3 seats free. No card. Upgrade per seat as you grow.
Free forever for teams up to 3 seats.
Your newest hires learned from YouTube, not textbooks. Here's why your training is failing them.
Free download. No credit card required.
HeyLoopy runs on SOC 2 Type II-certified AWS infrastructure, following SOC 2-aligned controls. AES-256 encryption at rest. TLS for all customer-facing traffic. No customer content is ever used to train external models.
Built on SOC 2 Type II-certified AWS infrastructure, following SOC 2-aligned controls. HeyLoopy itself is not currently SOC 2 certified. Enterprise customers can request the current control narrative under NDA.
All customer data is encrypted at rest with AES-256. The primary database uses SSE-KMS with a dedicated customer-managed AWS KMS key; backups inherit the same key. Object storage uses AWS-managed SSE-S3, applied to every object. All customer-facing traffic is delivered over TLS via auto-renewing ACM certificates.
Your documents, prompts, learner responses, and analytics are never used to train external foundation models. They are used to power your team's coach and nothing else.
HeyLoopy processes the documents your team needs to remember: SOPs, policies, procedures, guidelines, training materials. It is not designed for, and should not be used to store, protected health information, financial customer records, or other sensitive personal data of your end-customers. Because procedural training content is not PHI, no Business Associate Agreement is required: clinical teams drill the bundle and the protocol while patient data stays in the EHR.
For procurement or security teams that need to vet us, we complete vendor security questionnaires (SIG Lite, CAIQ, custom) on request. We typically turn one around in 5 business days. Email support@heyloopy.com with your form.
A Data Processing Agreement with Standard Contractual Clauses is available for customers subject to GDPR. Customer data is stored in AWS us-east-1 (United States); EU/UK transfers are covered by the SCCs in our DPA.
A current list of named subprocessors is published in our privacy policy. Material security incidents are disclosed to affected customers without undue delay, and where feasible within 72 hours of detection.
HeyLoopy does not store, transmit, or process payment card numbers. Payment processing is delegated to Stripe (PCI DSS Level 1 service provider). This applies across all plans, including Enterprise.
Every vendor that touches customer data, what it does, and the region it runs in. This list is also published in our privacy policy.
Send us your form or the questions you need answered. We'll send the appropriate document under NDA and turn around a completed VSQ in about 5 business days.
How HeyLoopy is being used in the wild, what the science says, no marketing fluff.
Daily 60-second drills, built from the documents you already have. Free for teams up to three.
3 seats free · no card · first drill in five minutes