Hopstay provides a chatbot solution to optimise customer support for local governments & councils. We automate responses to frequently asked questions & allow citizens to access key services through messaging & voice platforms. This improves accessibility & makes customer support more efficient.


  • Citizen service automation (pre-coded modules ready for conversational interface)
  • FAQ automation
  • Messaging platform integration (Messenger, Zendesk, Intercom + more)
  • Voice platform integration (Amazon Alexa + Google Assistant)
  • Live & historical analytics (via platform)
  • Chatbot management (via platform)
  • Common database of council-related queries (centralised natural language processing)
  • Ongoing natural language processing (chatbot training)
  • API integration for connection to client systems


  • Automatically respond to frequently asked questions (optimise customer support)
  • Provide citizen services through commonly used platforms
  • Reduce the time it takes to process citizen services
  • Spend less time answering the same questions every day
  • Improve accessibility to council & citizen services


£10000 to £50000 per unit per year

  • Free trial available

Service documents

G-Cloud 11



Lucas Lovell



Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Firstly, current natural language processing is only available in the English language. German, French & Spanish are anticipated by end of 2019. Secondly, our chatbots integrate with 3rd party messaging platforms, such that performance of our service is also subject to those platforms. For example, if a chatbot is launched in Facebook Messenger, it is also subject to Facebook maintenance & potential down time. We manage the relationship between our clients & those 3rd party services to ensure prompt responses & bug fixes.
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to questions within 1 business day.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support No
Support levels We are prompt & responsive with all of our support inquiries & guarantee initial responses within 1 business day for technical issues that require immediate attention. Full support comes default & is not charged as an add-on. All clients will be given 1 technical & 1 business manager who will manage their account. Support inquiries can be made through either of those people. We have an ongoing relationship with all clients & are regularly in contact, both via phone, email & in person.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide all 3 types of training for our clients, depending on location & needs. For those within a nearby geography, we provide onsite training. This applies to those in the European continent, though they may choose to receive online training in addition or in place of. For those in a geography that is impractical to provide onsite training, we provide the same level of training online (via video conferencing software).
Service documentation No
End-of-contract data extraction All historical data can be downloaded in CSV format at any time via our platform which is accessible by all users. Leading up to the end of a contract, users can choose to download their data via this method. After users lose access to the platform (30 days after their chatbots have been removed), the data will be extracted by Hopstay & delivered to the user via email.
End-of-contract process At the end of a contract, users will lose access to all elements of the service. Firstly, all chatbots will be removed from any platform they are currently residing in. For example, a chatbot may reside in Facebook Messenger, Zendesk & Amazon Alexa. The service will no longer exist on these platforms & there will be no automatic response to any query made to the client through these platforms. However, any user accounts attached to these platforms will not be deleted. They remain the responsibility of the client. Secondly, the client will also lose access to Hopstay's chatbot management & analytics platform after 30 days of their chatbots being removed. This allows them to review performance for a 30 day period after termination. They may choose to download a CSV of their historical data during this period. If not, a CSV will be provided to the client at no extra charge at the end of the 30 day period.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The end user of our product (i.e. the citizen) may choose to access our product through a multitude of platforms. For example, a chatbot on Facebook Messenger will allow citizens to access the chatbot both through the desktop app, the mobile app & the widget residing on the client's website. The difference between the mobile & desktop service is aesthetic. The functionality is identical.
Service interface No
Customisation available Yes
Description of customisation Text, scope & flow of the chatbot can all be customised by our users. Text refers to any textual response offered by our chatbot. This includes but is not limited to introductory text, greetings & responses to questions. Scope refers to the questions that the chatbot can respond to. Flow refers to how the chatbot guides the user through the conversation. Users can customise this through our bot management platform or through contacting our team. Any user that has access to the platform or is assigned by the project lead may make these customisations. This will be established at the commencement of the project.


Independence of resources Our system is built with a modern technology stack designed to scale with users in order to provide a service no matter the amount of traffic incoming.


Service usage metrics Yes
Metrics types Live & historical analytics are provided through Hopstay's chatbot management & analytics platform. Key metrics provided are; number of users (new & unique), number of active users (daily, weekly, monthly), number of messages sent & received, number of handovers to staff member, bot access (platform direct or via website plugin), most common text queries & initial pathways (most common initial queries).
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Client data can be exported as a downloadable CSV file via our chatbot management platform or by contacting a member of our team. Under GDPR & important privacy legislation, we are also required to implement a way for the end user (i.e. the citizen interacting with the chatbot) to access their own data. They can do this through either contacting you (our client) or by contacting us (Hopstay, the service provider).
Data export formats
  • CSV
  • Other
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our system is designed to scale with increases & bursts of traffic and hosted on leading providers with an extremely high guarantee of availability. Integrations with third parties will be subject to their availability guarantees (for example, Facebook or Zendesk should a bot reside on those platforms). Historically, we have experienced an uptime of greater than 99% among all third parties
Approach to resilience Hosted on leading service providers behind load-balancers with scalable database infrastructure. All features are fully tested in replica environments before being rolled out to ensure no interruption of existing service. More details are available on request.
Outage reporting All outages are reported to clients via their chatbot management dashboard as well as via an email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Currently, access is not restricted. Any user of our platform has access to the full functionality of the platform.
Access restriction testing frequency Never
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security is governed internally by the assigned individual, who is the Technical Director of the company. Their role is to mandate & review all security procedures on an ongoing basis. This includes server security, systems security & data security relating to both client & end user data. They are responsible for the technical framework to secure our systems, risk & compliance with all GDPR & other privacy & security frameworks. Security is reviewed on an ongoing basis & the responsibility of the Technical Director is to respond to both technical & legislative changes.
Information security policies and processes The Technical Director & Managing Director work jointly on defining information security policies & processes. This includes internal data access policies, password policies, email policies, retention policies, network security policies, guest access policies & backup policies. The Technical Director is responsible for notifying the Managing Director in the case of a breach of one of these policies.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We monitor and track all components through their lifetime from concept to launch in order to have a fully documented record for monitoring & testing. All changes are assessed for potential security impact at every stage of its lifecycle.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our service is hosted with the leading cloud-based providers to help minimise potential threats. We keep our software up to date by applying patches and fixes as soon as an issue or potential issue is detected. Information on potential threats is provided by third-party sites & security information sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified by monitoring logs & the running resources. Once a potential compromise is found we act switfly to identify & isolate the issue, apply a patch to fix & perform a full system key rollover to make sure everything is secure.
Incident management type Supplier-defined controls
Incident management approach We follow a defined process to log, assign & resolve issues found. Users can report issues directly via the platform, email or phone. Users will be notified after an incident has been resolved via the platform or via email.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10000 to £50000 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Our free trial includes 1 month access to a basic Facebook Messenger chatbot populated with 25 frequently asked questions relating to your organisation. The chatbot will reside in both Facebook Messenger & as a widget on your website.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑