructive collaboration that reduces projects risks and increases mutual value.
2
Platform overview
- Web-based application for both admins and respondents that runs in all modern browsers including Chrome, Safari, Firefox, Edge, across desktop, tablet and mobile.
- Choose your own Commonplace domain.
- Upgrade to custom domain.
- Respondents are required to confirm their email address in order to publish their contribution.
- Set your own custom branding and build unique content and survey questions in our drag & drop editor.
- Invite administrators to join your team and set appropriate access rights based on their role.
3
Information Security
- The platform is fully GDPR compliant, handling sensitive data since 2014, please check our Privacy Policy.
- We are registered for Data Protection with the UK Information Commissioner's Office.
- We are CyberEssentials certified and ISO 27001 certified.
- We conduct an annual penetration test with remediation of Critical and High issues within a 30 day re-testing window.
- A number of policies, including our Information Security Policy are available upon request.
4
Data protections & ownership
- You own all response data collected through Commonplace. We act as a data processor and are independent controllers for our own purposes.
- All respondent data is safeguarded through pseudonymisation.
- Special category data is fully anonymised, unless you specifically request for and are approved for a pseudonymised view.
- All data is stored in the United Kingdom, cloud hosted by AWS.
- Your privacy policy will be uploaded alongside the Commonplace Privacy Policy to inform respondents on how their data will be handled.
- Encryption of data at rest.
- Personal data is retained until completion of a project and removal of the project from the Commonplace platform.
5
Service level
- The service is fully hosted with Amazon Web Services, located in London, UK and compliant with ISO 9001, ISO 27017 and ISO 28018.
- The hosting infrastructure is designed for resilience by including redundancy to support failover.
- 99.90% service uptime guarantee with 365x24x7 application monitoring and alerting.
- UK office hours email and phone support.
- Online knowledge base and product guides available 365x24x7.
- Commonplace performs regular data backups with regular tests to ensure resilience.
- Users are informed of any exceptional planned downtime with 7 days notice, with downtime only ever being planned between 11pm and 5am UK time.
- Profanity monitoring of contributions in accordance with the Acceptable Use Policy.
6
Accessibility
- Compliant with Web Content Accessibility Guidelines version 2.1 AA standard (with accessible workaround options for some add-on features).
- Custom branding set to conform to colour contrast requirements.
- Dedicated accessibility page for your Commonplace, see example.
Sub-processors
Commonplace uses some third-party applications and sub-processors in order to deliver the service to customers and community members. We maintain an up-to-date list of these applications with a description of what they each do, what types of data they process and where they process it on their website. Please see our sub-processor page.