Technical specifications offers an all-in-one platform designed for the evolving needs of art professionals working in archives, on catalogue raisonnés, and with museum collections.

The platform’s comprehensive functionality for creating, managing, and publishing online reduces the time and financial investment required by custom and hybrid solutions. Teams across the globe manage more than 15 million resources and 50 thousand artworks with the platform.


  • Web application
  • Relational database with bilateral linking 
  • Display API and online web publishing capabilities 
  • Data migration kit and services
  • Digital asset management
  • Data protection
  • Hosting
  • Optical character recognition (OCR) and full-text search 
  • Large-team collaboration capabilities
  • Integrated universal style guide, Getty vocabularies, and citation formatting 


  • Handle every aspect of archive and collection management on one web-based platform
  • Seamlessly share media, artworks, and information with the public via online publishing features
  • Quickly find assets and information with complex search and autogenerated fields
  • Secure information with user roles and permissions controlled by administration
  • Efficiently complete daily tasks by working in a single platform at the same time as team members
  • Bring visitors deeper into an institution’s holdings by sharing archival documents, publications, art information, and art works in the same system  
  • Options for email and video call customer success support 


Starting at 1499€ / month

Free trial available

Service documents


HPF Innovations GmbH
Seestr. 35-37
14467 Potsdam


Service scope

Cloud deployment model

Public cloud

Service constraints

System requirements

  • Modern browser
  • Internet connection

Software add-on or extension


User support

Email or online ticketing support

Email or online ticketing

Support response times clients have multiple options for contacting support: our team is reachable by email or by submitting a request from within the solution. Standard support is available on weekdays from 9am to 6pm (CET). 

Support outside of regular business hours is available by request, or for peak times including weekends. We respond to inquiries within one business day. 

After submitting a support request, the client is kept updated by email ​or via the support site. 

User can manage status and priority of support tickets


Video call support

Yes, at extra cost

Onsite support

Yes, at extra cost

Support levels

All subscriptions include access to technical and end-user information and support services by email and the ticket portal. Through the ticket portal, clients can submit support requests, feature requests, and access the knowledge base. Any additional levels of support can be agreed to and defined within an optional Service Level Agreement.

On-site support is available at our standard day rates.

The services of Technical Account Managers and Cloud Support Engineers are also available.

Support available to third parties


Onboarding and offboarding

Getting started offers tailored onboard training sessions, delivered remotely. We also provide user documentation.

Service documentation


Documentation formats


End-of-contract data extraction staff can export data into standard data exchange formats on request.

End-of-contract process

There are no defined off-boarding costs at the end of the contract, except if the client requires a non-standard data format for data extract or other special services. Unless otherwise agreed, all data is deleted 30 days after the contract's end date. Once the contract has ended, access to the client's browser-based system is revoked.

Using the service

Web browser interface


Supported browsers


Application to install


Designed for use on mobile devices

Yes, partly

Differences between the mobile and desktop service

Public website is optimized for mobile devices, data entry platform is optimized for desktop use.

Service interface


Description of service interface is built upon standards-based, open source software languages, libraries, and toolkits. Communication between the browser and server is accomplished using RESTful web services over the secure HTTPS protocol.



What users can and can't do using the API

The API is an additional functionality that can facilitate opportunities for data sharing and collaboration. The default API includes: Keyword Search and All Public Records. The API provides data in JSON for all types of published content, including individual objects; package objects and packages created in Collections; keywords; advanced and/or filtered results, exhibitions and constituents records in Collections. Individual objects and object-related media are also available.

API documentation


API documentation formats


API sandbox or test environment


Customisation available



Independence of resources

The architecture is designed to support large numbers of concurrent users and includes load-balanced servers, which can scale horizontally. Ongoing monitoring is used to help ensure that CPU usage across the various servers is maintained below 80%. Alarms are used to automatically scale the infrastructure should the CPU on any server remain above 80% for longer than 5 minutes. 


Service usage metrics


Metrics types

Availability, response times, and application logs include usage.

Reporting types

  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type

Not a reseller

Asset protection

Knowledge of data storage and processing locations


Data storage and processing locations

  • United States
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations

User control over data storage and processing locations


Datacenter security standards

Managed by a third party

Penetration testing approach

Third-party service

Protecting data at rest

  • Physical access control, complying with another standard
  • Encryption of all physical media

Data sanitisation process


Data sanitisation type

  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed

Equipment disposal approach

Complying with a recognised standard, for example DoD 5220.22-M (E) and ISO 27001

Data importing and exporting

Data export approach

Most of the data held is fully accessible to the client in a range of User Interface export functions. These functions provide the means to export data in CSV, Word or PDF. Administrators can also manage SQL backups on a desired, needs-based schedule.

Data export formats


Other data export formats

  • CSV
  • Word
  • PDF

Data import formats


Data-in-transit protection

Data protection between buyer and supplier networks

  • Public network 
  • TLS (version 1.2 or above)

Data protection within supplier network

  • TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability offers 99.9% guaranteed uptime.

Approach to resilience

Self-healing infrastructures, continuous monitoring and automatic scaling.

Outage reporting

A public dashboard.

Identity and authentication

User authentication needed


User authentication

  • 2-factor authentication
  • Username or password

Access restrictions in management interfaces and support channels

The system holds its own passwords, which are fully encrypted and stored only as encrypted values. The password policy is enforced which includes complexity requirements. Administrators also have the ability to reset passwords.

Management access authentication

  • 2-factor authentication
  • Dedicated link (VPN)
  • Username or password

Audit information for users

Access to user activity audit information

Users have access to audit information on request

How long user audit data is stored for

At least 1 week

Access to supplier activity audit information

Users contact the support team to get audit information

How long supplier audit data is stored for

At least 12 months

How long system logs are stored for

Between 1 week and 6 months

Security governance

Named board-level person responsible for service security


Security governance certified


Security governance approach

Based on ISO 27001

Information security policies and processes has a comprehensive Information Security Management System (ISMS) in place. Our ISMS Policy document provides an overview of the company, the activities it carries out, and the operational quality standards to which it conforms. It also carries information about where procedural information is located and detailed information on documentation requirements for essential procedures. is a SME and, therefore, has a straightforward reporting structure. The Chief Operating Officer (COO) is the company's Information Security Manager (ISM), supported by the Senior Management Team (SMT).

Operational security

Configuration and change management standard

Supplier-defined controls

Configuration and change management approach

All changes within the application are tracked through a strict workflow using JIRA software project management. Issues are prioritized based on various factors, including impact, performance, and risk. All application changes are reviewed by a secondary developer and checked by Quality Assurance prior to being included in a release. In the source code repository, separate issue branches are used for each individual issue. 

All changes within the application infrastructure are also rolled out in the same way, providing a gapless audit trail of changes and the possibility to restore the infrastructure and application version to any point in time.

Vulnerability management type

Supplier-defined controls

Vulnerability management approach

Information about potential threats are collated from internal and external sources, as well as gathered through the use of industry standard pen testing tools. All identified threats and/or vulnerabilities are assessed for risk and impact, and then categorized by priority. Any required service patches are fast-tracked through the development cycle and deployed as soon as possible once verified by the Quality Assurance team.

Protective monitoring type

Supplier-defined controls

Protective monitoring approach

Key metrics are monitored 24/7/365, including CPU, RAM, Network Traffic Throughput, Latency, and File Space Usage. All application instances are also monitored 24/7/365. Application access request logs are monitored and analysed. Any incidents are logged and analysed as a priority, with any required action initiated at the earliest opportunity.

Incident management type

Supplier-defined controls

Incident management approach

All occurring incidents within the TMS Suite are logged and tracked through a strict workflow using industry standard issue management software. Users can report incidents directly to our Customer Services team. Communication with users regarding incidents is managed through an industry standard help desk system.

Secure development

Approach to secure software development best practice

Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks




Starting at 1499€ / month

Discount for educational organizations


Free trial available


Description of free trial

30-day free trial with no obligations attached.