Futr AI Limited

Futr. Inside (Staff facing chatbot)

Your organisation runs on all sorts of tools, services and systems, from expenses and holidays, to knowledge sharing and reporting harassment. Eliminate vendor lock-in and costly retraining by plugging your staff into your legacy systems through our light chatbot overlay. Everything they need, on whatever channel they have to hand.


  • Conversational interface
  • Automation
  • Multilingual (over 160 languages) and multi-language detection
  • Broadcast
  • Emotion and sentiment detection
  • Seamless livechat handover
  • Data compliance by design
  • Multi-channel distribution
  • Intelligent queuing
  • Full audit trail


  • Automate repetitive tasks
  • Interact with data through conversational dialogue
  • Increased accessibility to services
  • Targeted content distribution
  • Improved compliance
  • Improved access to and visibility of data
  • Cost reduction
  • Improved service delivery
  • Improved data consistency and quality
  • 24/7 real-time usage


£1 per user per month

Service documents


G-Cloud 11

Service ID

8 7 0 3 0 5 7 1 6 8 4 4 0 5 6


Futr AI Limited

Andy Wilkins



Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Any service with an API or database connectivity.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
System requirements
Internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support levels are subject to individual service level agreements. We offer these based on availability, capacity and performance with associated tiered penalties should targets not be met.
Support available to third parties

Onboarding and offboarding

Getting started
For standard service, users have access to a wide range of online support documentation. For bespoke service, we would engage as agreed.
Service documentation
Documentation formats
End-of-contract data extraction
Export to all standard industry formats, for example, CSV, JSON, XML, Word, Excel, PDF.
End-of-contract process
We provide the export free of charge in any of the supported formats as a part of the standard contract.

Using the service

Web browser interface
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Description of service interface
Web app and admin chatbot to manage content, settings and broadcasts.
Accessibility standards
WCAG 2.1 A
Accessibility testing
User acceptance testing.
What users can and can't do using the API
Users can integrate their own products and services with our AI engine. There are no set limitations. We would discuss access based on the organisation's requirements.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Content customisation for basic service without any restrictions. Full customisation for bespoke services subject to agreement.


Independence of resources
Our standard service is cloud based and the agreements we have in place with providers such as Amazon (AWS) and Microsoft (Azure) include the ability to automatically scale on demand.

Bespoke services would utilise the same architecture unless agreed otherwise.


Service usage metrics
Metrics types
Standard service includes, distinct users, questions asked, languages used, daily activity, daily sentiment analysis, interactions per day, most common actions, cost savings, response times, confidence score and channel activity all as standard and real time.

Bespoke service can include any required metrics that can be extracted from the service.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We provide the export on request for the standard service. Bespoke services can include an API that the users can extract their data through.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Json
  • Word
  • Excel
  • PDF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • Json
  • Word
  • Excel
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Service levels are negotiated as part of the standard service with a sliding scale of availability targets. Associated penalties are also negotiable based on the targets and can include both refunds and / or service credits.
Approach to resilience
Our data centre is provided by Microsoft Azure services. This includes real time backup and restoration and automated data recovery for business continuity purposes.

Data is stored in 2 data centres with real-time synchronisation to avoid any localised service disruption.
Outage reporting
Public dashboard and email alerting as defined in service level agreements

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
We use domain driven authentication through industry solutions such as active directory and we use role based authorisation to manage restricted access.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We do not hold any data outside of the Microsoft Azure platform and utilise their security governance standards. Any partner details are stored on securely protected platforms.
Information security policies and processes
All employees are made aware of their responsibilities in relation to data security management on joining the organisation. Employees are responsible for reporting any data they feel should not be retained or for which access should be restricted to the Data Security Officer (DSO) who is a board member. Failure to do so is a disciplinary offence.

The DSO’s duties include a bi-annual review of any data that has been identified as requiring elevated protection and wherever possible deleting this data. In addition the DSO is responsible for bi-monthly audits of other data held on any platforms to ensure compliance.

An annual technical review is carried out in conjunction with the CTO to ensure the storage mechanisms in use remain suitable and proportionate for any data we are holding.

Our overriding principle is to only hold data where absolutely necessary. All our services are GDPR compliant by design.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We manage change control following a Gitflow model. We maintain 3 environments, Dev, UAT and Production with a defined release schedule.

Changes are developed in the Dev environment, pushed to UAT for testing and once signed off released to live, Up to 3 previous versions are retained should back out be required. Once the change is released to the live environment the UAT and Dev environments are refreshed to ensure any changes in progress are developed and tested on the latest version.

Changes are assessed for security, accessibility, usability and performance across all supported platforms.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our platform is built on cloud services and we rely on their advanced security, real time patching and threat assessment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our solutions are built on Microsoft Azure and Amazon Web Services. These services provide cutting edge 24/7 monitoring of potential threats.

This includes alerting to any potential vulnerabilities within service architecture and technical vulnerabilities. We receive notification of any identified threats so we can also analyse and understand the actions that have been taken to address them.

Remediation of identified threats is automated and real-time ensuring we are fully protected at all times.
Incident management type
Supplier-defined controls
Incident management approach
Our third line support is subject to supplier services. Internally we use processes that follow ITIL guidelines including:

Defined response and fix times in a service level agreement
Clear escalation paths with named individuals and timings
Paper forms should IT systems be unavailable
Users are able to report incidents using email, chat or phone
Incident reports are provided from our incident management software.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
Police National Network (PNN)


£1 per user per month
Discount for educational organisations
Free trial available
Description of free trial
We run a free trial for our basic functionality bot which includes FAQ's and broadcasts. This is typically limited to 2 months.
Link to free trial

Service documents

Return to top ↑