A funding OS you can put
in front of procurement.
Heeyuu was built by Europeans, for European public-funding teams. That shapes every infrastructure choice we make — from where the data lives to which models we route to.
Where your data lives
All customer data — accounts, projects, drafts, vaults, prompts — is stored in EU-region Postgres, encrypted at rest. Row-Level Security is enforced on every table; a workspace cannot read another workspace's data even through a misconfigured query.
Which models we use
Mistral is the primary model for drafting and assessment. Gemini and GPT-class models are used only for non-customer reasoning (call interpretation, public-corpus tasks) under EU data-processing terms. Routing per surface is disclosed on request. No model provider trains on Heeyuu customer prompts.
GDPR & DPA
Heeyuu acts as a processor under Art. 28 GDPR for all customer-submitted content. A Data Processing Addendum is available on request before any paid plan starts. Sub-processor list and retention windows are shared during procurement review.
Authentication & access
Email + password and Google OAuth, with rotated sessions and a branded password-reset flow. Workspaces are RLS-scoped; invites are token-based and expirable. Enterprise SSO (SAML/OIDC) is on the roadmap and available on request for procurement reviews.
Audit & observability
Every AI call is logged with token counts and quota state. Every transactional email send is deduplicated and recorded. Agent runs are queryable per workspace. Admin actions are auditable.
What we don't do
We don't train on your prompts. We don't sell your data. We don't move customer data outside the EU. We don't ship a Cookie wall that hides behind dark patterns — see the cookies page.