Safety, security, privacy, and admin controls

On Heylo, all groups have one default role, Admin.

Admins have ultimate control over the group. They can 

There are no limits on the number of admins in a group.

Admins have ultimate control over a Heylo group. They are responsible for managing all aspects of the group, fron members, group chats, events, and benefits, as well as member payments. They can also grant additional roles in the group. Every group starts with a default Admin role and the person who created the group starts as an admin by default.

What Can Admins Do?

Admins have comprehensive capabilities across all group functions. 

How many admins can a group have?

There are no limits on the number of admins in a group. You can have as many admins as needed to effectively manage your community.

Can admins remove other admins?

Yes, admins have the ability to remove other admins from their admin role. This is part of the comprehensive control admins have over group management. However, use this capability carefully as it affects group governance.

Can the original group creator be removed as admin?

Yes, even the original group creator can have their admin privileges removed by another admin. All admins have equal authority within the system.

How do I add a new admin?

1. Navigate to your group's Members section

2. Find the member you want to make an admin

3. Click on their profile or the menu options

4. Select "Grant Admin Role" or similar option

5. Confirm the action

Or, navigate to the admin role, and copy the invite link. Anyone with the link will join the group as an admin.

What happens when an admin leaves the group?

When an admin leaves or is removed from the group, they automatically lose their admin privileges. Make sure you always have at least one active admin to maintain group management capabilities.

Best Practices for Admin Teams

Share Responsibilities

• Distribute admin duties among multiple trusted members

• Create clear areas of responsibility (e.g., one admin for events, another for membership)

• Regular communication between admins ensures smooth group operation

Security Considerations

• Only grant admin privileges to highly trusted members

• Regularly review who has admin access

• Remove admin privileges promptly when someone steps down from leadership

Succession Planning

• Always maintain multiple admins to ensure continuity

• Document group procedures and policies

• Train new admins before they need to take full responsibility

Permissions

We strive to keep Heylo a safe and secure place for groups. Admins have the ultimate control over their group. These permissions help maintain order, privacy, and the overall functioning of the group.

To edit group permissions, navigate to admin settings from the group tab, and then select "Permissions."

Permissions can be granted to all members, admins only, or specific Roles.

Permission controls for onboarding new members

Admins control who joins their group and how their group appears on Heylo.

• Discoverability. Heylo can help promote your group by making it discoverable. Discoverable groups appear in Heylo Discover and on the profiles of members. When they join other groups on Heylo, all the members in those groups can see the discoverable group. Furthermore, Heylo helps discoverable groups by indexing group profiles and surfacing them on the web and search engines, like Google and Bing.
• New member approval. When set to manual, admins must approve all new members before they join the group on Heylo. This setting is agnostic of discoverability. Instead of seeing a “join” button on a group profile, new prospective members can “request to join”. The request sends a push notification to admins, and the prospective member is listed at the top of the members screen. Admins can either accept or reject the member. If accepted, the member gets automatically added to the group, notified, and presented with an invitation on Heylo. If rejected, the pending request disappears, and no one is notified. An admin can always initiate a direct message with a prospective member as well if any additional information is needed.
• Invitations. Admins can restrict who can send invitations to the group. When restricted to admins, members must communicate directly with admins via in-person or chat to request new members to be invited to the group.

Permission controls for members

Group permissions on Heylo also determine the level of access and actions that members can perform within a group.

• Group chats. New members can create new group chats from the chats screen
• Links. New members can create new group chats from the group screen
• Events. New members can create new group chats from the events screen
• Event check-in counts. Admins can control who can see total check-in counts on other members’ profiles.

It's critical for admins to carefully consider and configure group permissions to strike a balance between collaboration and privacy. By setting appropriate permissions, admins can create a safe and productive environment for group members to interact and engage according to the group’s culture and values.

PLUS 🚀 Pulse is included on Plus, Pro, and Business plans. Free groups can view the Payments chart tile. Learn more here.

Pulse is your group's analytics dashboard. It shows you how your members, events, chats, and payments are trending, and lets you tap any tile to see the actual people behind every number. From there, you can DM inactive members, thank top contributors, or follow up on payments without leaving the screen.

How to open Pulse

1. Open your group on Heylo
2. Select the group tab
3. Select Pulse analytics

What you'll see

• Members: active, total, new, and paid members. Tap to see who.
• Events: registrations and check-ins. Tap to see who's RSVPing or showing up.
• Chats: messages sent in your group. Tap to see who's most active in conversations.
• Payments: revenue from memberships, event tickets, and donations. Tap to see your top payers.

Adjust the view

• Date range: last 7 days, 28 days, 90 days (default), 12 months, year-to-date, this week, MTD, this quarter, or all time
• Compare to the previous period or the same period last year
• Switch granularity to daily, weekly, or monthly

Export

Every tile, toggle, and date range can be exported to CSV. The file is emailed to your admin email and can include up to 100,000 rows.

For group-wide exports, see the group admin tab.

Who can access

Anyone admin can open Pulse. Manage in Admin Settings → Roles.

Limitations

• Data refreshes approximately every 15 minutes to 1 day. Pulse is not perfectly real-time yet.
• CSV exports are capped at 100,000 rows.
• The Total Members chart shows current members by their join date. It does not include members who have since left.

Pulse is available to Plus plan Heylo subscriptions or higher. To upgrade, visit Admin Settings → Subscription.

PRO 🚀 Waiver collection requires a Heylo Pro subscription. Learn more here.

Streamline liability management by collecting, storing, and tracking every member’s compliance.

Waivers, or liability releases, can provide members with context on the group’s activities and risks associated with them. Furthermore, when legally sound, they can help serve as a release of liability for the leaders of the group.

Upload your waiver once, and Heylo automatically prompts members to sign during onboarding or event registration—access is blocked until the waiver is accepted. Each signature is time‑stamped, logged in the member’s profile, visible to all admins through Member Insights, and exportable with your other membership data. This creates an auditable record that cuts paperwork, reduces risk, and keeps your group compliant with confidence.

By uploading the waiver language to Heylo, members must sign the waiver in order to participate in the group’s activities by digitally confirming with a check mark: “I have read, understand, and agree to…” on the waiver. If the member does not sign, they are not allowed to join the group. Members only need to sign the waiver once, not for every single event.

Launch waiver signatures

To launch your waiver:

1. Head to the admin settings under the group tab and select “Waiver Collection”
2. Copy and paste your waiver language into the text section on Heylo. Note, rich text is not supported
3. Save and select who should sign. The selected recipients must sign the waiver in order to continue to participate in the group. Note, a waiver IS NOT required to request to join a group

Update waiver

Admins can add new text to the form and select save. Admins can select who should sign the new waiver - all members or just new members.

View waiver status

An admin can view waiver status anytime:

1. Member insights
2. During event attendance, admins can see who has not yet signed a waiver
3. Member CSV export

When a waiver is signed, a timestamp and version of the document are marked in Heylo’s databases and recoverable if ever required by either party. To recover a signed waiver document, contact the Heylo team.

Pro subscription cancellation and reinstatement

If Pro is canceled and a new member joins, they will not be required to sign the waiver. If Pro is reinstated, the new member will be required to sign the waiver after Pro reinstatement. This is because they joined during a period when waiver features were unavailable and never completed the signing process. Existing signatures: Member waiver signatures are preserved during subscription changes and only require re-signing when waiver document versions are updated.

Best practices

Group leaders should give members adequate time to read and accept the waiver. While seemingly complex, waivers can help members understand the potential risks associated with joining the group and attending events. Heylo handles the friction by collecting waiver confirmation and providing sufficient time for members to read and accept the terms of the group before joining.

Group admins on Heylo can access insights into their members. From the profile of the member, admins can select the three-dot more menu, and then “member insights”.

There, admins can see analytics about members on a granular level including:

• Date joined
• Waiver sign date
• Total events hosted and attended
• Total payments collected
• Membership plan, if set
• Private info

Ultimately Heylo is a comprehensive space for admins to control and lead the groups according to their own culture and values.

Heylo provides reporting on both individual members and consolidated views. Plus, admins can export member info from their group at any time.

Pulse analytics

An admin can view key performance of the group in Pulse.

Individual members

An admin can view a member's individual history with the group including waiver and payments. Visit any members profile to see member insights and individual member reporting.

Event export

An admin or host can export event attendee information from an individual event.

Member roster export

Admins can export their member info into a CSV file from Heylo, anytime. The CSV file can be opened in Google Sheets, Microsoft Excel, or any other spreadsheet software.

When selecting the export option, admins will receive an email with all member’s info. The info includes:

• Member name
• Join date
• Profile details
• Icebreaker responses
• Email
• Waiver signature date
• Event attendance
• Private info
• Last active date, or the last time they visited your group

Note, member passwords and payment information are encrypted and not available for export

Payments export

Paid groups get a special payments dashboard at the top of their admin settings. Any admin in the group can view the dashboard. The dashboard is updated in real-time.

The dashboard contains two views: first, a chronological feed of member payment status including new members, canceled members, and members past due. Second, a list of payment history.

The dashboard can be sorted across various comparison times by selecting the date on the top left.

Payment details can be exported into a CSV file from the group admin settings as well. Payment exports include all payments, fees, and payment sources by payment, all time.

Custom export

If an admin needs a custom report, get in touch with the Heylo team, and we’ll see if we can help!

Heylo serves as the place for your members to access the info they need to belong to your group and communicate with other members. However, Heylo doesn’t do everything! Where there are missing gaps, we strive to integrate Heylo with other software platforms to keep groups operating as seamlessly as possible.

Mailchimp

What You Need

• Mailchimp API Key – Generate or copy it from Account → Extras → API Keys in Mailchimp. Paste the full key URL in Heylo; no other Mailchimp configuration is necessary.

Tip: A single Mailchimp key can serve multiple Heylo groups if they share the same Mailchimp audience.

How it works

Every day, Heylo will collect new and past members and add them to your Mailchimp audience. They will receive a tag called, "Heylo Member". Heylo checks to make sure there isn't an existing member; if there is, they get the tag added.

When a member leaves the group, or their membership expires for a paid membership dues required group, they remain in your audience but with the Heylo Alum tag. If they rejoin the group, the Heylo Member tag is re-added.

Important: If a contact has been unsubscribed, bounced, or archived inside Mailchimp, Heylo cannot change that status via the API. Should that person return to the group, an admin (or the member themselves via a signup form) must first set their Mailchimp status back to subscribed; the nightly sync will then apply the correct Heylo tag automatically.

Enabling Syncing in Heylo

1. As admin, open Heylo Group Settings.

2. Choose Mailchimp under Integrations

3. Paste the Mailchimp API‑key link and click Connect.

4. Select the Mailchimp Audience you want linked to this group and save.

That’s it—syncing is now active.

Integrations include:

• Google and search engines. Groups and events can be listed on Google and search engines. Admins can make their group discoverable in their admin settings, and their group profile indexed on web and available for search on Google and search engines. It is optimized for search engine discovery to enable easy discoverability. Event pages can be indexed as well. As always, group and event pages can be controlled and disabled by a group admin.
• Google and Apple calendar. When a host creates an event, or a member signs up for an event, they can add the event details directly to their personal calendar (mobile app only). However, they must check Heylo for any changes in the event status.
• Google Maps. An event host can integrate a specific location for their event for easy navigation. Members can tap the navigation button, and the location automatically opens to Google Maps.
• Mailchimp. Admins can automatically pass a member's name, email, and associated tag to an existing Mailchimp account. To set up Mailchimp integration, admins need their Mailchimp API key.
• Instagram. Events on Heylo can be published to Instagram stories with one tap. Heylo will automatically generate an event promo card, and hosts and members can seamlessly share.
• Shopify. Admins can automatically pass member emails from Heylo to a Shopify store to verify discount codes (see stores for more info).

Groups on Heylo are private by default, or “closed.” When getting started, admins can select from a range of privacy controls for their group, including:

• Public. The group is visible on Heylo and search engines, and anyone can join the group without admin approval.
• Closed. The group is visible on Heylo and search engines, and new members can request to join. However, admins must approve all new members.
• Invite-only. The group is not visible to others on Heylo, and only existing admins and members can invite new members to the group.

Learn more about all the variations of visibility and control in Permissions.

Beyond group controls, groups on Heylo also own their own data. The admins are the responsible stewards of that data. Admins can export the group’s data and take the group to another platform anytime, without penalty. Learn more about data privacy under Heylo's privacy policy.

Everyone has access to reporting tools to flag inappropriate behavior on Heylo. Inappropriate behavior can include unwanted messages, unacceptable actions, or inappropriate photos.

There are two ways to report a member:

1. Navigate to a member’s profile, select the three-dot menu and then select “report”. Reports from profiles are best for issues with that specific person.

2. Open the chat details, and select “report”. Reports from group chats or private direct messages are best for issues with that specific conversation.

When a report is submitted, the Heylo team first reviews the behavior. Anyone sending spam is removed entirely from the Heylo platform. Other issues are escalated to the specific group leaders. Only with permission from the reporter, details of the case are shared with the leaders of the group, and the leaders are encouraged to help resolve the issue with the support of the Heylo team.

On Heylo, members have control over who can send them direct messages. Any member can block another member.

Blocked members

• Any existing direct message conversation is deleted when blocked, and no new direct message conversation can be initiated.
• Blocks do not apply to group activities. For example, members can still see messages and event attendance in the group.
• Blocked members cannot direct messages.
• No notifications are sent to the person who was blocked.
• For further unwanted or inappropriate activity, consider selecting Report.

How to block and unblock

• To block a member, navigate to their profile and select “Block”
• To unblock a member, navigate to their profile and press the three-dot menu to select “Unblock”

PRO 🚀 API requires a Business subscription. Learn more.

Getting started

Rate Limits

Each API key is limited to 5 requests per second across all endpoints combined. Requests over the limit return HTTP 429 with a Retry-After header. All responses also include X-RateLimit-Limit and X-RateLimit-Remaining headers so you can pace yourself.

Credentials

The Heylo team will issue you with an API key for your group or organization (if on the Organization plan). Replace HEYLO_API_KEY below with your API key. If you need to rotate or delete an API key, please contact the Heylo team.

Endpoints

All endpoints accept POST requests with a JSON body. The specific operation is selected via the type field in the request body.

• https://api.heylo.com/apiv1-fetch
• https://api.heylo.com/apiv1-remove
• https://api.heylo.com/apiv1-update

Example Usage

Fetching events for a group:

curl -X POST \\
-H "Authorization: Bearer HEYLO_API_KEY" \\
-H "Content-Type: application/json" \\
<https://api.heylo.com/apiv1-fetch> \\
-d '{
  "communityId": "HEYLO_GROUP_ID",
  "type": "communityEvents"
}'

Removing a member from a group:

curl -X POST \\
-H "Authorization: Bearer HEYLO_API_KEY" \\
-H "Content-Type: application/json" \\
<https://api.heylo.com/apiv1-remove> \\
-d '{
  "communityId": "HEYLO_GROUP_ID",
  "type": "member",
  "userId": "abc..."
}'

Operations

Community Events

Fetch

Returns events for a group, ordered by start time. Supports pagination via lastEventId.

Endpoint: POST <https://api.heylo.com/apiv1-fetch>

Parameters

• type: "communityEvents"
• communityId: the Heylo group ID
• batchSize (optional): max events to return — default 50, max 100
• endTimestamp (optional): unix timestamp in ms — only return events starting before this
• lastEventId (optional): pass the last event ID from the previous response to fetch the next page
• startTimestamp (optional): unix timestamp in ms — only return events starting after this

Response: { "events": [...] }

Event Attendance

Fetch

Returns attendance records for a single event.

Endpoint: POST <https://api.heylo.com/apiv1-fetch>

Parameters

• type: "eventAttendance"
• communityId: the Heylo group ID that owns the event
• eventId: the event ID

Response: { "attendance": [...] }

Members

Remove

Removes a member from a group. Also cancels any pending invites previously created for the same [userId, communityId] pair.

Endpoint: POST <https://api.heylo.com/apiv1-remove>

Parameters

• type: "member"
• communityId: the Heylo group ID from which to remove the member
• userId: the stable ID of the user in your system

Roles

Community Roles

Fetch

Returns all roles defined for a group.

Endpoint: POST <https://api.heylo.com/apiv1-fetch>

Parameters

• type: "communityRoles"
• communityId: the Heylo group ID

Response: { "roles": [...] }

Role Members

Fetch

Returns the user IDs of members assigned to a specific role.

Endpoint: POST <https://api.heylo.com/apiv1-fetch>

Parameters

• type: "roleMembers"
• communityId: the Heylo group ID
• roleId: the role ID

Response: { "memberUserIds": [...] }

Update

Add and/or remove members from a role in a single request. User IDs that aren't active or hidden members of the community are silently dropped from the update.

Endpoint: POST <https://api.heylo.com/apiv1-update>

Parameters

• type: "roleMembers"
• communityId: the Heylo group ID
• roleId: the role ID
• addedUserIds (optional): array of user IDs to add to the role — max 100 per request
• removedUserIds (optional): array of user IDs to remove from the role — max 100 per request

At least one of addedUserIds or removedUserIds must be non-empty.

Response: { "addedUserIds": [...], "removedUserIds": [...] } — the user IDs actually applied after filtering

Admins can remove any member from the group.

When a member is removed, they cannot contribute to group group chats or event chats, nor can they sign up for new events or view members, stores, or pages in the group. They are also no longer visible in the member list to members and cannot initialize direct messaging or private chats with other members. Removed members are not included in member counts. However, admins can still see and direct message removed members under “past members” at the bottom of the members tab.

How to remove a member

1. Go to the Members tab in your group
2. Tap on the member you'd like to remove to open their profile
3. Tap the three-dot menu (⋯) on their profile
4. Select Manage member
5. Scroll down and tap Remove member
6. Confirm the removal in the dialog

Removed member’s history is not altered, however. The following are not deleted:

• Messages in group chats and event chats
• Attendance data

Anyone can leave a group anytime. No one is notified when you leave.

To leave a group

1. Navigate to your account by pressing the photo on the top right
2. Scroll to the group and press the gear icon
3. Select "Leave"

Members can rejoin the group at any time and the profile will remain intact. However, joined group chats and event sign-ups will reset.

Members can continue to use any existing private communications on Heylo.

A group is automatically deleted when there are no members in the group. An admin can remove members, and then leave the group themselves.

If there are many members, admins can get in touch with the Heylo Team to assist with group deletion.

In order for groups to build community, they must be safe. On Heylo, we strive to help groups have a safe space to organize and connect with each other.

Data storage and security

With exception to payments, data inputted into Heylo is stored securely using Google Cloud.

All Heylo team members do not have access to all messages or information shared; a handful may retain access to handle disputes or serve legal requests. Learn more details in Heylo the privacy policy.

Messages are not encrypted. They are stored in a secure database and are not associated with the name of any specific person.

Payments security

Heylo partners with Stripe to process member payment information. Payment information is encrypted and stored securely by Stripe. Heylo and group admins do not have access to the payment information but can charge the card according to the terms of the group. Learn more about Stripe Security here.