EPOINTS REWARDS LIMITED

Recognition, Reward and Employee Benefits Platform and App Supporting Wellbeing

The Each Person platform enhances work culture and streamlines HR duties by simplifying the management of employee recognition, unique rewards, and employee benefits, and its app is multi-language. It supports mental wellbeing, physical wellbeing, and financial wellbeing to improve overall employee satisfaction whilst addressing climate change by supporting reforestation.

Features

• Employee Recognition & Employee Rewards: Financial Rewards and Employee Gifting
• Award Nominations: manage any voting scheme / employee nomination scheme
• Employee Discounts & Exclusive Savings: shopping discounts and fuel card
• Employee Assistance Programme: 24/7 EAP, online support, in-person employee counselling
• GP on Demand: reduces GP strain, avoids queues with callbacks
• Earned Wage Access: Withdraw earned salary, accessing money when needed
• Long Service Recognition, Birthday Recognition: automate celebration of major milestones
• Employee Surveys: Gather employee satisfaction insights with integrated surveys
• Salary Sacrifice: sal sac for car leasing, Cycle2Work, nursery, holidays
• Reporting & Insight: real time analytics reporting on benefits utilisation

Benefits

• Employee Retention: employee benefits, rewards and anniversaries instil company values
• Employee Satisfaction: improve employee engagement with employee recognition and milestones
• Financial Wellbeing: Salary access, employee discounts and employee savings
• Employee Wellbeing: EAP, GP On-Demand enhancing mental health, physical health
• Employee Engagement: Motivation from reward schemes, nomination awards, and recognition
• Talent Attraction: Salary sacrifice, employee benefits and total reward statement
• Workplace Culture: Employee Surveys, recognition programs create supportive environments
• Employee Feedback: employee engagement through nomination schemes and company surveys
• Process Efficiency: Automating celebrations, benefits management saves time, administrative costs
• HR Insights: Real-time benefit utilisation analytics for better decision making

£0.00 to £0.25 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.norbury@eachperson.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

422380493464351

Contact

Matt Norbury
07500886077
m.norbury@eachperson.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No service constraints
• System requirements: Browser Compatibility with Google Chrome, Mozilla Firefox, Microsoft Edge, Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support working hours are 9am -5pm with response times within 1 hour of support ticket/email raised,; ; Over the weekend, our support response times at within 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We utilise a market leading web chat facility called LiveAgent (found at LiveAgent.com which boasts numerous accessibility features but does not adhere to a specific standard. In addition the Each Person platform includes screen reader, colour/hue management, text size adjustment features to assist users with visual impairment.
• Web chat accessibility testing: We have tested all Each Person core features with assistive technology users but the web chat is not included in that test suite.
• Onsite support: Onsite support
• Support levels: We offer free customer support services from 9am to 5pm, Monday through Friday to all our clients. Our support team is available via email, phone, and live chat. We assist customers with enquiries about the Each Person platform, as well as provide support for additional services like the Diesel card and Salary Sacrifices. This ensures that clients can reach us during regular business hours through various channels for help with any questions or assistance they may need regarding our platform and associated offerings.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We produce a project plan to onboard any organisation which includes training for Managers/Admins, training for employees both online and onsite, user guides and documentation, one-pagers and emails. We then post launch have minimum monthly reviews on metrics such as activation levels in order to target areas of an organisation that haven't adopted. ; ; Certain features that can be automated such as Birthdays/Long Service milestone ecards encourage adoption also.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: When contracts end and any time during the contract the end user has the right to be forgotten which can be triggered via online form. Once a contract goes to an end all user data relating to their use of recognition, reward and employee benefits is obsfuscated from the Each Person database. Other features the employee can continue to access such as online discounts via their own personal email/password combination. Users can delete their account thereafter using online interface.
• End-of-contract process: At the end of a contract we support a clients team in terms of dates that services are withdrawn at no cost. We will also agree a base set of comms to be sent to users at no additional cost and will obsfuscate the user data automatically. Support is provided ongoing free of charge to any users that still attempt to access the service beyond the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Each Person is a mobile first web application so all webpages are build first and foremost for mobile browsers then reformats to use a wider display of tablet/desktop. ; ; We also have an app that can be downloaded to compliment the web offering and take advantage of push notifications and local storage.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Webpages displaying the features/benefits of Each Person accesible to SuperAdmins, Managers, and Employees who get tailored views based upon access levels.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: All core features of Each Person are tested with visually impaired users to ensure the Screen Reader, colour/hue management, and text size adjustment features enable full navigation and utilisation
• API: Yes
• What users can and can't do using the API: The API can be used to manage the process of adding, editing, deleting users, and for all manor of reporting functions. The API also allows clients to embed content into their applications for better visibility of the overall offering.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Branding, features, navigation are all customisable as well as clients being able to add in their own benefits to the platform that reside outside of the Each Person offering. This gives total control for clients to get the benefits they want under one roof.

Scaling

• Independence of resources: In AWS, autoscaling is used to automatically adjust the number of computing resources based on the user load, ensuring optimal performance and cost efficiency. This is achieved through Amazon EC2 Auto Scaling, which monitors applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. By setting defined parameters and thresholds, autoscaling can dynamically scale up or down the number of EC2 instances in response to increased or decreased demand. This feature is crucial for handling unexpected spikes in traffic, maintaining application performance during peak times, and reducing costs during off-peak times by minimising idle resources.

Analytics

• Service usage metrics: Yes
• Metrics types: Registered Employees; Active Employees (all employee from client); Active Managers; deleted users(leavers); Churn rate; Total Active Unque Senders ; Active Recipients (Unique); Total Cards Sent; Type of card Sent; E-card with-out gifting; E-cards with Epoints; E-cards with product; Nomination Ecards; Event Ecards; Happy Birthday; Happy Work Anniversary; Happy 15 Year Anniversary; Happy 20 Year Work Anniversary; Happy 10 Year Work Anniversary; Happy 30th Work Year Anniversary; ; manager (department gifting); Peer to Peer; Peer to Peer gifting; Automated Sends; Manual Sends; ; E-card open Rate (mandrill - client specific?); New Active + Repeat Active + Reactivated Active = Total Active; Lapsed (At Risk)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: CareFirst, YellowNest, Let'sConnect, Halfords, ElectricVehicleCompany, AspireTravel, Flexearn

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data via request online form or through our support email address. This data is then returned to the user within 5 working days.; ; For data exports relating to the use of the system then SuperAdmins and Managers have the ability to export information in real-time related to their access levels. This shows usage and engagement data within the platform
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data is encrypted at REST by AWS KMS
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 5.1 Each Person shall provide at least a 99.9% uptime service availability level ("Uptime Service Level"). This availability refers to an access point on Each Person's hosting provider's backbone network. It does not apply to the portion of the circuit that does not transit the hosting provider's backbone network, as the Company is responsible for its own internet access. Availability does not include Maintenance Events as described in paragraph £ of Schedule 2, Company-caused or third party-caused outages or disruptions (except to the extent that such outages or disruptions are caused by those duly authorised third parties sub-contracted by Each Person to perform the Services), or outages or disruptions attributable in whole or in part to force majeure events within the meaning of clause 11 of the Agreement.
• Approach to resilience: Available on request
• Outage reporting: Account Managers within the customer success team will reach out, we also have email alerts to identified stakeholders

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: We have username and password authentication. The authentication is very securely managed by AWS Cognito user pool; We also have some clients who authenticates via SSO. A secured SAML is used for authentication where information exchanged is encrypted and verified by Eachperson and third party IDP both
• Access restrictions in management interfaces and support channels: End users cannot sign up directly they must be loaded in by clients either manually or via API. This loading in process also defines access rights of users which restricts what they can see/do within the platform.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: We have username and password authentication. The authentication is very securely managed by AWS Cognito user pool; We also have some clients who authenticates via SSO. A secured SAML is used for authentication where information exchanged is encrypted and verified by Eachperson and third party IDP both

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/10/2025
• What the ISO/IEC 27001 doesn’t cover: Nothing that pertains to the running of the service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We operate an audited ISMS which flows through every aspect of our business. From recruitment to offboarding of employees and all areas of contact with internal and customer data. Monthly ISO meetings, and more quarterly ISMS Meetings track progress, we use an accredited BSI auditor as a monthly consultant to help guide our business to maintain accurate risk register and are diligent with any supplier we engage with completing full security audit before engagement. Training is mandatory for all employees within the business and we use Knowbe4 to maintain this.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Tracking service components involves cataloging all hardware, software, and data in a centralised asset inventory with detailed specifics like version, location, and security controls. Each asset is classified by importance and assigned ownership for security and maintenance. Lifecycle management spans from procurement to disposal, including regular reviews for compliance with security policies. Changes begin with a detailed request and undergo a security impact analysis and a tiered approval process. Prior to deployment, changes are tested in a controlled setting, documented thoroughly, and post-implementation performance is monitored to ensure they do not compromise security, adhering to ISO 27001 standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our ISO 27001-compliant vulnerability management process involves continuous monitoring and assessment of potential threats using tools like intrusion detection systems and regular security audits. We prioritise and deploy patches to our services promptly, often within hours for critical vulnerabilities, ensuring minimal exposure. Information about potential threats is sourced from reputable security advisories, including vendor bulletins, CVE databases, and industry collaboration groups. This approach enables us to swiftly adapt to emerging threats, maintaining robust defense mechanisms against security vulnerabilities to protect our services and data effectively.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes utilise advanced detection tools like SIEM systems to identify potential compromises through real-time analysis of network traffic and anomaly detection. Upon detecting a potential compromise, our incident response team is notified immediately. We aim to assess and respond to incidents within minutes. The response protocol includes containment, eradication of the threat, and recovery of affected systems, followed by a thorough investigation to prevent future occurrences. This swift and structured approach ensures that any impact is minimised, maintaining the integrity and security of our services.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes are structured around pre-defined protocols for common events, ensuring a systematic and efficient response. Users can report incidents through multiple channels including email, a dedicated phone number, and a secure web portal, facilitating ease of access and prompt communication. Upon resolving an incident, we provide detailed reports through our incident management system. These reports include an analysis of the incident, actions taken, and recommendations for future prevention. This ensures transparency and continuous improvement in our incident handling procedures, aligning with ISO 27001 standards for information security management.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  We donate 5% of our company annual profits to supporting eco-projects which fight climate change. We encourage users to donate their cashback/rewards from employer to plant trees as an example initiative we back. Finally, whenever an employee buys something in our shop which spans every online and high street retailer a small part of their cashback is routed to eco-projects.

  Tackling economic inequality

  Each Person gives discounts every week exclusive to our platform equating to £100-£250 in money off savings. In addition we give cashback of up to 20% on every online and high street retailer. We save employees money on essentials such as fuel and everyday items such as cinema/eating out. Free home/car insurance is an example of material savings employees make helping with economic inequality.

  Wellbeing

  Our platform has a Wellbeing hub featuring Employee Assistance Programme (including 6 face to face or online counselling sessions) Earned Wage Access and GP on Demand. In addition, there are numerous resources available to help support mental, financial and physical health.

Pricing

• Price: £0.00 to £0.25 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our platform is available free of charge to NHS and other public sector organisations. SSO is not free but license fee is waived for those organisations. For free clients some benefits to their employees are limited such as cashback levels

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.norbury@eachperson.com. Tell them what format you need. It will help if you say what assistive technology you use.