Bullet Brava: AI Chat Assistant for Public Health
A chat assistant, harnessing the power of artificial Intelligence (AI) to engage with people on a health improvement or behaviour change journey. Our tool delivers conversations through a range of communication channels (e.g. web, sms, Whatsapp, app). Offering tailored, personalised advice through an AI powered coach.
Features
- Allow people to have a conversation with your curated content
- Chat via range of channels (e.g. web, WhatsApp, Messenger)
- Chat assistant can interact with external systems
- Multi-lingual out the box.
- Chat available through text and voice messaging
- Full control over knowledge the assistant draws from
- Real time chat audits - monitor conversations
- Use AI to flag risk or safeguarding issues
- Sentiment analysis - understand how users feel during engagement
- Motivate and engage users through a behaviour change journey
Benefits
- Provide users with personalised information & assistance 24/7
- Conversational support for users on a health improvement journey
- User can chat in voice or text form
- Saves time for existing team
- Engage with users and offer personalised advice
- Lead users through a health improvement journey
- Supporting people whose first language isn’t English
- Gather useful feedback from service users
Pricing
£17,500 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 7 1 3 3 9 2 8 1 2 7 8 1 4 5
Contact
Bullet Web Development
Simon Wilson
Telephone: 07867 538 927
Email: simon@bulletdigitalsolutions.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Our service can be offered through existing channels such as WhatsApp, FB Messenger, Slack, Teams. But this is optional and would be part of setup, to understand how best to engage with the target audience.
- Cloud deployment model
- Private cloud
- Service constraints
- There are no real constraints as our service can be configured to operate across a range of communication channels (web, sms, Whatsapp, Teams, app).
- System requirements
- Modern Web Browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We will classify all error/bug requests as one of urgent, high, normal and low. We will respond to any support ticket (question) within 1 working day. If an issue is reported at the weekend we will respond on the next working day after that weekend.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Our tool is covered by our standard SLA which means buyers have access to our support ticketing system to report issues or ask questions. Tickets are assessed for severity and response times allocated. Where further information is needed, a member of our support team will correspond with the buyer through our support system to ascertain the additional information required.
Our core, reactive support service is included in our license cost.
At additional cost, we offer a more proactive support arrangement. Here a dedicated account manager would monitor the usage and interactions with your AI chat tool. We'd provide regular feedback on ares of knowledge we feel could be better served. In addition we'll provide commentary around your dashboard usage stats, should you need it. We'll also include quarterly workshop sessions to discuss ways we could enhance how the tool supports your users. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our service will start with a piece of consultancy where we'd spend time with the organisation and help them shape our AI chat tool to best service their audience. This will look at the knowledge that they have to train our AI assistant with, any processes or journeys they want to lead users through and an understanding as to how best to engage with end users. That could be deciding which communication channels are best to deliver our tool through (e.g. SMS, web, WhatsApp, Messenger). We will also look at any systems that are required to interact with (through function calls within the chat).
From this consultancy, we'll shape our proposed solution for use. A period of testing and tweaking will ensure the tool is ready for use. Should any marketing support be needed, we can offer this through our sister agency or help advise internal communications teams.
The selected communication channels will be integrated with and tested. Training will be provided for buyer's team around how to manage knowledge within the tool and how to monitor chats happening. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- Video screencasts
- End-of-contract data extraction
-
Chat history and knowledge are the core data aspects that are held within our chat tool. The chat audit history retention period can be set and defaults to 6 months. Any chat history that is required to be extracted will be downloaded in CSV format. Similarly any "knowledge" that has been input to power the chat replies, will be downloadable in CSV format. Although this information will generally have come form publicly available website pages or documents so may not be needed in extracted form.
Any data around usage reporting can be requested and provided in PDF format by us.
We don't ask for, or store any personally identifiable information so there is no extract for this. If any additional work has been procured to create online forms or other data capture needs, that information would be extracted and delivered in CSV format. - End-of-contract process
- At end of contract, the AI Powered chat service would be disabled for the organisation in question. This means any implementation powered through a web widget, WhatsApp or similar will cease to function. We'd help the buyer communicate this to their users before end of contract. There is no extra cost involved end of contract, the service provision would simply end, with any data requested, extracted and provided along with final usage reporting.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference, same functionality just different UI to cater for smaller screen. Our tool can also be accessed through existing user communication channels such as WhatsApp and Facebook Messenger (where buyer requires and this has been set up). Our tool is designed to integrate and be part of an existing user experience.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Our service can be used through variety of communication channels, as dictated by the buyer. These include web, WhatsApp, Messenger, Slack, Teams, SMS, an app. Channel choices are shaped around buyer need and the likely engagement from the user audience (based on their habits).
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Our service provides a chat interface for users (powered by AI). We can deliver the service through a range of communication channels including web, WhatsApp, Messenger and more. As such existing tools and the devices they sit on already lean on assistive technology. Any more bespoke integrations we do, we'll perform a more thorough period of interface testing to ensure users with accessibility needs can access and use. Out of the box, our tool allows interaction through voice which means we can cater for those with visual impairment. We will always consider our testing with a view to supporting a user through their device assistive technology, which they'd likely be using across other tools on their device.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Our core tool is an AI powered assistant. The knowledge it draws on is specific to the setting it sits and this knowledge is sourced from the buyer's expertise. Users can interact with our tool through a variety of communication channels and buyers can select which channels they'd like to support (e.g. WhatsApp, Web, Messenger etc). The context of the assistant and how it talks to users can also be shaped around a buyer's needs. Similarly if specific feedback or survey links need presenting to users, they can be tailored. And finally if there is data a buyer needs to present (e.g. from a directory) we can integrate with external APIs to consider this content and also pass data back to CRM's or similar systems (subject to relevant APIs, governance checks, DPI considerations).
Scaling
- Independence of resources
- Our solution is hosted on AWS technology and built to scale with demand. We are leaning on AI models (such as OpenAI, Google Gemini) which are also built to handle and scale to demand. Thus, we guarantee users will not be affected by increased demand on our service.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Buyers are able to access the service and monitor the conversations happening at any time. In addition they can monitor the feedback received and stats around how people are engaging (devices/channels). They will also be able to see data around any information that is being sought but not found by users as well as offering insight into content popularity.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- We don't hold any specific user data. As a user engagement/chat tool we hold conversations had. These conversations can be exported on request or from the organisation's dashboard/reporting area.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Our service guarantees a 99.9% uptime availability, as outlined in our Service Level Agreement (SLA). This SLA ensures that our services remain highly available and reliable, minimising disruptions and maximising efficiency for users. In the event that we fail to meet this guaranteed level of availability, users are eligible for service credits as compensation.
The process for claiming these credits is straightforward: users must submit a claim within 30 days of the reported downtime. Each claim is reviewed against our system logs to confirm the downtime duration. Credits are calculated as a percentage of the monthly service fee based on the severity and duration of the outage. For instance, if the availability falls below 99.9% but remains above 99%, a credit of 5% of the monthly fee is provided. Below 99%, the credit increases to 10%. - Approach to resilience
-
Our service is designed with resilience as a core principle to ensure continuous availability and robust protection of assets, in alignment with the government’s 2nd cloud security principle. Our resilience strategy includes redundant data centres located in geographically diverse regions. Each data centre operates on independent power grids and network connections to mitigate regional disruptions. The infrastructure utilises active-active replication to synchronise data across sites in real-time, ensuring no single point of failure.
Additionally, our systems are designed to automatically failover to backup facilities without service interruption in the event of a primary data centre failure. Regular disaster recovery drills are conducted to ensure rapid response capabilities and system integrity under various failure scenarios.
For security-sensitive details about specific data centre setups and resilience measures, this information is available upon request to ensure confidentiality and integrity of the infrastructure. This approach guarantees that our services remain operational and secure, even under adverse conditions, providing peace of mind and continuity for all users. - Outage reporting
-
Our service implements a comprehensive outage reporting system to ensure transparency and timely communication during disruptions. We provide several mechanisms for reporting outages:
Public Dashboard: Our users have access to a real-time, public dashboard that displays the current status of all services, including any ongoing outages or issues. This dashboard is updated continuously to reflect the most recent changes and conditions.
Email Alerts: Users can subscribe to receive email alerts for any service disruptions. These alerts provide immediate notification when an outage is detected and include regular updates until resolution. After the issue is resolved, a final summary email is sent detailing the outage duration, impact, and any steps taken to prevent future occurrences.
These reporting tools are designed to provide comprehensive and up-to-date information, allowing users to plan accordingly and minimise impact on their operations.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
- We enforce strict access controls on our management interfaces and support channels. This includes implementing two-factor authentication (2FA) for all login attempts. 2FA adds an extra layer of security by requiring a second verification factor, like a time-based code from a mobile app or SMS, in addition to a username and password. This significantly reduces the risk of unauthorised access even if login credentials are compromised, ensuring only authorised personnel can access sensitive information and make critical changes.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Our approach to security governance prioritises the protection of sensitive public data. We adhere to the National Cyber Security Centre (NCSC)'s guidance on secure development and deployment [NCSC secure development]. This means we integrate security throughout the software lifecycle, from initial design to ongoing maintenance. We also recognise the importance of risk management. By following a structured approach, we identify and mitigate potential threats to our services, ensuring public trust in our ability to deliver secure solutions.
- Information security policies and processes
-
As an SME in the UK, we prioritise security with clear policies and processes. We focus on:
Policies: We have developed an Information Security Policy outlining data protection, access controls, and incident response. We reference NCSC guidance [NCSC secure development] for secure development practices.
Processes: We implement risk assessments to identify vulnerabilities and mitigation strategies. We regularly update software and conduct penetration testing.
Reporting: We assign a senior manager to oversee information security. All staff should report security incidents through a designated channel.
Enforcement: We regularly review policy adherence through audits and training. Disciplinary procedures address security breaches.
This structured approach, with clear ownership and reporting, demonstrates our commitment to information security.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our approach integrates version control for robust tracking and security assessments across component life cycles. Each component is logged in a Configuration Management Database (CMDB) detailing versions, deployment, and interdependencies. Changes are managed through version control, supporting detailed documentation, branching for isolated testing, and precise audit trails. Each update undergoes a rigorous security impact assessment before approval and implementation. Post-deployment, we monitor for stability and security compliance, ensuring continuous integrity of the service. This systematic use of version control enhances control and transparency in our change management process.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our vulnerability management approach ensures continuous protection and rapid response across all services. We assess threats using industry-standard tools and intelligence from leading cybersecurity agencies and vendors. Each potential threat is evaluated for its impact and urgency, guiding our prioritisation for patch deployment. Patches are systematically tested and deployed within hours for critical vulnerabilities, ensuring minimal disruption. Information on emerging threats is sourced from trusted security advisories and databases, allowing us to stay ahead of potential risks. This proactive strategy ensures robust defence and maintains the integrity and security of our services.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our protective monitoring approach leverages advanced detection systems to identify potential compromises swiftly. Using a combination of real-time analytics and threat intelligence, we detect anomalies and signs of unauthorised access or activities. Upon identifying a potential compromise, our incident response team is alerted immediately. We initiate a standardised response protocol that includes containment, eradication, and recovery steps, typically responding to incidents within minutes. Our rapid response ensures minimal impact and quick restoration of services, while post-incident analysis helps strengthen future defences. This vigilant approach ensures continuous security monitoring and swift action on potential threats.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our incident management approach utilises predefined protocols for efficiency. Users can report incidents via a support portal, email, or phone. Each report is promptly categorised and addressed based on severity. Updates are communicated through the portal and emails, ensuring transparency. Post-incident, a detailed report is issued, reviewing the cause and resolution steps. This structured process ensures rapid and effective management of incidents.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
We believe our tool will help ensure staff use their time more efficiently and can focus on their skilled delivery. All too often teams are left answering very similar questions and fielding common customer service requests. Our AI Powered assistant will take the strain and provide end users with an interface to easily access organisation knowledge, navigate complex information and be led through complicated processes which might otherwise have needed 1 to 1 help from the team. Allowing staff to focus on their core delivery means they will feel more valued and able to help people within social care and public health. This is, naturally, leads to improved wellbeing and worth within the workplace.
Pricing
- Price
- £17,500 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- We'll set up a small demo based on a subset of knowledge provided to us to allow potential buyer to try the service on some sample "chat" scenarios. We'll input that knowledge and allow buyer to interact with the AI chat to test potential output.