Atchai Ltd

Atchai Foundation Chatbot Platform

The Foundation Chatbot Platform provides a hosted chatbot and conversational UI engine that integrates with most common messaging apps including Facebook Messenger, Slack, SMS.

The platform provides a way to program the behaviour (content and conversation flow) of the bot with a Domain Specific Language expressed in JSON format.


  • Basic chatbot behaviour can be defined without writing javascript code
  • Fully customisable with javascript code
  • Integrates with Facebook Messenger, Slack and more channels
  • REST API allows for integration with third party services
  • Integrates with for natural language processing


  • Create a rules-based chatbot
  • Engage with users on Facebook Messenger, Slack, SMS, Web
  • Automate customer service, triage, and similar problems.


£500 to £1100 per instance per month

  • Education pricing available

Service documents

G-Cloud 9


Atchai Ltd

John Griffin

+44 (0) 2031372845

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Two weeks notice will be given for normal scheduled maintenance.
System requirements
  • Content for the bot (we can be engaged to produce)
  • A Facebook Messenger / Slack or other messaging app account.

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times The service is managed and automatically monitored for availability and performance. We will respond to support requests within 8 business hours and support is available during normal business days in the UK (Monday to Friday 9:00 to 17:30, excluding Bank Holidays). Support requests refer specifically to questions about the normal operation of the application, requests that require a material change to the application may constitute a change request that would be dealt with under the complementary “Atchai Chatbot Customisation” service.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing None,
Onsite support No
Support levels Level 0 - Cloud Hosted Software Only - no support - Cost as per this service.

Level 1 - Cloud Hosted Software with UK Office Hours Web Ticket Support - Cost as per this service plus £300/month - Technical Account Manager

Level 2 - Cloud Hosted Software with UK Office Hours Phone & Web Ticket Support - Cost as per this service plus £600/month - Technical Account Manager
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started This service only covers the provision and ongoing cloud hosting of the platform. We encourage all buyers to engage us to assist with conversation design, implementation of the conversation workflow, and integration with third party software using our complementary "Chatbot Customisation" service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users have full access to the hosting environment and therefore may extract their data at any time. We can also be engaged to perform this operation under our "Chatbot Customisation" Service.
End-of-contract process This service only covers the provision and ongoing cloud hosting of the chatbot platform. Unless further services are procured, at the end of the contract the hosting will be terminated and the software will no longer be available for use.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is accessed from messaging apps - currently Slack and Facebook Messenger are supported. Both Slack and Facebook Messenger apps are available for a wide range of platforms, unfortunately these applications are outside of our control and we cannot make any guarantees as to their availability or quality.
Accessibility standards None or don’t know
Description of accessibility We make all attempts to ensure that the service we deliver within the messaging app makes use of best practices, but ultimately our service is only as accessible as the messaging app that is being used to access it.
Accessibility testing None.
What users can and can't do using the API There are two APIs, one is a code-based API for defining the content and workflow of the bot, and the other is a RESTful JSON API for users and messages.
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available Yes
Description of customisation The behaviour of the bot is fully customisable. Each interaction is defined within a .json file, making it easy for non-programmers to configure the conversation flow and content of the bot. Only a limited set of features are available out of the box, but it is easy for these to be extended by using the custom type system.


Independence of resources We do not virtualise the hosting that we purchase from our supplier. We work with a trusted supplier of cloud hosting to ensure that resources are shared fairly.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users may export their data by connecting directly to the MongoDB server.
Data export formats
  • CSV
  • Other
Other data export formats MongoDB
Data import formats Other
Other data import formats Json

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We endeavour to provide the most reliable Service as practical to Customers. To Customers in good financial standing with us we guarantee that our Services are available 99.5% of the time in a year, excluding scheduled maintenance.

Financial Recompense shall not be provided to the Customer if the service unavailability results from:
i. scheduled maintenance;
ii. circumstances beyond our reasonable control, including, but not limited
to DoS or other network attacks, upstream or 3rd party network outages, war , fire, flood, sabotage, labour disturbance, acts of God or government;
iii. any actions or inactions by You or any third party;
iv. breaking the terms of use agreement.
Approach to resilience Information available on request. You may also nominate a hosting provider that provides compatible hosting if you prefer.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Passwords, with 2-factor-auth.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Information available on request.
Information security policies and processes This service is provided with Official over Internet compliant hosting. Data centres are based in the UK and have ISO27001, ISO9001 & ISO14001 compliance, as well as being carbon neutral. All data is encrypted during transit using SSL, this is enforced with HSTS.

Application level security is ensured by enforcing coding standards and performing peer code reviews.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use a shared ticket management tool to communicate changes. In case of essential maintenance we will aim to give two weeks notice, though there may sometimes be urgent security patches that need to be applied at operating system level where we will advise more immediate action. Impact on your application will be advised before any action is taken.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Operating systems are automatically patched via linux distro. Vulnerabilities to third party libraries that our application depends on are monitored and patches are applied according to the risk.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Log and analytics systems are configured to alert our engineers to application downtime.
Incident management type Supplier-defined controls
Incident management approach We have a shared ticket management system for reporting incidents. We have predefined response to a bot application becoming unavailable - we will attempt to contact the administrator and offer to restore the application to it's original state.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 to £1100 per instance per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑