Time to Spare

Time to Spare

Time to Spare is a community impact platform for voluntary and community organisations to manage data and to safely share reports of the work they do with funders and public bodies. These reports are used to estimate social value and to better allocate resources, support and funding.

Features

• Real time reporting
• Volunteer recruitment and brokerage
• Measure outcomes with standard surveys
• Combine local data with public open data
• Online booking platform
• Customer and case management for VCS organisations
• Quantitatively and qualitatively estimate social value
• Grant management system
• Referral network for voluntary and community services
• Automated discounts

Benefits

• Learn from monitoring reports
• Calculate the social value of your VCS projects
• Improve security of VCS data
• Encourage collaboration between community organisations
• Save time for VCS organisations doing monitoring and reporting
• Encourage volunteering and participation
• Increase access to community activities
• Make referrals to VCS organisations
• Increased volunteering
• Greater insights into community services

£400 to £1,250 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@timetospare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

937566622661442

Contact

Tom Neill
07411495842
tom@timetospare.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Web Browser
  • Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: On weekdays, the median response time for a support inquiry using our live chat is 2 minutes.; ; Our support is not guaranteed at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Intercom for our live chat, so rely on their testing for accessibility.
• Onsite support: Yes, at extra cost
• Support levels: As a small team, all our support is delivered by the core members of the team that wrote the software. We charge a daily rate for significant support requests, but will make small changes/bug fixes for free.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For buyers, we provide an onboarding call with a member of our team and can do an in-person demonstration (pandemic-permitting).; ; We have user guides in the form of video tutorials hosted on YouTube.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Video
• End-of-contract data extraction: This can be done on request in CSV or JSON format.
• End-of-contract process: Data extraction in CSV or JSON format comes included. Anything else is an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The reports and analytics cannot be accessed from the mobile service.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: They can use the API to access data on website visitors and locations of services.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Public bodies (the buyer) can customise the service by requesting custom dashboards, analysis and themes.; ; VCS organisations (third parties) can customise the data structure they use to collect their monitoring data. They can use standard impact surveys or they can create their own.

Scaling

• Independence of resources: We view our service as having 2 potential scaling bottlenecks and we have taken steps to address each one.; ; 1) Database access - we use a "global-scale" NoSQL cloud database that is very robust to heavy read and write loads.; ; 2) Hosting - we use a multi-cloud serverless hosting service, so that our hosting will scale automatically to increased requests.

Analytics

• Service usage metrics: Yes
• Metrics types: Our core service is providing reports on the work of VCS organisations. As a result, we provide metrics on the number of people these organisations work with, the frequency of their interaction and a number of other characteristics.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Some views or reports have a built-in CSV export.; ; For other specific details, an export can be requested using our live chat service.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: None
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All our management interfaces are restricted at account level. They require access to be specifically granted to each new team member.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We take security very seriously and all members of our small team are very clear of the steps we need to take to ensure data is kept securely. We conduct regular internal audits of our data security.
• Information security policies and processes: We maintain a detailed breach policy available on request and ensure that we are fully GDPR compliant.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use Git and Github for our version control and to integrate with our build and deploy system. This enables us to test and preview each change before it's made publicly available and to monitor our dependencies for security vulnerabilities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We deploy patches to our service as soon as we are able, usually within the day. We use Github's security vulnerability alerts to monitor our dependencies, and we proactively work internally to find security vulnerabilities in our software.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We respond as quickly as possible to any identified compromises.
• Incident management type: Supplier-defined controls
• Incident management approach: We maintain a version-controlled internal document of all incidents. For users affected by incidents, we send out an email alert within 48 hours of being made aware.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  None of our staff drive to work - we all cycle or take public transport; We write efficient code to minimise energy usage.; We volunteer to support tythe.org - an environmental charity and all full time staff of the company donate to it on a regular basis.
• Covid-19 recovery:

  Covid-19 recovery

  We are working with charities on the front line to support them to support individuals most at risk due to Covid and the related risks to that.; We supported businesses comply with track and trace regulations
• Tackling economic inequality:

  Tackling economic inequality

  We have taken on an apprentice software developer.; We provide work experience.; We work with many small charities to support them tackle economic inequality and to be more effective in their work.
• Equal opportunity:

  Equal opportunity

  We have an open hiring process that is based mainly on technical skills and not on interviews/cover letters, which are subject to bias.; We support people to grow whilst employed by the company.
• Wellbeing:

  Wellbeing

  All staff get unlimited holiday and are encouraged to take annual leave if they haven't.; We provide generous benefits such as free lunches and support where needed.

Pricing

• Price: £400 to £1,250 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide a free version with limited features, only including simple grant management software, a basic calendar and a referral network all showing information on up to 5 organisations.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@timetospare.com. Tell them what format you need. It will help if you say what assistive technology you use.