Logins are encrypted in strictly separated vaults with the security chips of the respective user devices. Encrypted vaults are automatically synchronized. The heylogin cloud serves as a simple data storage and has no means of decrypting the vaults. Only when an a security chip is unlocked, a temporary key is generated and transmitted over an end-to-end encrypted channel to the respective browser. This temporary key is used by the browser extension to decrypt passwords and other sensitive data to be used for logging end-users into websites.

No, since all passwords and other sensitive data is encrypted with the security chips of the respective devices of our end-users. By design, we cannot access passwords.

We collect 1) Data stored data in heylogin (e.g. user names, URLs, passwords) which is not processed on servers, but only synchronized in an end-to-end encrypted way. 2) Device data for troubleshooting and support. For more information consult our Data Processing Agreement (DPA).

No, we have a strict privacy vision, where only European subprocessors are used.

The heylogin production environment is located in Nürnberg, the standby server in Falkenstein. Backups are stored separately in Frankfurt (all mentioned cities are located in Germany). All data centers are ISO 27001 certified

This Data Processing Agreement shall automatically enter into force on the day the main agreement is signed and shall remain in force until the main agreement is terminated.If desired, it can also be signed by both parties. A request for this can be made via our partner Yousign. After verification, we will send you a signature request. This enables the contractor (heylogin GmbH) and client (you) to digitally sign the DPA in a legally valid manner: Submit request via Yousign

The Terms of Use apply to all users of heylogin, i.e. the free private accounts, but also to employees in a company who use heylogin. The current terms of use can be found here: Terms of Use

If you have purchased heylogin through our sales team, the Terms and Conditions you received in this process apply. If no special requirements have been contractually agreed upon, the terms and conditions apply, which can be found here: Terms & Conditions - Individual Contract

Our order process via credit card or PayPal is handled by our online reseller & "Merchant of Record", Paddle.com, who also handles order-related inquiries and returns. For information about the Paddle order process and your rights as a customer, please read Paddle's Terms & Conditions and Privacy Policy: Terms & Conditions - Paddle

We aim to answer general support requests within 2 working days (Mon-Fri). Errors that affect the operation will be handled within 8 hours on working days. Critical errors, such as failures of the productive environment, are processed within 8 hours on all weekdays (Mon-Sun).

We strive for an availability of 99.9% on annual average. Through our architecture and technical measures for fail-safety, we have achieved an availability of ~99.95% on annual average in 2022, for example. Contractually, we guarantee an availability of 99% on annual average. For a contractually guaranteed higher availability, please contact our sales team.

We recommend checking out our Status Page. This will give you the ability to subscribe for updates, view uptimes, be informed of any outages, and view historical data.

The defined Recovery Time Objective (RTO) of the heylogin service is 8 hours. The measured Recovery Time Actual (RTA) is less than 2 hours. The architecture of heylogin allows us to start a replacement instance of our productive environment within a short time. If the data center used by our hosting provider is no longer available, there is a standby server that can be converted into a functioning productive environment within a restart time of no more than 30 minutes. No data loss occurs in this case.The defined Recovery Point Objective (RPO) is 60 minutes. Encrypted backups of the server-side database are automatically created every hour. The backups are stored for 90 days. This database continues to be actively replicated to the previously mentioned standby server in another data center. With this backup, we protect ourselves against a complete failure of our hosting provider. Within a recovery time of maximum 60 minutes we can start up a new productive environment at an alternative hosting provider. In this case, the heylogin client applications will synchronize login data that is still locally available with the server to reduce the probability of data loss even more.