Technical Overview

Commonplace is an independent, private company owned by founders, staff and investors. We are a social business with social objects in our Articles of Association: to increase participation; to surface unheard voices; and to help activate communities as better collaborators.

We are purpose-led with a belief that by creating positive impact we will also achieve commercial success. We do this by: 

• Facilitating a shared understanding of needs between our customers and the community. We do this as early in the project as possible.
• Capitalising on the strengths of digital tools to create trusted conversations.
• Generating constructive collaboration that reduces projects risks and increases mutual value.

• Web-based application for both admins and respondents that runs in all modern browsers including Chrome, Safari, Firefox, Edge, across desktop, tablet and mobile.
• Choose your own Commonplace domain. 
• Upgrade to custom domain.
• Respondents are required to confirm their email address in order to publish their contribution.
• Set your own custom branding and build unique content and survey questions in our drag & drop editor.
• Invite administrators to join your team and set appropriate access rights based on their role.

• The platform is fully GDPR compliant, handling sensitive data since 2014, please check our Privacy Policy.
• We are registered for Data Protection with the UK Information Commissioner's Office.
• We are CyberEssentials certified and ISO 27001 certified.
• We conduct an annual penetration test with remediation of Critical and High issues within a 30 day re-testing window.
• A number of policies, including our Information Security Policy are available upon request.

• You own all response data collected through Commonplace. We act as a data processor and are independent controllers for our own purposes.
• All respondent data is safeguarded through pseudonymisation.
• Special category data is fully anonymised, unless you specifically request for and are approved for a pseudonymised view.
• All data is stored in the United Kingdom, cloud hosted by AWS.
• Your privacy policy will be uploaded alongside the Commonplace Privacy Policy to inform respondents on how their data will be handled.
• Encryption of data at rest.
• Personal data is retained until completion of a project and removal of the project from the Commonplace platform. 

• The service is fully hosted with Amazon Web Services, located in London, UK and compliant with ISO 9001, ISO 27017 and ISO 28018.
• The hosting infrastructure is designed for resilience by including redundancy to support failover.
• 99.90% service uptime guarantee with 365x24x7 application monitoring and alerting.
• UK office hours email and phone support.
• Online knowledge base and product guides available 365x24x7.
• Commonplace performs regular data backups with regular tests to ensure resilience.
• Users are informed of any exceptional planned downtime with 7 days notice, with downtime only ever being planned between 11pm and 5am UK time.
• Profanity monitoring of contributions in accordance with the Acceptable Use Policy.

• Compliant with Web Content Accessibility Guidelines version 2.1 AA standard (with accessible workaround options for some add-on features).
• Custom branding set to conform to colour contrast requirements.
• Dedicated accessibility page for your Commonplace, see example.