Skip to main content

Help us improve the Digital Marketplace - send your feedback

Bullet Web Development

Bullet Brava: AI Chat Assistant for Public Health

A chat assistant, harnessing the power of artificial Intelligence (AI) to engage with people on a health improvement or behaviour change journey. Our tool delivers conversations through a range of communication channels (e.g. web, sms, Whatsapp, app). Offering tailored, personalised advice through an AI powered coach.

Features

  • Allow people to have a conversation with your curated content
  • Chat via range of channels (e.g. web, WhatsApp, Messenger)
  • Chat assistant can interact with external systems
  • Multi-lingual out the box.
  • Chat available through text and voice messaging
  • Full control over knowledge the assistant draws from
  • Real time chat audits - monitor conversations
  • Use AI to flag risk or safeguarding issues
  • Sentiment analysis - understand how users feel during engagement
  • Motivate and engage users through a behaviour change journey

Benefits

  • Provide users with personalised information & assistance 24/7
  • Conversational support for users on a health improvement journey
  • User can chat in voice or text form
  • Saves time for existing team
  • Engage with users and offer personalised advice
  • Lead users through a health improvement journey
  • Supporting people whose first language isn’t English
  • Gather useful feedback from service users

Pricing

£17,500 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon@bulletdigitalsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 7 1 3 3 9 2 8 1 2 7 8 1 4 5

Contact

Bullet Web Development Simon Wilson
Telephone: 07867 538 927
Email: simon@bulletdigitalsolutions.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Our service can be offered through existing channels such as WhatsApp, FB Messenger, Slack, Teams. But this is optional and would be part of setup, to understand how best to engage with the target audience.
Cloud deployment model
Private cloud
Service constraints
There are no real constraints as our service can be configured to operate across a range of communication channels (web, sms, Whatsapp, Teams, app).
System requirements
Modern Web Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
We will classify all error/bug requests as one of urgent, high, normal and low. We will respond to any support ticket (question) within 1 working day. If an issue is reported at the weekend we will respond on the next working day after that weekend.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Our tool is covered by our standard SLA which means buyers have access to our support ticketing system to report issues or ask questions. Tickets are assessed for severity and response times allocated. Where further information is needed, a member of our support team will correspond with the buyer through our support system to ascertain the additional information required.

Our core, reactive support service is included in our license cost.

At additional cost, we offer a more proactive support arrangement. Here a dedicated account manager would monitor the usage and interactions with your AI chat tool. We'd provide regular feedback on ares of knowledge we feel could be better served. In addition we'll provide commentary around your dashboard usage stats, should you need it. We'll also include quarterly workshop sessions to discuss ways we could enhance how the tool supports your users.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our service will start with a piece of consultancy where we'd spend time with the organisation and help them shape our AI chat tool to best service their audience. This will look at the knowledge that they have to train our AI assistant with, any processes or journeys they want to lead users through and an understanding as to how best to engage with end users. That could be deciding which communication channels are best to deliver our tool through (e.g. SMS, web, WhatsApp, Messenger). We will also look at any systems that are required to interact with (through function calls within the chat).

From this consultancy, we'll shape our proposed solution for use. A period of testing and tweaking will ensure the tool is ready for use. Should any marketing support be needed, we can offer this through our sister agency or help advise internal communications teams.

The selected communication channels will be integrated with and tested. Training will be provided for buyer's team around how to manage knowledge within the tool and how to monitor chats happening.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Video screencasts
End-of-contract data extraction
Chat history and knowledge are the core data aspects that are held within our chat tool. The chat audit history retention period can be set and defaults to 6 months. Any chat history that is required to be extracted will be downloaded in CSV format. Similarly any "knowledge" that has been input to power the chat replies, will be downloadable in CSV format. Although this information will generally have come form publicly available website pages or documents so may not be needed in extracted form.
Any data around usage reporting can be requested and provided in PDF format by us.
We don't ask for, or store any personally identifiable information so there is no extract for this. If any additional work has been procured to create online forms or other data capture needs, that information would be extracted and delivered in CSV format.
End-of-contract process
At end of contract, the AI Powered chat service would be disabled for the organisation in question. This means any implementation powered through a web widget, WhatsApp or similar will cease to function. We'd help the buyer communicate this to their users before end of contract. There is no extra cost involved end of contract, the service provision would simply end, with any data requested, extracted and provided along with final usage reporting.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference, same functionality just different UI to cater for smaller screen. Our tool can also be accessed through existing user communication channels such as WhatsApp and Facebook Messenger (where buyer requires and this has been set up). Our tool is designed to integrate and be part of an existing user experience.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Our service can be used through variety of communication channels, as dictated by the buyer. These include web, WhatsApp, Messenger, Slack, Teams, SMS, an app. Channel choices are shaped around buyer need and the likely engagement from the user audience (based on their habits).
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our service provides a chat interface for users (powered by AI). We can deliver the service through a range of communication channels including web, WhatsApp, Messenger and more. As such existing tools and the devices they sit on already lean on assistive technology. Any more bespoke integrations we do, we'll perform a more thorough period of interface testing to ensure users with accessibility needs can access and use. Out of the box, our tool allows interaction through voice which means we can cater for those with visual impairment. We will always consider our testing with a view to supporting a user through their device assistive technology, which they'd likely be using across other tools on their device.
API
No
Customisation available
Yes
Description of customisation
Our core tool is an AI powered assistant. The knowledge it draws on is specific to the setting it sits and this knowledge is sourced from the buyer's expertise. Users can interact with our tool through a variety of communication channels and buyers can select which channels they'd like to support (e.g. WhatsApp, Web, Messenger etc). The context of the assistant and how it talks to users can also be shaped around a buyer's needs. Similarly if specific feedback or survey links need presenting to users, they can be tailored. And finally if there is data a buyer needs to present (e.g. from a directory) we can integrate with external APIs to consider this content and also pass data back to CRM's or similar systems (subject to relevant APIs, governance checks, DPI considerations).

Scaling

Independence of resources
Our solution is hosted on AWS technology and built to scale with demand. We are leaning on AI models (such as OpenAI, Google Gemini) which are also built to handle and scale to demand. Thus, we guarantee users will not be affected by increased demand on our service.

Analytics

Service usage metrics
Yes
Metrics types
Buyers are able to access the service and monitor the conversations happening at any time. In addition they can monitor the feedback received and stats around how people are engaging (devices/channels). They will also be able to see data around any information that is being sought but not found by users as well as offering insight into content popularity.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
We don't hold any specific user data. As a user engagement/chat tool we hold conversations had. These conversations can be exported on request or from the organisation's dashboard/reporting area.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our service guarantees a 99.9% uptime availability, as outlined in our Service Level Agreement (SLA). This SLA ensures that our services remain highly available and reliable, minimising disruptions and maximising efficiency for users. In the event that we fail to meet this guaranteed level of availability, users are eligible for service credits as compensation.

The process for claiming these credits is straightforward: users must submit a claim within 30 days of the reported downtime. Each claim is reviewed against our system logs to confirm the downtime duration. Credits are calculated as a percentage of the monthly service fee based on the severity and duration of the outage. For instance, if the availability falls below 99.9% but remains above 99%, a credit of 5% of the monthly fee is provided. Below 99%, the credit increases to 10%.
Approach to resilience
Our service is designed with resilience as a core principle to ensure continuous availability and robust protection of assets, in alignment with the government’s 2nd cloud security principle. Our resilience strategy includes redundant data centres located in geographically diverse regions. Each data centre operates on independent power grids and network connections to mitigate regional disruptions. The infrastructure utilises active-active replication to synchronise data across sites in real-time, ensuring no single point of failure.

Additionally, our systems are designed to automatically failover to backup facilities without service interruption in the event of a primary data centre failure. Regular disaster recovery drills are conducted to ensure rapid response capabilities and system integrity under various failure scenarios.

For security-sensitive details about specific data centre setups and resilience measures, this information is available upon request to ensure confidentiality and integrity of the infrastructure. This approach guarantees that our services remain operational and secure, even under adverse conditions, providing peace of mind and continuity for all users.
Outage reporting
Our service implements a comprehensive outage reporting system to ensure transparency and timely communication during disruptions. We provide several mechanisms for reporting outages:

Public Dashboard: Our users have access to a real-time, public dashboard that displays the current status of all services, including any ongoing outages or issues. This dashboard is updated continuously to reflect the most recent changes and conditions.

Email Alerts: Users can subscribe to receive email alerts for any service disruptions. These alerts provide immediate notification when an outage is detected and include regular updates until resolution. After the issue is resolved, a final summary email is sent detailing the outage duration, impact, and any steps taken to prevent future occurrences.

These reporting tools are designed to provide comprehensive and up-to-date information, allowing users to plan accordingly and minimise impact on their operations.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
We enforce strict access controls on our management interfaces and support channels. This includes implementing two-factor authentication (2FA) for all login attempts. 2FA adds an extra layer of security by requiring a second verification factor, like a time-based code from a mobile app or SMS, in addition to a username and password. This significantly reduces the risk of unauthorised access even if login credentials are compromised, ensuring only authorised personnel can access sensitive information and make critical changes.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our approach to security governance prioritises the protection of sensitive public data. We adhere to the National Cyber Security Centre (NCSC)'s guidance on secure development and deployment [NCSC secure development]. This means we integrate security throughout the software lifecycle, from initial design to ongoing maintenance. We also recognise the importance of risk management. By following a structured approach, we identify and mitigate potential threats to our services, ensuring public trust in our ability to deliver secure solutions.
Information security policies and processes
As an SME in the UK, we prioritise security with clear policies and processes. We focus on:

Policies: We have developed an Information Security Policy outlining data protection, access controls, and incident response. We reference NCSC guidance [NCSC secure development] for secure development practices.

Processes: We implement risk assessments to identify vulnerabilities and mitigation strategies. We regularly update software and conduct penetration testing.

Reporting: We assign a senior manager to oversee information security. All staff should report security incidents through a designated channel.

Enforcement: We regularly review policy adherence through audits and training. Disciplinary procedures address security breaches.

This structured approach, with clear ownership and reporting, demonstrates our commitment to information security.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our approach integrates version control for robust tracking and security assessments across component life cycles. Each component is logged in a Configuration Management Database (CMDB) detailing versions, deployment, and interdependencies. Changes are managed through version control, supporting detailed documentation, branching for isolated testing, and precise audit trails. Each update undergoes a rigorous security impact assessment before approval and implementation. Post-deployment, we monitor for stability and security compliance, ensuring continuous integrity of the service. This systematic use of version control enhances control and transparency in our change management process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our vulnerability management approach ensures continuous protection and rapid response across all services. We assess threats using industry-standard tools and intelligence from leading cybersecurity agencies and vendors. Each potential threat is evaluated for its impact and urgency, guiding our prioritisation for patch deployment. Patches are systematically tested and deployed within hours for critical vulnerabilities, ensuring minimal disruption. Information on emerging threats is sourced from trusted security advisories and databases, allowing us to stay ahead of potential risks. This proactive strategy ensures robust defence and maintains the integrity and security of our services.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring approach leverages advanced detection systems to identify potential compromises swiftly. Using a combination of real-time analytics and threat intelligence, we detect anomalies and signs of unauthorised access or activities. Upon identifying a potential compromise, our incident response team is alerted immediately. We initiate a standardised response protocol that includes containment, eradication, and recovery steps, typically responding to incidents within minutes. Our rapid response ensures minimal impact and quick restoration of services, while post-incident analysis helps strengthen future defences. This vigilant approach ensures continuous security monitoring and swift action on potential threats.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management approach utilises predefined protocols for efficiency. Users can report incidents via a support portal, email, or phone. Each report is promptly categorised and addressed based on severity. Updates are communicated through the portal and emails, ensuring transparency. Post-incident, a detailed report is issued, reviewing the cause and resolution steps. This structured process ensures rapid and effective management of incidents.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Wellbeing

Wellbeing

We believe our tool will help ensure staff use their time more efficiently and can focus on their skilled delivery. All too often teams are left answering very similar questions and fielding common customer service requests. Our AI Powered assistant will take the strain and provide end users with an interface to easily access organisation knowledge, navigate complex information and be led through complicated processes which might otherwise have needed 1 to 1 help from the team. Allowing staff to focus on their core delivery means they will feel more valued and able to help people within social care and public health. This is, naturally, leads to improved wellbeing and worth within the workplace.

Pricing

Price
£17,500 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We'll set up a small demo based on a subset of knowledge provided to us to allow potential buyer to try the service on some sample "chat" scenarios. We'll input that knowledge and allow buyer to interact with the AI chat to test potential output.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon@bulletdigitalsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.