CONTENT SQUARE LTD

Digital Experience Analytics SaaS platform

Outcome: understand service users digital journeys and experience.
Our analytics platform analyses billions of digital behaviours, providing session replay, unique metrics, journey maps, visualisations, and recommendations to increase engagement, reduce costs to serve, improve user experience and identify issues / errors / bugs / frustration / fraud.

Features

• Digital user Journey Analysis
• Zone based Heatmaps
• Session recording/replay
• Mobile App Analysis
• Struggle Analysis
• Impact Quantification
• AI Insights
• Product Analytics
• Freedom from tagging
• Complete data capture. 100% of everything, always.

Benefits

• Map visitors progress through website from entry to exit
• Visualise users interaction and behaviour
• Reconstruct individual visitor sessions on your website or app
• Comprehensive insights into your mobile app experiences
• Find friction and errors that impact service-user journeys
• Prioritise issues based on impact to costs, revenue, or conversion
• Surface issues and anomalies automatically
• Connect directly with your web analytics, VOC, personalisation tools
• No sampling, trust your data to make decisions
• Deploy single tag once, never need to tag assets again

£40,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.cook@contentsquare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

711724913855730

Contact

Philip Cook
07932 437729
philip.cook@contentsquare.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Web access for users as SaaS product

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All support inquiries can be made through Zendesk
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We have a single premium support level that all our customers are provided access to. By doing this we are able to provide every customer with a Customer Success Manager, and access to technical support teams to resolve issues. This support cost is included as part of the annual contract and means we are able to provide all customers with the highest level of support and help/guidance.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We organize training workshops (onsite or remote), webinars and offer a rich library of functional online training resources, part of the Contentsquare University, to ensure that new users can identify and prioritize actions, focus on improving their business KPIs, master the Contentsquare platform and extract value very quickly. ; ; In parallel, our Solution Experts regularly reach out to users to ensure they are happy & comfortable with the foundational usage of the tool.; ; Finally, we also provide a purpose built forum (Contentsquare Community) where clients regularly exchange ideas & use cases with their peers to enhance their own knowledge of the tool.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: There is a pre-agreed time in the contracts to extract the data, this can be done via the data extraction API that exists.
• End-of-contract process: The contract covers the SaaS software component and data storage, so once the contract ends then the ex-customer will have the extent of the pre-agreed time to extract their data via the approved method and then store that elsewhere at their own cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: We offer 5 APIs to our clients:; 1 - Web Tracking Tag: Implement the Contentsquare Tag on your website; 2 - Mobile SDK: Implement Contentsquare in Android, iOS or React Native; 3 - Metrics API: Expose Contentsquare metrics in your own applications; 4 - Raw Data API: Retrieve the raw data flat files exported from Contentsquare; 5 - Third Party Integrations: Assistance to connect the Contentsquare solution to third-party tools; ; All the APIs are documented and user firendly.; ; Please find all the relevant information on the API documentation website: https://docs.contentsquare.com/
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Data anonymization options can be customized. The end user is in control of assigning privileged access and authentication.

Scaling

• Independence of resources: Contentsquare is an enterprise grade platform designed specifically for large scale usage. Huge investment has been put into the underlying infrastructure and architecture to ensure that we operate well below technical capacity - this ensures that we are always able to appropriately service our customers of any size and with any spike in demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: We use AES-256 for encryption at rest, in CBC mode
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data using our Metrics API and Raw data API. Both APIs are organized around REST. The APIs have predictable resource-oriented URLs, accept form-encoded request bodies, return JSON-encoded responses, and use standard HTTP response codes, authentication, and verbs.; > The Contentsquare Metrics API include mapping, page, zoning, goal segment and more.; > The Contentsquare Raw Data API allows for drilling through all the created export jobs, and to download the files generated by those jobs. ; Users can extract raw data at the pageview or session level.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The infrastructure is designed for resilience or restoration in case of service-impacting events. Contentsquare provides disaster recovery and business continuity through multiple means :; ; Use of several Availability Zones in the region; ; Use of an "infrastructure as code" paradigm which allows rebuilding a full platform form scratch; ; Replication of data in a backup region; ; Contentsquare main data are replicated into an other region that is fully segregated from the Ireland production region. This backup region is part of our Disaster Recovery Plan and comes with the following security feature:; ; Backup data are located in an isolated region that is not the same geographical location as the production one ; ; All data kept in the backup region are stored within encrypted (AES-256) S3 buckets.; ; The Disaster Recovery Plan is tested at least annually and RTO/RPO are compared with the below objectives:; ; RTO; ; Tag delivery = 1 hour; ; Data collection = 1 day; ; Data ingestion = 3 days; ; Application = 3 days; ; RPO; ; Tags delivery = N/A; ; Data collection = 1 day; ; Data ingestion = N/A; ; Application = N/A
• Approach to resilience: The infrastructure is designed for resilience or restoration in case of service-impacting events. Contentsquare provides disaster recovery and business continuity through multiple means :; ; Use of several Availability Zones in the region; ; Use of an "infrastructure as code" paradigm which allows rebuilding a full platform form scratch; ; Replication of data in a backup region; ; Contentsquare main data are replicated into an other region that is fully segregated from the Ireland production region. This backup region is part of our Disaster Recovery Plan and comes with the following security feature:; ; Backup data are located in an isolated region that is not the same geographical location as the production one ; ; All data kept in the backup region are stored within encrypted (AES-256) S3 buckets.; ; The Disaster Recovery Plan is tested at least annually and RTO/RPO are compared with the below objectives:; ; RTO; ; Tag delivery = 1 hour; ; Data collection = 1 day; ; Data ingestion = 3 days; ; Application = 3 days; ; RPO; ; Tags delivery = N/A; ; Data collection = 1 day; ; Data ingestion = N/A; ; Application = N/A
• Outage reporting: Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Two-factor authentication is enabled and mandatory for administrators. Contentsquare technical administrators can also connect to production servers via a unique SSH gateway, which is the entry point the the VPC. Server accesses are performed via 4096 bits RSA keys (private key protected by a passphrase). These accesses are only provided following an internal validation workflow that focuses on need-to-know and need-to-use principles. Furthermore, all sensitive accesses are reviewed every 6 months.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance
• ISO/IEC 27001 accreditation date: 4/4/2019
• What the ISO/IEC 27001 doesn’t cover: We have complete coverage
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 9/4/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Not applicable
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Contentsquare's ISMS is ISO 27001 and ISO 27701 certified.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Infrastructure changes including configuration changes are managed as code modification and follow the SDLC workflow (peer-review, traceability, etc.)
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: An annual penetration test targeting our infrastructure and public facing services is conducted annually by external security specialists. Monthly automated vulnerability scans and cloud compliance assessments (following the Foundations Benchmark) are also performed. As well, a private bug bounty program is in place.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Systems configuration are managed as code with Ansible. Weekly, systems are monitored with OpenSCAP and CIS benchmark to ensure compliance with security best-practices and that systems are free of vulnerabilities. Contentsquare leverages "unattented-upgrade" to perform daily check for new security patch and ensure that our systems are always up-to-date. A Host-based Intrusion Detection System (Wazuh - OSSEC fork) is implemented on all sensitive systems in order to monitor all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring. All security events are then pushed to a SIEM
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: A security incident management process is established to timely respond incidents. Contentsquare’s Security Incident Response Plan is made available on the intranet. Employees are made aware of how to report a potential security incident. Specifically, the incident response plan defines and documents types of incidents that need to be managed, tracked and reported, and includes the following:; ; Procedures for the identification, management, and resolution of security incidents; ; List of relevant authorities' contact information; ; Process for notifying customers (48 hours notification commitment upon discovery of a confirmed security incident impacting customer ; ; Process for learning from the incidents; ; Process for safeguarding evidence

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We have reduced the amount of travel our business conducts in order to limit air pollution.

Pricing

• Price: £40,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: In some instances, for larger engagements, we are able to deploy for free as we run a Proof of Value engagement for 1-4 weeks.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.cook@contentsquare.com. Tell them what format you need. It will help if you say what assistive technology you use.