Skip to main content

Help us improve the Digital Marketplace - send your feedback

VouchSafe

Vouchsafe

Vouchsafe is a general-purpose identity verification platform that works for the 1 in 5 UK residents who can't pass a traditional ID check.

All the user needs are the details of someone they trust who has photo ID; it even works if they have a thin or non-existent credit file.

Features

  • verify users, even without a passport or driving licence
  • users can prove who they are with their trusted relationships
  • no added complexity; we choose the appropriate verification option
  • use standalone, or with our OpenID Connect-compliant API
  • understand fraud risk level
  • configurable retention and audit trail policies
  • automatic AI-powered verification without any staff intervention
  • custom add-on checks like address or age verification

Benefits

  • meet statutory duties; open up your services to everyone
  • stop manually handling difficult cases; Vouchsafe handles them automatically
  • free up case worker time for more important tasks
  • confidently prevent fraud and deliberate misuse
  • add standardisation and accountability to your verification processes
  • meet GPG45 low or medium confidence
  • use it as a KYC or anti-money laundering check
  • use it as part of a right-to-work or right-to-rent check

Pricing

£2 to £20 a transaction

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chloe@vouchsafe.id. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 2 4 3 0 4 2 7 2 9 3 4 6 3 9

Contact

VouchSafe Chloe Coleman
Telephone: 07535 596229
Email: chloe@vouchsafe.id

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Vouchsafe can help you meet GPG45 low or medium confidence out of the box.

With the addition of extra checks, it can also support you in meeting high confidence.
System requirements
  • Latest three versions of major browsers (eg. Chrome, Safari)
  • 100 kbps minimum bandwidth for video selfies
  • Front-facing camera with minimum 320x240px resolution and 15fps framerate
  • Screen at least 4in with a refresh rate of 60Hz

User support

Email or online ticketing support
Email or online ticketing
Support response times
If it’s an emergency, we’ll reply within 30 minutes and update you every hour until the problem is fixed.

If it’s not an emergency, we’ll reply within one working day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
We do web chat support over Slack. See their accessibility statement here: slack.com/intl/en-gb/accessibility
Onsite support
Yes, at extra cost
Support levels
Our starter plan includes email and web support within normal business hours (9-5, Mon-Fri).

Our enterprise plan further includes a negotiable number of dedicated monthly support hours, charged at £60/hour.

Out-of-hours 24/7 support can also be added for an additional cost.

We provide every enterprise customer with a dedicated technical account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We have a team of specialists who can help you figure out (1) whether Vouchsafe is a good fit for the problem you're solving and (2) how to fit Vouchsafe into your existing services.

Although you can certainly use Vouchsafe on our starter plan without ever talking to us, relying only on the written documentation, we encourage every new customer to take us up on the offer of some free help and support, especially when getting started.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
If you'd like to stop using Vouchsafe, you can request a copy of your data by emailing help@vouchsafe.id. We'll agree on a secure way to share it with you.
End-of-contract process
If you'd like to stop using Vouchsafe, you can either keep your team and customisations dormant, or delete them altogether. If you do the latter, you'll have to start from scratch if you decide to start using VouchSafe again. There are no additional costs for any of this.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
N/A
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
All Vouchsafe features can be accessed and configured via the customer dashboard in any modern browser, including current and historic verifications, API keys, usage statistics, data exporting, team user management and audit log data. We also offer an API for integrating into existing services, which follows the OpenID Connect standard. Customers can integrate in as little as an hour, following our documentation and tutorials.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have tested the dashboard with screen readers, magnifiers and keyboard-only use. We include users of assistive technologies in our day-to-day user research.
API
Yes
What users can and can't do using the API
We have a public, documented API which you can use to (1) take the same actions you might take through the dashboard UI programmatically, and (2) integrate VouchSafe with your other services, seamlessly redirecting a user to us for verification and then back to you on success.

Your API access is secured with a token, which you can get from the dashboard.

The API follows the OpenID Connect standard.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The user-facing web interface can be white-labelled to resemble, say, a GOV.UK, NHS or local authority service. Fonts, logos and colours can all be modified.

Most customisations can be made directly via the dashboard.

Some aspects of the interface are important for security and accessibility, and can't be customised.

You can also decide what level of confidence you'd like users to be verified against, aligned to low, medium and high GPG45 confidence levels.

Scaling

Independence of resources
Vouchsafe is architected in a serverless way: our cloud infrastructure scales up and down with traffic. We use large cloud infrastructure providers who always have much more capacity available than we'll ever use.

Analytics

Service usage metrics
Yes
Metrics types
When you sign into the Vouchsafe customer dashboard, you'll see statistics for the number of verifications over time, the confidence levels obtained, along with other useful metrics. If you have unusual or specific needs when it comes to usage metrics, we can work out a different arrangement with you.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Normally, you'll do this through our documented public API, which is designed to integrate with your other existing systems. You can also manually export CSV data files.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We use reasonable endeavours to make the Service available 24 hours per day, 7 days per week, except for planned maintenance which we'll tell customers about in writing with good notice, and internet or other network problems outside our control. Our goal is 99.999% uptime.
Approach to resilience
We use serverless architecture hosted on large public cloud providers, crossing multiple datacentres. More info available on request.
Outage reporting
We have a public status page that details current and historic outages, and subscribe active customers to email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
The management dashboard includes the ability to manage team members. Team members can see historic and current verifications. Administrators can additionally change API integration settings and invite/revoke additional team members.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We have pending ISO27001 certification, which is expected in Q4 2024.
Information security policies and processes
We have an a Information Security Management System (ISMS) which outlines management commitment to information security aligned with ISO27001, which we will certify by Q4 2024.

As part of this system, we keep a risk log that is updated regularly, with mitigations, by our security working group, which meets quarterly.

All new starters get training in information security and privacy in their first month with yearly refreshing.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a formal change management process for our software that is aligned with ISO27001. We use ticketing systems so that changes can be audited. Changes to our production services are approved by an appropriate experienced member of staff who is qualified to make a judgement about any potential security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use well-supported operating systems and software for all our production services, and use serverless architecture to deploy new releases almost immediately. We use vulnerability scanners as part of our code release pipeline and subscribe to high-priority vulnerability notifications from all our vendors and suppliers, which are then deployed within a day or two.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our production services have monitoring and alerts set up for unusual or suspicious activity. An alert will be considered by our security working group, which will decide how to resolve it. If an alert happens out of hours, it will be directed to our on-call staff, who may decide to raise it to the security working group anyway. This way, we can resolve incidents 24/7.
Incident management type
Supplier-defined controls
Incident management approach
Our operations team will raise an incident, or it may be reported by users by emailing help@vouchsafe.id. We have pre-defined processes for different severities, including updating our public status page and alerting affected customers by email. We publish resolution reports on our public status page. The process is aligned with ISO27001.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity

Fighting climate change

Vouchsafe is a modern business with a remote-first culture and a small carbon footprint for our size. Our office space is in the adaptively re-used building Peckham Levels (peckhamlevels.org).

We consider climate stewardship in our supply chain and only use cloud infrastructure providers with the best climate credentials.

We have pending B-Corp accreditation.

Equal opportunity

Vouchsafe is a radically inclusive, co-designed product.

We’re making this work for the people most in need first: a segment of users who are underserved by other products.

People without good forms of ID are invisible to institutions. Vouchsafe will give these people a reliable way to prove who they are, without the need for them to have a paper document.

This is making it easier for them to receive a whole host of benefits and access to services they might not have been able to access otherwise.

This includes early preventative support rather than expensive crisis care or unlocking access banking and housing that are prerequisites for high-quality employment. This impact has been formalised in UN Sustainable Development Goal 16, target 9.

Vouchsafe is made with equality, diversity and inclusion in mind from the start.

It was built by a diverse, interdisciplinary team with lived experience of the issues, and where specific experience isn't in our team, we co-design with users who do have it.

Pricing

Price
£2 to £20 a transaction
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We offer the first 20 verifications or first month of use (whichever comes first) free, on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chloe@vouchsafe.id. Tell them what format you need. It will help if you say what assistive technology you use.