Your logins are end-to-end encrypted
Stored with the utmost care
What makes our vault so special?
The operator and data center cannot decrypt the ‘vault’ and thus cannot access logins.
We do not collect unnecessary data about you (data minimization).
No Amazon or Google Cloud. Company and infrastructure in Germany.
Why phone confirmation is secure
Phone instead of a master password
heylogin uses XSalsa20+Poly1305 and Curve25519, secure state of the art encryption algorithms.
Secure browser logins
Replacing insecure password logins
Your logins are secured and encrypted all the way to the website.
heylogin implements a Single Sign-On experience that works with all websites, without integration costs.
The data exchange between your browser and your phone is secured by a key exchange protocol.
heylogin always shows you whether you log into a trusted website.
We are working closely with security researchers and take reports of security vulnerabilities seriously. You can submit security vulnerabilities via firstname.lastname@example.org. If your email includes sensitive information, please use the OpenPGP key 327E E095 BDC1 BD81 631C 8D82 2949 0F2D 481F 4E59. More details are available in our security whitepaper.