Transit app

Transit app - Multimodal Journey Planner

Transit app is a MaaS app covering UK national, regional and local mobility with real-time information for public transport, on-demand transport, micromobility, and ridehail with off-the-shelf integrations. Unique UX/UI design proposed with an original grey-label model, with innovative communication and gamification features for authorities and operators to boost ridership.

Features

• Real-time information for rail, bus, micromobility, on-demand, ridehail
• Real-time multi-modal journey planer
• On-demand offer display with multiple providers
• In-app ticketing for public transport
• Gamification features
• Rate-My-Ride instant survey features
• Network change preview mode
• Detour management
• API availability
• Grey Label app

Benefits

• Use the app to inform, book and pay for mobility
• Offer premium user experience making public transport easy
• Offer reliable passenger information with real-time data
• Make your demand response service known to all riders
• Boost public transport network usage through gamification
• Communicate easily with users through service alerts and banners
• Gather data from users through Rate-my-Ride instant surveys
• Display live bus disruption in the app with AI

£8,500 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at partners@transit.app. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

814531201960650

Contact

Xavier Boureau
+33 6 67 40 44 27
partners@transit.app

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The app is not offered under a white label scheme. We offer a unique grey label model in which the Transit app is customized and co-branded locally to the PTA/PTO brand. For static service information, the app supports only GTFS format; however, our data team can convert TransXchange to GTFS if necessary.
• System requirements: Customers should have transport schedule data (at minimum static information)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: High priority issue (e.g., app crashes on launch, trip planner non-responsive) = response within 3 hours, 8 am-8 pm GMT, 7 days per week.; ; Medium/low priority issue (e.g., errors in public transport schedule, ridehail not appearing) = response within 1 business day, 9 am - 5 pm GMT, from Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We identify 4 level of errors (from level 1 which are major bugs to level 4 which are minor bugs). All support for these errors are included in the system licence.; ; For Level 1 problems, notice will be by phone and email to pre-identified contacts. For Level 2-4 problems, notice will be by email. ; ; Transit will provide the customer with an emergency support email for Level 1 issues that gets routed to the appropriate staff member.; ; Transit has a variety of automated tools that notify the responsible employee when there are significant problems, including PagerDuty software which will alert key technical leads 24/7 of any system wide problems ensuring a rapid response.; ; For usability questions, product suggestions, general feedback and similar inquiries from End Users, Transit will use reasonable efforts to respond to inquiries over email or Twitter within 2 Business Days. ; ; Transit has no responsibility to answer passenger inquiries over any other channel, such as by telephone. Transit support staff works in the same office alongside developers providing easy access to the Transit technical team.; ; Transit provides a technical contact to each partner.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The Transit app is very simple to setup and to use for PTA/PTO customers. ; ; The grey model scheme makes the launch process fast and not time consuming for both the PTA/PTO side and on the Transit team side.; ; We propose a 6 week (minimum) launch process that includes:; (1) Kick-off meeting with Transit team and an app presentation, launch process explanation, and content gathering on the customer side (logo, graphic design to customize the app) (1h),; (2) Remote training sessions on how to use Transit back-office and statsboard, with PTA/PTO dedicated customer success manager (1h).; ; Transit also provide resources pages for customers on how to use Transit app tools.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Depending on the service used, we can remove the clients data from our system. Certain services that by their nature create data on behalf of the PTO/PTA (like Rate-My-Ride) can be exported at any time.
• End-of-contract process: For the service of Royale, individual users won't be able to use the premium version of Transit app and will have to pay themselves. For the rest of the services, no new data or APIs are available after the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app is the MaaS app, which is used by passengers to plan, book, and pay for their journey. For transport authority and/or operator staff, Transit provide a web based desktop back office to manage the service and have access to statistics.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The service interface is a back-office for PTA/PTO staff.; ; With this back-office, public transport authority and/or public transit operator staff can : ; ; Write service alerts and push them to passengers using the app in case of an operational issue. Have access to statistics of Transit app usage in their area.
• Accessibility standards: None or don’t know
• Description of accessibility: Chrome's Lighthouse audit of Transit service interface is above 70%.
• Accessibility testing: Transit has a dedicated group of visually-impaired beta testers who assist Transit in locating bugs related to screen readers and provide feedback on features. In addition, Transit works closely with consultants and its transport authority and operator partners to ensure it follows WCAG 2.0’s accessibility standards.
• API: Yes
• What users can and can't do using the API: Transit app's mobile MaaS app is based on APIs. Public transport authority and public transport operator staff can develop their own real-time information and journey planning tools (apps, web interfaces, kiosks, digital screens, etc) using our APIs for passengers. All journey planning features are available using the APIs.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Public transport authority or operator staff can customize the Transit app on a co-branded grey label scheme that promotes the partnership between Transit and the local PTA/PTO. During the setup-phase, customers can customize the Transit app:; (1) with their colors and logos;; (2) with dedicated links to the other apps and websites of the local transport networks to be added in the Transit menu;; (3) with off-the-shelf integration to local on-demand and/or ticketing providers;; ; This customization is done by the Transit team.; ; Throughout the contract, customers can also customize Rate-my-Ride questions if this option is activated.

Scaling

• Independence of resources: On the end-users side, the app is designed to scale as it already supports over 7 million unique end-users every month. Different auto-scaling technologies are applied depending on the platform, and they are all designed to respond to user demand (both passenger and PTA/PTO staff).

Analytics

• Service usage metrics: Yes
• Metrics types: PTA/PTO staff have access to a dashboard with a statistics tab with key figures on:; . App downloads; . Unique active users in various time periods; . App sessions, and sessions per user; ; These statistics can be analyzed by periods and by specific bus/train lines
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The Transit Account Passenger data is encrypted at rest in AWS's DynamoDB database. We use a AWS-owned key, as described here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html.; Our GCP-managed databases (CloudSQL, BigQuery) encrypt stored data. We have a handful of self-managed datastores for metrics collection that are unencrypted.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: PTA/PTO can ask to the Transit team to receive all data they added to the system (upon request), as well as statistics on app usage from passengers. ; ; Passengers using the app can request their data (activity on the app) that Transit will send in a JSON format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • CSV for app usage statistics
  • CSV/JSON for service alerts
  • CSV/JSON for Rate-my-Ride answers
  • JSON for passenger statistics
• Data import formats: Other
• Other data import formats:
  • GTFS
  • GTFS-rt

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99.9% of availability of core functionality in the Transit app, and we have SLAs to guarantee this availability. We have 4 levels of bugs with appropriate commitments for each of them.; ; Details for level 1: bug prevents the majority of users from accessing core functionality in the mobile app. Includes availability of trip planning and public transit schedules, purchasing tickets or cycle hire passes (in supported markets), crash-on-launch or other bugs that make the app unusable, or similar severity cases.; ; For this level 1, Transit acknowledgment of receipt or notice to partner within 3 hours (8am-8pm GMT - 7 days per week); ; For this level 1, Transit will make best efforts to find and deploy a solution within 8 hours post notice (7am-9am EST, 7 days per week).
• Approach to resilience: For Transit end user accounts: we use AWS-managed products. Our database backups are in two different regions. It's possible to re-deploy the software stack in another region if the main one we use is down.; ; For the rest of the infrastrcuture, all of our infrastructure resources are managed through configuration that can be adapated for redeployment to other regions in the case of large scale GCP outages. Our CloudSQL backups are multi-regional.
• Outage reporting: We report outages by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: End-users (passengers) are not required to authenticate to use the service. Users can optionally authenticate (to have access to statistics of their app usage and ensure app data such as favorite locations and preferred lines are properly recovered in case they replace their device) by creating a username and password. ; ; PTA/PTOs need to authenticate with a username and password to connect to the dashboard
• Access restrictions in management interfaces and support channels: The access is restricted by a login page with username and password
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: GoSecure, Inc.
• PCI DSS accreditation date: 28/03/2024
• What the PCI DSS doesn’t cover: Not applicable
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We approach security governance with a focused strategy that prioritizes the protection of sensitive data and compliance with regulatory requirements. We implement a comprehensive security framework that includes risk assessments and regular security audits. This framework is overseen by the CTO and aligns with industry best practices and standards.
• Information security policies and processes: Security testing is done in the context of our ongoing PCI compliance program (most recent audit completed in March 2024). The CTO is responsible for overseeing and annually reviewing the information security objectives; approving this policy and disseminating it to all staff; Security responsibilities are clearly assigned to Transit personnel; Managing all incidents including ensuring that all critical alerts invoke the incident plan; Overall responsibility for PCI DSS compliance; Assigning security responsibilities to members of his/her team; defining all activities for maintaining and monitoring the overall compliance with PCI DSS; Maintaining a security risk management program; implementing a security awareness program and have all Transit employees sit it at least annually; ensuring all staff is background screened before hiring. ; The software development Team Leads are also responsible for maintaining the PCI DSS program; ensuring all involved parties understand their responsibilities including vendors, service providers and suppliers; ensuring background screening is performed before new employees with access to production are hired; ensuring all other necessary policies and procedures are in place, annually reviewed, acknowledged and tested if applicable. ; The Transit senior management is committed to support this information security policy, its establishment, implementation, maintenance and continual improvement.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Services that access, store or process end user personal data are all under PCI DSS 4.0 compliance scope. Every change is reviewed and documented before it is released. Transit monitors known vulnerabilities through a variety of channels (Bugtraq http://seclists.org/bugtraq/, US-CERT alerts https://www.us-cert.gov/ncas/alerts, etc.). Services that access, store or process end user personal data are assessed every time a change is made. Their dependencies of projects are scanned by Snyk (https://snyk.io/) and GitHub. Servers in PCI scope are scanned monthly as part of our PCI compliance program.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The software development Team Leads are responsible for vulnerability management including the risk ranking of vulnerabilities and ensuring that Transit patches software as necessary, develops with security in mind according to international standards; have a documented secure software development process; have all failed code reviews, scans or software assessments followed up on with the necessary remediation and retested until all high vulnerabilities have been eliminated; have in scope services protected through a web application firewall with in depth security assessed at least annually (authenticated scan); cyber security vulnerability trends are monitored via emailing lists and other cyber security platforms.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Transit actively monitors the security of its infrastructure through passive aggregation of event logs, and active periodical scanning of its components and validation of their configurations. Logs are audited regularly to make sure no sensitive data is included. Results are documented. Transit has comprehensive logging processes and PITR (point-in-time-recovery). Regular backups are put into place for the payments and accounts software stack. Incidents are responded to according to our Information Security Incident Response, within 3 hours, and the CTO ensures the findings are communicated to the necessary parties within 3 business days from the incident response plan trigger.
• Incident management type: Supplier-defined controls
• Incident management approach: Transit has an Incident Response Plan, to be used in conjunction with the business continuity plan and the disaster recovery plan if required, depending on the nature and severity of the incident. Transit’s incident response plan follows six steps: preparation prior to an incident, identification of a compromise and its scope, containment of the breach to prevent further spread, eradication of the threat, recovery to normal operations, and a post-incident review to examine the lessons learned. Users can report incidents to info@transit.app, and a dedicated urgent email address is also provided to customers.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  For too long, cars have been at the centre of our lives. Today, cities are embracing better ways to get around: by bus, train, bike, and foot. At Transit, we help passengers make the most of them so they don’t need to own a car. When there are fewer cars, cities becomes a better place: one that's greener, more vibrant, and more joyful. We want to build the cities we want to live in, and incentivize passengers to take public transport or other sustainable mobility modes through our unique and intuitive design.

  Covid-19 recovery

  Public transport systems have suffered from Covid-19, with ridership levels still lower than in 2019 in many areas of the UK and across the world. Transit app includes key features that enable passenger to trust public transport networks again. The instant survey Rate-My-Ride feature, for example, includes questions on the number of people in bus at a specific time in case.; ; As not all public transport networks have restored pre-covid service levels, Transit's real-time information functionality makes it easier to know when your bus is arriving in cases where frequent service is reduced.

  Tackling economic inequality

  Transit app plays a key role in tackling economic inequality by making public transportation more accessible. By offering users efficient routes through public transport, Transit help reduce commuting costs and save time.; ; Transit provide real-time updates on schedules, delays, and service changes, enabling users to avoid unnecessary expenses and reach their destinations on time. The app optimizes travel routes, combining different modes of transport to improve efficiency.; ; Transit enhances access to employment, education, and healthcare services, supporting economic mobility for low-income individuals. Transit also include accessibility features, ensuring those with disabilities can navigate public transport with ease.

  Wellbeing

  By promoting car-free cities, Transit app promotes well-being by offering a convenient, affordable, and environmentally friendly alternative to private vehicles. By reducing stress associated with traffic and parking, it encourages a more relaxed commute. Transit app also facilitates transport access to essential services such as healthcare, education, and job opportunities, supporting overall quality of life.; ; Transit app contributes its share in reducing air pollution and traffic congestion, supporting cleaner, healthier urban environments. Additionally, walking to and from transit stops promotes physical activity, benefiting users' health. Accessible transport options enhance mobility for people with disabilities, further supporting community well-being. Overall, Transit app's promotion of public transport plays a vital role in creating healthier, more sustainable communities.

Pricing

• Price: £8,500 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The Transit app is available to passengers on a freemium model in all areas that are covered by the system. Potential PTAs and PTOs can download the app and use it in their area to test it.
• Link to free trial: https://apps.apple.com/gb/app/transit-live-bus-tube-times/id498151501

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at partners@transit.app. Tell them what format you need. It will help if you say what assistive technology you use.