DOLPHIN HALEY LIMITED

Conversational AI Apps (Voice, Alexa, Digital Humans, Chatbots)

We are an IT agency that designs, builds, and runs Conversational Apps for Enterprises and Govt organisations.

These include services like voice apps (ex: Amazon Alexa) and Digital Human avatars - both of which leverage synthetic media and provide rich conversational experiences.

Features

• Voice Assistant Cloud Service
• Amazon Alexa
• Google Assistant
• Conversational AI
• Natural Language Processing
• Digital Humans
• Digital Avatars
• Chatbots

Benefits

• Customer Acquisition
• E Commerce
• Customer Retention
• Public Service Content
• Advertising and Marketing

£5,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ravi.lal@voxlydigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

344862305408040

Contact

Ravi Lal
07966271329
ravi.lal@voxlydigital.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: NA
• System requirements:
  • Cloud Based Software Application Architecutre
  • Cloud Storage
  • Cloud Database

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 12 Hours 7 days a week
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We categorise tickets into three priority levels:; ; High - These items will be actioned immediately and resolved within 8 hours; ; Medium - These items will be actioned within 4 hours and resolved within 24 hours; ; Low - These items will be actioned within 8 hours and resolved within 72 hours; ; This support will cover any of the services we host.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We create end user services (B2B2C) for enterprises and Government organisations. ; ; End users get access via smart speakers, smart phones, web and mobile. ; ; For Government clients, we can offer training and on-boarding on how to manage and measure the service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We provide many options to the client included setting up admin access to the cloud services hosting the application, providing source code and related databases, etc.
• End-of-contract process: We can either shut down the service for the client and delete all application software and databases; or we can faciliate handover to another agency or internal IT department if needed. ; ; For option 2 we will provide architecture and other required documentation.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Mobile service has 100% of the functionality of other interfaces.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Our service can be fully bespoke, meaning clients can specify features, content, use cases, analytics and other elements.

Scaling

• Independence of resources: We use public cloud services like AWS and Google Cloud; meaning we have access to near real-time scaling and high availability.

Analytics

• Service usage metrics: Yes
• Metrics types: Traffic Metrics (users, retention, splits by device type and service); Event Metrics (tracking steps in the user journey, etc).
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We generally do not hold any end user consumer data (PII) for our services. Our services are generally "content-only" services. However, we can easily make user data requestable and exportable when needed. We can provide exports as .csv or .odf formats - the user will of course need to be fully authenticated before they can obtain this data.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our services are typically hosted on AWS. Therefore the availability times are exceptional, they guarantee at least 99.9% availability for the following core resources which our solutions are typically built on.; ; - AWS Lambda (Cloud Computing); - AWS DynamoDB (Database); - S3 (Web/Asset Hosting)
• Approach to resilience: Data can be stored on AWS servers in the client's favoured region. For most UK/Europe clients we will use the EU-West-1 region (Dublin).; ; All data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256). In addition, any sensitive data such as passwords will be stored as hashes.; ; AWS users are forced to sign in using two factor authentication and strong passwords are enforced. Access keys for developers must be refreshed regularly and IAM roles are used to ensure users only have access to the minimum resources they require.; ; Preferably PII data will not be stored at all, unless it is essential for an application to function.; ; We are also happy to integrate client IT systems and databases if they would rather directly host application data on their servers.
• Outage reporting: Internally we will receive automated email alerts from AWS based on Cloudwatch alarms which we set up for the service.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: AWS users are forced to sign in using two factor authentication and strong passwords are enforced. Access keys for developers must be refreshed regularly and IAM roles are used to ensure users only have access to the minimum resources they require.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security Governance involves knowing where data and code is stored, run, updated, managed and administrated. Example policies include how access management, penetration testing and keeping code up to date, and many other areas. ; ; Details are available upon request on a per project basis.
• Information security policies and processes: Information security policies and processes documents avaialble upon request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Version control is managed using Git. All code is hosted in private Bitbucket repositories. Based on the project, we will decide whether to use GitFlow vs Trunk development workflow.; ; Package audits are run regularly to ensure all software modules are running secure, up-to-date versions.; ; All software will be thoroughly security tested by senior members of the technical team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our development team will routinely monitor security exploit feeds such as THN and Threatpost.; ; If potential threats are identified, software will be analysed and if necessary updated in line with suggested resolutions for the relevant vulnerability.; ; Patches to live services can and will be deployed rapidly (within hours) where neccessary.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cloudwatch alarms will be set to monitor suspicious spikes in activity, resulting in automated email alerts to the development team who will immediately look into the logs.; ; Analytics dashboards will also be used to monitor in-app events and traffic levels. If there is any suspicious activity identified it will be investigated immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: If an incident is reported, we will log it in our system before assigning it low/medium/high priority. Relevant parties will be communicated with openly as the issue is diagnosed and resolved. Only once we are satisfied the issue is resolved will the incident be closed. The incident will then be reviewed internally to determine root cause and learnings.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Alexa and Google Voice services can be built that provides the public with information on Fighting climate change.
• Covid-19 recovery:

  Covid-19 recovery

  Alexa and Google Voice services can be built that provides the public with information on covid-19 recovery.
• Tackling economic inequality:

  Tackling economic inequality

  Alexa and Google Voice services can be built that provides the public with information on Tackling economic inequality.
• Equal opportunity:

  Equal opportunity

  Alexa and Google Voice services can be built that provides the public with information on achieving Equal opportunity in society.
• Wellbeing:

  Wellbeing

  Alexa and Google Voice services can be built that provides the public with information on health and wellbeing. ; ; We have built several services that focus on parents, baby care, etc. including launching the first publically available NHS alexa skill.

Pricing

• Price: £5,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ravi.lal@voxlydigital.com. Tell them what format you need. It will help if you say what assistive technology you use.