Safety, security, privacy, and admin controls

On Heylo, all groups have one default role, Admin.

Admins have ultimate control over the group. They can 

There are no limits on the number of admins in a group.

Admins have ultimate control over a Heylo group. They are responsible for managing all aspects of the group, fron members, group chats, events, and benefits, as well as member payments. They can also grant additional roles in the group. Every group starts with a default Admin role and the person who created the group starts as an admin by default.

What Can Admins Do?

Admins have comprehensive capabilities across all group functions. 

How many admins can a group have?

There are no limits on the number of admins in a group. You can have as many admins as needed to effectively manage your community.

Can admins remove other admins?

Yes, admins have the ability to remove other admins from their admin role. This is part of the comprehensive control admins have over group management. However, use this capability carefully as it affects group governance.

Can the original group creator be removed as admin?

Yes, even the original group creator can have their admin privileges removed by another admin. All admins have equal authority within the system.

How do I add a new admin?

1. Navigate to your group's Members section

2. Find the member you want to make an admin

3. Click on their profile or the menu options

4. Select "Grant Admin Role" or similar option

5. Confirm the action

Or, navigate to the admin role, and copy the invite link. Anyone with the link will join the group as an admin.

What happens when an admin leaves the group?

When an admin leaves or is removed from the group, they automatically lose their admin privileges. Make sure you always have at least one active admin to maintain group management capabilities.

Best Practices for Admin Teams

Share Responsibilities

• Distribute admin duties among multiple trusted members

• Create clear areas of responsibility (e.g., one admin for events, another for membership)

• Regular communication between admins ensures smooth group operation

Security Considerations

• Only grant admin privileges to highly trusted members

• Regularly review who has admin access

• Remove admin privileges promptly when someone steps down from leadership

Succession Planning

• Always maintain multiple admins to ensure continuity

• Document group procedures and policies

• Train new admins before they need to take full responsibility

Permissions

We strive to keep Heylo a safe and secure place for groups. Admins have the ultimate control over their group. These permissions help maintain order, privacy, and the overall functioning of the group.

To edit group permissions, navigate to admin settings from the group tab, and then select "Permissions."

Permissions can be granted to all members, admins only, or specific Roles.

Permission controls for onboarding new members

Admins control who joins their group and how their group appears on Heylo.

• Discoverability. Heylo can help promote your group by making it discoverable. Discoverable groups appear in Heylo Discover and on the profiles of members. When they join other groups on Heylo, all the members in those groups can see the discoverable group. Furthermore, Heylo helps discoverable groups by indexing group profiles and surfacing them on the web and search engines, like Google and Bing.
• New member approval. When set to manual, admins must approve all new members before they join the group on Heylo. This setting is agnostic of discoverability. Instead of seeing a “join” button on a group profile, new prospective members can “request to join”. The request sends a push notification to admins, and the prospective member is listed at the top of the members screen. Admins can either accept or reject the member. If accepted, the member gets automatically added to the group, notified, and presented with an invitation on Heylo. If rejected, the pending request disappears, and no one is notified. An admin can always initiate a direct message with a prospective member as well if any additional information is needed.
• Invitations. Admins can restrict who can send invitations to the group. When restricted to admins, members must communicate directly with admins via in-person or chat to request new members to be invited to the group.

Permission controls for members

Group permissions on Heylo also determine the level of access and actions that members can perform within a group.

• Group chats. New members can create new group chats from the chats screen
• Links. New members can create new group chats from the group screen
• Events. New members can create new group chats from the events screen
• Event check-in counts. Admins can control who can see total check-in counts on other members’ profiles.

It's critical for admins to carefully consider and configure group permissions to strike a balance between collaboration and privacy. By setting appropriate permissions, admins can create a safe and productive environment for group members to interact and engage according to the group’s culture and values.

PRO 🚀 Waiver collection requires a Heylo Pro subscription. Learn more here.

Streamline liability management by collecting, storing, and tracking every member’s compliance.

Waivers, or liability releases, can provide members with context on the group’s activities and risks associated with them. Furthermore, when legally sound, they can help serve as a release of liability for the leaders of the group.

Upload your waiver once, and Heylo automatically prompts members to sign during onboarding or event registration—access is blocked until the waiver is accepted. Each signature is time‑stamped, logged in the member’s profile, visible to all admins through Member Insights, and exportable with your other membership data. This creates an auditable record that cuts paperwork, reduces risk, and keeps your group compliant with confidence.

By uploading the waiver language to Heylo, members must sign the waiver in order to participate in the group’s activities by digitally confirming with a check mark: “I have read, understand, and agree to…” on the waiver. If the member does not sign, they are not allowed to join the group. Members only need to sign the waiver once, not for every single event.

Launch waiver signatures

To launch your waiver:

1. Head to the admin settings under the group tab and select “Waiver Collection”
2. Copy and paste your waiver language into the text section on Heylo. Note, rich text is not supported
3. Save and select who should sign. The selected recipients must sign the waiver in order to continue to participate in the group. Note, a waiver IS NOT required to request to join a group

Update waiver

Admins can add new text to the form and select save. Admins can select who should sign the new waiver - all members or just new members.

View waiver status

An admin can view waiver status anytime:

1. Member insights
2. During event attendance, admins can see who has not yet signed a waiver
3. Member CSV export

When a waiver is signed, a timestamp and version of the document are marked in Heylo’s databases and recoverable if ever required by either party. To recover a signed waiver document, contact the Heylo team.

Pro subscription cancellation and reinstatement

If Pro is canceled and a new member joins, they will not be required to sign the waiver. If Pro is reinstated, the new member will be required to sign the waiver after Pro reinstatement. This is because they joined during a period when waiver features were unavailable and never completed the signing process. Existing signatures: Member waiver signatures are preserved during subscription changes and only require re-signing when waiver document versions are updated.

Best practices

Group leaders should give members adequate time to read and accept the waiver. While seemingly complex, waivers can help members understand the potential risks associated with joining the group and attending events. Heylo handles the friction by collecting waiver confirmation and providing sufficient time for members to read and accept the terms of the group before joining.

Group admins on Heylo can access insights into their members. From the profile of the member, admins can select the three-dot more menu, and then “member insights”.

There, admins can see analytics about members on a granular level including:

• Date joined
• Waiver sign date
• Total events hosted and attended
• Total payments collected
• Membership plan, if set
• Private info

Ultimately Heylo is a comprehensive space for admins to control and lead the groups according to their own culture and values.

Heylo provides reporting on both individual members and consolidated views visible only to admins. Plus, admins can export member info from their group at anytime.

Payments

Once there is a bank account linked to the group, admins can see a dashboard of paid members and member payments. The dashboard is automatically maintained and kept up to date real-time. Admins can control the data range of the dashboard by pressing the top date range. To learn more, see payments reporting.

Individual members

An admin can view a member's individual history with the group including waiver and payments. Visit any members profile to see member insights and individual member reporting.

Event export

An admin or host can export event attendee information from an individual event.

Member roster export

Admins can export their member info into a CSV file from Heylo, anytime. The CSV file can be opened in Google Sheets, Microsoft Excel, or any other spreadsheet software.

When selecting the export option, admins will receive an email with all member’s info. The info includes:

• Member name
• Join date
• Profile details
• Icebreaker responses
• Email
• Waiver signature date
• Event attendance
• Private info
• Last active date, or the last time they visited your group

Note, member passwords and payment information are encrypted and not available for export

Payments export

Paid groups get a special payments dashboard at the top of their admin settings. Any admin in the group can view the dashboard. The dashboard is updated in real-time.

The dashboard contains two views: first, a chronological feed of member payment status including new members, canceled members, and members past due. Second, a list of payment history.

The dashboard can be sorted across various comparison times by selecting the date on the top left.

Payment details can be exported into a CSV file from the group admin settings as well. Payment exports include all payments, fees, and payment sources by payment, all time.

Custom export

If an admin needs a custom report, get in touch with the Heylo team, and we’ll see if we can help!

Heylo serves as the place for your members to access the info they need to belong to your group and communicate with other members. However, Heylo doesn’t do everything! Where there are missing gaps, we strive to integrate Heylo with other software platforms to keep groups operating as seamlessly as possible.

Mailchimp

What You Need

• Mailchimp API Key – Generate or copy it from Account → Extras → API Keys in Mailchimp. Paste the full key URL in Heylo; no other Mailchimp configuration is necessary.

Tip: A single Mailchimp key can serve multiple Heylo groups if they share the same Mailchimp audience.

How it works

Every day, Heylo will collect new and past members and add them to your Mailchimp audience. They will receive a tag called, "Heylo Member". Heylo checks to make sure there isn't an existing member; if there is, they get the tag added.

When a member leaves the group, or their membership expires for a paid membership dues required group, they remain in your audience but with the Heylo Alum tag. If they rejoin the group, the Heylo Member tag is re-added.

Important: If a contact has been unsubscribed, bounced, or archived inside Mailchimp, Heylo cannot change that status via the API. Should that person return to the group, an admin (or the member themselves via a signup form) must first set their Mailchimp status back to subscribed; the nightly sync will then apply the correct Heylo tag automatically.

Enabling Syncing in Heylo

1. As admin, open Heylo Group Settings.

2. Choose Mailchimp under Integrations

3. Paste the Mailchimp API‑key link and click Connect.

4. Select the Mailchimp Audience you want linked to this group and save.

That’s it—syncing is now active.

Integrations include:

• Google and search engines. Groups and events can be listed on Google and search engines. Admins can make their group discoverable in their admin settings, and their group profile indexed on web and available for search on Google and search engines. It is optimized for search engine discovery to enable easy discoverability. Event pages can be indexed as well. As always, group and event pages can be controlled and disabled by a group admin.
• Google and Apple calendar. When a host creates an event, or a member signs up for an event, they can add the event details directly to their personal calendar (mobile app only). However, they must check Heylo for any changes in the event status.
• Google Maps. An event host can integrate a specific location for their event for easy navigation. Members can tap the navigation button, and the location automatically opens to Google Maps.
• Mailchimp. Admins can automatically pass a member's name, email, and associated tag to an existing Mailchimp account. To set up Mailchimp integration, admins need their Mailchimp API key.
• Instagram. Events on Heylo can be published to Instagram stories with one tap. Heylo will automatically generate an event promo card, and hosts and members can seamlessly share.
• Shopify. Admins can automatically pass member emails from Heylo to a Shopify store to verify discount codes (see stores for more info).

Groups on Heylo are private by default, or “closed.” When getting started, admins can select from a range of privacy controls for their group, including:

• Public. The group is visible on Heylo and search engines, and anyone can join the group without admin approval.
• Closed. The group is visible on Heylo and search engines, and new members can request to join. However, admins must approve all new members.
• Invite-only. The group is not visible to others on Heylo, and only existing admins and members can invite new members to the group.

Learn more about all the variations of visibility and control in Permissions.

Beyond group controls, groups on Heylo also own their own data. The admins are the responsible stewards of that data. Admins can export the group’s data and take the group to another platform anytime, without penalty. Learn more about data privacy under Heylo's privacy policy.

Everyone has access to reporting tools to flag inappropriate behavior on Heylo. Inappropriate behavior can include unwanted messages, unacceptable actions, or inappropriate photos.

There are two ways to report a member:

1. Navigate to a member’s profile, select the three-dot menu and then select “report”. Reports from profiles are best for issues with that specific person.

2. Open the chat details, and select “report”. Reports from group chats or private direct messages are best for issues with that specific conversation.

When a report is submitted, the Heylo team first reviews the behavior. Anyone sending spam is removed entirely from the Heylo platform. Other issues are escalated to the specific group leaders. Only with permission from the reporter, details of the case are shared with the leaders of the group, and the leaders are encouraged to help resolve the issue with the support of the Heylo team.

On Heylo, members have control over who can send them direct messages. Any member can block another member.

Blocked members

• Any existing direct message conversation is deleted when blocked, and no new direct message conversation can be initiated.
• Blocks do not apply to group activities. For example, members can still see messages and event attendance in the group.
• Blocked members cannot direct messages.
• No notifications are sent to the person who was blocked.
• For further unwanted or inappropriate activity, consider selecting Report.

How to block and unblock

• To block a member, navigate to their profile and select “Block”
• To unblock a member, navigate to their profile and press the three-dot menu to select “Unblock”

PRO 🚀 API requires a Business subscription. Learn more.

This guide explains how to automate adding and removing members in Heylo via our REST‑only API.

TL;DR – It’s two HTTPS endpoints, both POST, authenticated with a single bearer token. You create invites or remove members with simple JSON payloads. No sessions, no WebSockets, no surprises.

1. Prerequisites

2. Authentication

Every request must include the bearer token header:

Authorization: Bearer HEYLO_API_KEY
Content‑Type: application/json

Need to rotate? Contact us or email support@heylo.com and we’ll issue a new one.

3. Rate limits

• Soft limit: up to 5 concurrent requests per organization.

• Best practice: Send one request at a time, wait for the 2xx response, then send the next.

• No hard per‑minute cap (yet). We’ll introduce structured 429s once the surface expands.

4. Endpoints

Coming soon: Update and fetch endpoints so you can edit member data or retrieve roster snapshots.

5. Request format

5.1 Create Invite

{
  "communityId": "abc123",             // required – Heylo group ID
  "member": {
    "userId": "user‑42",               // stable ID in *your* system
    "firstName": "Ada",
    "lastName": "Lovelace",
    "email": "ada@example.com",
    "phoneNumber": "+1‑555‑867‑5309",
    "birthDate": "1815‑12‑10",
    "gender": "female",               // male | female | non-binary | decline
    "memberSinceMonth": "May",
    "memberSinceYear": "2024",
    "emergencyContactName": "Charles Babbage",
    "emergencyContactPhoneNumber": "+1‑555‑123‑4567",
    "emergencyContactRelationship": "Friend"
  },
  "replyToEmail": "manager@example.com", // optional – override default reply‑to
  "suppressEmails": false,                // true = skip Heylo invite/reminder emails
  "type": "invite"                       // *always* "invite" for this endpoint
}

Example cURL

curl -X POST \
  https://us-central1-piccup-82257.cloudfunctions.net/apiv1-create \
  -H "Authorization: Bearer HEYLO_API_KEY" \
  -H "Content-Type: application/json" \
  -d @invite.json

5.2 Remove Member

{
  "communityId": "abc123",  // Heylo group ID
  "userId": "user‑42",      // same stable ID you used to create the invite
  "type": "member"          // *always* "member" for this endpoint
}

Removing a member automatically cancels any pending invites for the same [userId, communityId] pair.

Example cURL

curl -X POST \
  https://us-central1-piccup-82257.cloudfunctions.net/apiv1-remove \
  -H "Authorization: Bearer HEYLO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"communityId":"abc123","userId":"user-42","type":"member"}'

Need help? No problem! Contact the Heylo team or email us at support@heylo.com.

Admins can remove any member from the group.

When a member is removed, they cannot contribute to group group chats or event chats, nor can they sign up for new events or view members, stores, or pages in the group. They are also no longer visible in the member list to members and cannot initialize direct messaging or private chats with other members. Removed members are not included in member counts. However, admins can still see and direct message removed members under “past members” at the bottom of the members tab.

Removed member’s history is not altered, however. The following are not deleted:

• Messages in group chats and event chats
• Attendance data

Anyone can leave a group anytime. No one is notified when you leave.

To leave a group

1. Navigate to your account by pressing the photo on the top right
2. Scroll to the group and press the gear icon
3. Select "Leave"

Members can rejoin the group at any time and the profile will remain intact. However, joined group chats and event sign-ups will reset.

Members can continue to use any existing private communications on Heylo.

A group is automatically deleted when there are no members in the group. An admin can remove members, and then leave the group themselves.

If there are many members, admins can get in touch with the Heylo Team to assist with group deletion.

In order for groups to build community, they must be safe. On Heylo, we strive to help groups have a safe space to organize and connect with each other.

Data storage and security

With exception to payments, data inputted into Heylo is stored securely using Google Cloud.

All Heylo team members do not have access to all messages or information shared; a handful may retain access to handle disputes or serve legal requests. Learn more details in Heylo the privacy policy.

Messages are not encrypted. They are stored in a secure database and are not associated with the name of any specific person.

Payments security

Heylo partners with Stripe to process member payment information. Payment information is encrypted and stored securely by Stripe. Heylo and group admins do not have access to the payment information but can charge the card according to the terms of the group. Learn more about Stripe Security here.