For CIOs, IT directors & procurement
SSO. Custom domain. Audit log. DPA. Dedicated CSM.
The procurement checklist your sales team's shadow-IT card app fails on every line. EU-hosted infrastructure, SOC 2-aligned controls, contracts your legal team can sign without redlines.
Why InfoSec keeps blocking this
Three reasons every digital-card platform fails procurement.
01
Shadow IT today.
Right now, your sales team is using a consumer-grade card app from the App Store - no SSO, no audit log, no DPA, no idea where the data lives. InfoSec finds out at the worst possible moment.
02
Offboard = unbounded risk.
VP of Sales leaves Friday. Her wallet pass with the company logo and "VP, Acme" stays in 800 prospect phones until the heat death of the universe. There is no revoke button on a paper or consumer-grade card.
03
Brand walks out as 5,000 versions.
5,000 employees, 5,000 different cards, 5,000 different shades of "the brand." Your $5M rebrand is invisible because there's no enforcement layer between brand guidelines and what reps actually print.
A procurement-ready platform
Built to pass the security review on the first call.
SSO + SCIM = enforced identity. Google SSO and Microsoft SSO live today; SAML and SCIM next. Auto-provision on hire date, auto-revoke on departure date. Zero employees with active cards 90 days after they leave - by construction.
Custom domain + brand-locked template. Cards live on cards.yourcompany.com, not heydrop.app. Brand template enforced at the org level - colors, fonts, logo, layout, mandatory fields. The 5,000-employee brand audit becomes a checkbox.
Audit log + DPA + subprocessors list. Every admin action timestamped and exportable. DPA with EU SCCs at /security/dpa. Subprocessors list at /security/subprocessors. EU-hosted, encryption in transit and at rest, scoped OAuth (we hold tokens, not passwords). The artefacts your InfoSec team asks for are already published.
Enterprise capabilities
What's actually included on Enterprise plans.
The features procurement asks for and the features that actually matter once you're live.
SSO + SCIM (roadmap)
Google + Microsoft SSO live. SAML + SCIM 2.0 next. Auto-provision and auto-revoke against your IdP.
Custom domain
cards.yourcompany.com - SSL provisioned, traffic routed, brand intact end-to-end.
Exportable audit log
Every admin action timestamped. CSV export for InfoSec. Retention configurable per contract.
EU-hosted, GDPR-clean
EU residency, encryption in transit and at rest, scoped OAuth, full data-subject controls.
Dedicated CSM + QBRs
Named CSM, white-glove onboarding, quarterly business reviews, direct escalation channel.
Brand-locked at scale
Brand template enforced across 5,000+ seats. Multiple templates per group. No drift, ever.
What changes for the org
From contract signature to next year's audit.
Quarter 1
Pilot to 500 seats, brand-locked.
SSO connected, custom domain provisioned, brand template approved, pilot rolled out to one division. CSM runs onboarding sessions for admins.
Quarter 2
5,000 seats live, shadow IT killed.
Full org rollout. The five consumer-grade card apps your reps were using get retired in the IDP. One platform, one audit trail, one billing line.
Year 1
Audit closes early.
Auditor asks for the offboarding log. Export takes 30 seconds. Asks for the brand-template versioning. Available in the admin panel. The card platform is no longer a security exception waiting to happen.
100–10k
Seats per deployment
EU-hosted
Infrastructure + data residency
Custom
Domain + branding end-to-end
Named CSM
Plus quarterly business reviews
Used by enterprise teams
Procurement-ready, security-reviewed, ops-loved.
Field, sales, marketing and people teams across the UK, US and GCC putting HeyDrop into production at enterprise scale.
Sales
“Three quarters in. Our SDR team scanned 4x more booth leads than last year, and HubSpot was clean for the first time since I joined.”
Marketing
“We rolled HeyDrop out to 200+ employees in a week. Zero IT tickets and lead source attribution we can finally trust in HubSpot.”
Mobile Workforce
“في معارض GITEX، فريقنا التقط ضعف عدد العملاء المحتملين خلال نصف الوقت.”
HR & Admins
“Onboarding takes 90 seconds and saves us thousands a year on reprints.”
Platform
All-in-one networking platform
Built for IT to deploy, RevOps to measure, and every employee to use.
For your company
Web admin panel for card management, brand control and performance tracking across the org. Custom domains and dedicated CSM on Enterprise.
For your employees
QR code, Apple/Google Wallet card and mobile app to share, scan and push contacts straight to the CRM.
For your clients
Branded micro-websites that make it easy to exchange contacts and stay connected with your business.
A real procurement timeline
From security review to org-wide live.
Week 1–4
Security review: Trust Center, security questionnaire under NDA, DPA + EU SCCs reviewed by legal, subprocessors list logged. Pen-test summary on request. Most reviews close inside 4 weeks.
Week 5–8
Contract finalized. CSM kicks off rollout - SSO config, custom domain SSL provisioned, brand template + multi-template architecture approved by Marketing. Pilot division onboarded.
Week 9–16
Org-wide rollout. Five-thousand seats live in waves by division. Shadow-IT card apps decommissioned in IdP. Quarterly review scheduled. Pipeline-from-events attribution ships in HubSpot.
The artefacts InfoSec asks for
Already published.
Trust Center at /security. DPA at /security/dpa with EU SCCs. Subprocessors list at /security/subprocessors. Privacy policy, security practices, data deletion procedures all live. Security questionnaire shared under NDA on request. Open the Trust Center.
- Custom domain provisioning included on Enterprise plans.
- Multiple brand templates per division - Sales vs. Field vs. Executives.
- Audit log exportable to CSV - InfoSec gets a real artefact, not a screenshot.
Procurement-ready
Book a security review.
Custom pricing for 100+ seats. Multi-year commits and rollout services available. Pilot in parallel with paper while contracts close.
CIO & procurement FAQ
FAQ
What's the SSO and SCIM story?
Google SSO and Microsoft SSO are live in production today. Okta, Azure AD, and SAML 2.0 are on the published roadmap. SCIM 2.0 provisioning ships with the SAML release - auto-onboard the day someone starts in your IdP, auto-revoke the day they leave. Until SCIM lands, CSV-driven bulk provisioning closes the gap.
Is HeyDrop SOC 2 certified?
SOC 2 Type II is on our published security roadmap. Today we operate to SOC 2 controls (encryption in transit and at rest, scoped access, audit logging, vendor management, incident response). We can share our security questionnaire and ISO 27001-aligned controls map under NDA. See the Trust Center for what's live today vs. roadmap.
Where is data hosted and what's the data-residency story?
EU-hosted infrastructure (primary), with data-residency commitments documented in the DPA. We do not transfer personal data outside the EU/EEA without contractual safeguards. Subprocessors list published at /security/subprocessors and updated under change-control.
Can we use our own domain - cards.acme.com?
Yes. Custom domain (e.g. cards.acme.com) is included on Enterprise plans. SSL provisioned, traffic routed, brand intact end-to-end. The recipient experience is yours, not heydrop.app.
What's the audit log story for compliance reviews?
Every admin action - user added, brand template changed, user deactivated, sync connected, role granted - is timestamped and exportable. Auditors get a CSV, not a screenshot. Retention configurable per contract.
Do we get a dedicated Customer Success Manager?
Yes. Enterprise plans include a named CSM with quarterly business reviews, white-glove onboarding (rollout plan, brand template setup, training sessions for admins and end-users), and direct escalation channel for support.
What's the DPA and contracting process?
Standard DPA available at /security/dpa with EU SCCs included. Master Services Agreement available for negotiation; we accommodate enterprise legal review. Typical signature cycle: 2–4 weeks depending on your contracting team. Pilot can start in parallel with paper.
What's pricing for an enterprise rollout?
Custom - based on seat count, contracting depth, and rollout services scope. As a reference: 500 seats lands well below comparable enterprise platforms; 5,000+ seats benefits from volume pricing. Multi-year commitments unlock further discount. Talk to sales.