By the team behind ISMS Copilot.
heygrc is a standalone product, built by the same team as ISMS Copilot, the AI compliance assistant. ISMS Copilot helps compliance teams answer hard questions across frameworks; heygrc takes that same framework knowledge and moves it left, into the pull request, where engineers work.
Same frameworks, a different surface.
ISMS Copilot is a compliance-consultant product: a chat assistant that compliance teams use to reason about controls, policies, and audits across 76 frameworks. heygrc is built for a different audience and a different moment, engineers and security engineers, at the pull request, and it draws on the same underlying framework knowledge so a finding in a diff is grounded in the same control library that powers the assistant.
That shared foundation is the reason heygrc can cite a specific clause on a code change rather than a vague posture note. The expertise is not new; it is the same one, pointed at code review.
Security and legal live in one place.
heygrc does not maintain a separate trust or legal stack. The binding documents (Terms, Privacy, DPA) and the security evidence that govern heygrc live at the shared ISMS Copilot trust center, kept in one place. One coherent story, not two thin ones.
Early access, and honest about it.
heygrc is in early access: the GitHub App is being onboarded to teams, not generally available yet. Neither heygrc nor ISMS Copilot holds a SOC 2 or ISO 27001 certification of its own today; what we share is the framework knowledge and the trust center, and we would rather say that plainly than imply a badge we have not earned. When the product reviews your pull requests, it does so as a reviewer that cites the control, not as a certificate.