Pugpig Bolt is a mobile engagement platform.
With Bolt you can build beautifully simple branded apps that allow you to communicate with your teams, customers or consumers on any mobile device.
It's aimed at informing and interacting with your audience, while driving up loyalty, engagement and advocacy.
- Bolt is a complete mobile communications and engagement platform
- Native apps for iOS and Android as well as Web
- Content ingested from any CMS or source (including social)
- Widget-based architecture makes it flexible and extendible
- Articles, video, podcasts, products, questionnaires, promotions, products
- Fully integrated analytics through GA and others
- Integrated with all push providers (e.g. UA, AppBoy)
- Supports all app stores (iTunes, Google Play, Amazon)
- Full integration with authentication systems
- Used by some of the biggest brands in the world
- Publish content across all platforms with one process
- Get apps up and running in just a few days
- Requires no technology expertise
- Simple, fast and intuitive user experience
- A much more engaging way to communicate
- Can be fully open or secured through authentication
- Use our dashboard to manage and track app performance
- Allows you to capture user analytics and interests/opinions/feedback
- Add advertising and promotions quickly and easily
£10000 per licence per year
Kaldor Ltd (Pugpig)
+44 203 405 5238
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||We integrate and act as the mobile publishing channel for any CMS. We have tight integration in particular for Drupal and Wordpress, but can work with many others|
|Cloud deployment model||Public cloud|
|System requirements||No requirements - technology is hosted by us.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Critical - 1 hour
High - 2 hours
Medium - 4 hours
Low - 2 days
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||We use either Citrix Go to Meeting, Skype or Google Hangouts. We can support other tools if needs be|
|Web chat accessibility testing||Not known|
|Onsite support||Yes, at extra cost|
|Support levels||Available upon request based on requirements|
|Support available to third parties||Yes|
Onboarding and offboarding
Our standard product is shipped with a starter pack which provides all the support necessary to get your app up and running.
Documentation is available for configuring, customising and using the platform.
Training is also provided by our onboarding team
|End-of-contract data extraction||All data is held in a CMS in structured form and can be exported through various means.|
At the end of the contract, the buyer can choose to continue for an additional 12 months or to cancel the contract.
Pugpig pricing includes everything you need to operate the service.
Additional packs for integration with 3rd party systems and for template design can purchased but are not always required
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Our architecture is fully architected to work across all devices, specifically mobile.. This can be demonstrated upon request|
|Accessibility standards||None or don’t know|
|Description of accessibility||We use Zendesk and therefore support their accessibility features...|
|Description of customisation||
Pugpig is a fully customisable platform. - All aspects of the service can be customised.
Customisation can be executed by us or by your own technology team (or supplier)
|Independence of resources||
All our services are hosted on AWS servers with all the appropriate load balanced capabilities configured. All managed by Datapipe.
Our CDN is provided by Fastly
|Service usage metrics||Yes|
|Metrics types||We integrate with the leading analtics engines including Google Analytics, Flurry, Omniture out of the box. We can also integrate other systems as required|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
No user data is held at any time by our systems.
We integrate with third parties for these services.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
If held in our Wordpress instance, through standard Wordpress tools.
Otherwise, data is held in your own CMS
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||For the customer facing aspects of the solution, the only pieces of critical infrastructure are Amazon AWS and Fastly, both of which offer > 99.9% availability on their SLAs.|
|Approach to resilience||
Available on request,
All managed on AWS through Datapipe. Our critical pieces of infrastructure (Amazon S3/EC2/RDS/SQS/Cloudsearch, and Fastly CDN) are all designed with resilience in mind.
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Each customer receives a unique domain for the management interface (e.g. company.admin.pugpig.com). Clients can choose to restrict access to their domain by IP range if required. We ensure data is segmented between customers.
We provide various roles for customers so, for example, different users can access billing information vs content.
Our support channels are all based on ZenDesk, so we piggyback on their security systems.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||All managed on AWS through Datapipe.|
|Information security policies and processes||
Available on request,
All managed on AWS through Datapipe.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
NOTE: On request, we can provide a full SIG Lite (http://sharedassessments.org/products/2017-sig-lite-bundle/) document that provides a large amount of detail on many of the questions in this and the following sections.
All source code and configuration is managed using BitBucket (Atlassian hosted Git). Tickets are managed via Atlassian JIRA. All configuration is stored in Laravel .env files, not in source code, but is version controlled. We have an audit trail in the database and in log files of all configuration changes made through the user interface.
Our clients regularly run their own Pen Tests.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
All operating systems are automatically patched overnight with any security patches - we would rather risk a bug than a security hole. The patches are rolled out to thousands of other (Ubuntu) servers around the world, and we have only ever had one instance of a security patch introducing a problem, and a new patch that fixed it was released within hours.
We automatically upgrade our other systems (for example Wordpress) when security patches are released.
Our management company (Datapipe) performs vulnerability assessments, and alert up to issues.
We subscribe to the Ubuntu Security mail lists (email@example.com)
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our managing company, Datapipe, perform vulnerability scans, and have a layer of intrusion detection on top of the Amazon AWS systems which also provide some.
To date, none of our systems have been compromised. However, the servers are all emphemeral so can be rebuilt should something happen. They are isolated from one another using Amazon security rules, and separate VPCs for different environment. Not that we don't own any physical servers or have our own network, so the surface area is small.
We have additional systems that monitor the operation system/software of our servers.
|Incident management type||Supplier-defined controls|
|Incident management approach||
All of our critical incident reporting (Incidents/Tasks/etc) are reported and monitored via Datapipe's Cloud Based ticketing system.
Users report incidents to use via telephone or our support system if relevant. We provide incident reports to our users via email, although to date we have not had to do this.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£10000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
We are able to create free simple trial and demo apps for limited use. These are fully functioning and are accessible for a number of weeks. They are not available for commercial use, only for trial purposes.
More complex proofs of concept can also be developed on a day rate
|Link to free trial||Www.pugpig.com - has links to many of our apps|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|