Hopstay provides a chatbot solution to optimise customer support for local governments & councils. We automate responses to frequently asked questions & allow citizens to access key services through messaging & voice platforms. This improves accessibility & makes customer support more efficient.


  • Citizen service automation (pre-coded modules ready for conversational interface)
  • FAQ automation
  • Messaging platform integration (Messenger, Zendesk, Intercom + more)
  • Voice platform integration (Amazon Alexa + Google Assistant)
  • Live & historical analytics (via platform)
  • Chatbot management (via platform)
  • Common database of council-related queries (centralised natural language processing)
  • Ongoing natural language processing (chatbot training)
  • API integration for connection to client systems


  • Automatically respond to frequently asked questions (optimise customer support)
  • Provide citizen services through commonly used platforms
  • Reduce the time it takes to process citizen services
  • Spend less time answering the same questions every day
  • Improve accessibility to council & citizen services


£10000 to £50000 per unit per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

1 0 7 3 3 1 5 7 6 6 1 1 5 1 9



Lucas Lovell



Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Firstly, current natural language processing is only available in the English language. German, French & Spanish are anticipated by end of 2019. Secondly, our chatbots integrate with 3rd party messaging platforms, such that performance of our service is also subject to those platforms. For example, if a chatbot is launched in Facebook Messenger, it is also subject to Facebook maintenance & potential down time. We manage the relationship between our clients & those 3rd party services to ensure prompt responses & bug fixes.
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to questions within 1 business day.
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Support levels
We are prompt & responsive with all of our support inquiries & guarantee initial responses within 1 business day for technical issues that require immediate attention. Full support comes default & is not charged as an add-on. All clients will be given 1 technical & 1 business manager who will manage their account. Support inquiries can be made through either of those people. We have an ongoing relationship with all clients & are regularly in contact, both via phone, email & in person.
Support available to third parties

Onboarding and offboarding

Getting started
We provide all 3 types of training for our clients, depending on location & needs. For those within a nearby geography, we provide onsite training. This applies to those in the European continent, though they may choose to receive online training in addition or in place of. For those in a geography that is impractical to provide onsite training, we provide the same level of training online (via video conferencing software).
Service documentation
End-of-contract data extraction
All historical data can be downloaded in CSV format at any time via our platform which is accessible by all users. Leading up to the end of a contract, users can choose to download their data via this method. After users lose access to the platform (30 days after their chatbots have been removed), the data will be extracted by Hopstay & delivered to the user via email.
End-of-contract process
At the end of a contract, users will lose access to all elements of the service. Firstly, all chatbots will be removed from any platform they are currently residing in. For example, a chatbot may reside in Facebook Messenger, Zendesk & Amazon Alexa. The service will no longer exist on these platforms & there will be no automatic response to any query made to the client through these platforms. However, any user accounts attached to these platforms will not be deleted. They remain the responsibility of the client. Secondly, the client will also lose access to Hopstay's chatbot management & analytics platform after 30 days of their chatbots being removed. This allows them to review performance for a 30 day period after termination. They may choose to download a CSV of their historical data during this period. If not, a CSV will be provided to the client at no extra charge at the end of the 30 day period.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
The end user of our product (i.e. the citizen) may choose to access our product through a multitude of platforms. For example, a chatbot on Facebook Messenger will allow citizens to access the chatbot both through the desktop app, the mobile app & the widget residing on the client's website. The difference between the mobile & desktop service is aesthetic. The functionality is identical.
Service interface
Customisation available
Description of customisation
Text, scope & flow of the chatbot can all be customised by our users. Text refers to any textual response offered by our chatbot. This includes but is not limited to introductory text, greetings & responses to questions. Scope refers to the questions that the chatbot can respond to. Flow refers to how the chatbot guides the user through the conversation. Users can customise this through our bot management platform or through contacting our team. Any user that has access to the platform or is assigned by the project lead may make these customisations. This will be established at the commencement of the project.


Independence of resources
Our system is built with a modern technology stack designed to scale with users in order to provide a service no matter the amount of traffic incoming.


Service usage metrics
Metrics types
Live & historical analytics are provided through Hopstay's chatbot management & analytics platform. Key metrics provided are; number of users (new & unique), number of active users (daily, weekly, monthly), number of messages sent & received, number of handovers to staff member, bot access (platform direct or via website plugin), most common text queries & initial pathways (most common initial queries).
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Client data can be exported as a downloadable CSV file via our chatbot management platform or by contacting a member of our team. Under GDPR & important privacy legislation, we are also required to implement a way for the end user (i.e. the citizen interacting with the chatbot) to access their own data. They can do this through either contacting you (our client) or by contacting us (Hopstay, the service provider).
Data export formats
  • CSV
  • Other
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our system is designed to scale with increases & bursts of traffic and hosted on leading providers with an extremely high guarantee of availability. Integrations with third parties will be subject to their availability guarantees (for example, Facebook or Zendesk should a bot reside on those platforms). Historically, we have experienced an uptime of greater than 99% among all third parties
Approach to resilience
Hosted on leading service providers behind load-balancers with scalable database infrastructure. All features are fully tested in replica environments before being rolled out to ensure no interruption of existing service. More details are available on request.
Outage reporting
All outages are reported to clients via their chatbot management dashboard as well as via an email alert.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Currently, access is not restricted. Any user of our platform has access to the full functionality of the platform.
Access restriction testing frequency
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security is governed internally by the assigned individual, who is the Technical Director of the company. Their role is to mandate & review all security procedures on an ongoing basis. This includes server security, systems security & data security relating to both client & end user data. They are responsible for the technical framework to secure our systems, risk & compliance with all GDPR & other privacy & security frameworks. Security is reviewed on an ongoing basis & the responsibility of the Technical Director is to respond to both technical & legislative changes.
Information security policies and processes
The Technical Director & Managing Director work jointly on defining information security policies & processes. This includes internal data access policies, password policies, email policies, retention policies, network security policies, guest access policies & backup policies. The Technical Director is responsible for notifying the Managing Director in the case of a breach of one of these policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We monitor and track all components through their lifetime from concept to launch in order to have a fully documented record for monitoring & testing. All changes are assessed for potential security impact at every stage of its lifecycle.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our service is hosted with the leading cloud-based providers to help minimise potential threats. We keep our software up to date by applying patches and fixes as soon as an issue or potential issue is detected. Information on potential threats is provided by third-party sites & security information sources.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified by monitoring logs & the running resources. Once a potential compromise is found we act switfly to identify & isolate the issue, apply a patch to fix & perform a full system key rollover to make sure everything is secure.
Incident management type
Supplier-defined controls
Incident management approach
We follow a defined process to log, assign & resolve issues found. Users can report issues directly via the platform, email or phone. Users will be notified after an incident has been resolved via the platform or via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£10000 to £50000 per unit per year
Discount for educational organisations
Free trial available
Description of free trial
Our free trial includes 1 month access to a basic Facebook Messenger chatbot populated with 25 frequently asked questions relating to your organisation. The chatbot will reside in both Facebook Messenger & as a widget on your website.

Service documents

Return to top ↑