How heylogin meets compliance requirements

Thank you! Your submission has been received!
An error occurred while sending the data. Try again.

Best conditions for your company

Support & availability

We take full responsibility that heylogin works for you and your employees.

Highest server standards

Our server architecture allows us to respond to unexpected failures in the shortest possible time.

Secure encryption

Using the latest cryptography, we can guarantee your data is safe from hackers.

Modern development

We believe high quality assurance can be achieved by using modern methods of software development.

Our compliance in detail



We strive for 99.9% availability on annual average. Contractually, we guarantee 99%.


heylogin has no limits. We reserve at least 500MB of storage per organization.


Depending on the contract, 9/5 support by email and 9/5 support by phone is assured.


Server locations

The heylogin production environment is in Nürnberg, the standby server is in Falkenstein, backups are stored separately in Frankfurt. All data centers are ISO-27001 certified.


Within a restart time of max. 30 minutes the standby server can be converted to a production environment. No data loss occurs in this case.


The heylogin production environment is monitored by a monitoring system every minute. In case of failures and anomalies, notifications are sent and logged.

Incident response

There is always a staff member on standby to intervene in case of anomalies.

Software development


The architecture of heylogin is documented and available for all employees. We are working on a whitepaper which will publicly present our architecture in the future.

Error handling

Errors in heylogin components are sent to a tracking system. The message contains only necessary diagnostic data and a pseudonymized ID, but never content data.

Quality assurance

heylogin is secured by an automated test suite. This includes correctness and compatibility of code changes.


End-to-end encryption

All data is end-to-end encrypted using the smartphone hardware and thus cannot be viewed by us as the operator. The implemented cryptographic algorithms are Curve25519, XSalsa20 and Poly1305.

End-to-end authentication

All devices are authenticated 'out-of-band', either by a QR code that initiates a Diffie-Hellman key exchange, or by a hash-commitment protocol using Short Authentication Strings.

Transport encryption

TLS 1.2 and 1.3 are used and enforced with HSTS.

Backup encryption

Backups are encrypted with ChaCha20 and protected against modification with Poly1305.

Additional requirements?

Matteus, Head of Sales, heylogin GmbH