Your logins are end-to-end encrypted

Stored with the utmost care

What makes our vault so special?

End-to-End Encryption
The operator and data center cannot decrypt the ‘vault’ and thus cannot access logins.
GDPR compliant
We do not collect unnecessary data about you (data minimization).
Made in Germany
No Amazon or Google Cloud. Company and infrastructure in Germany.
ISO 27001-certified information security management system of the data center
Why phone confirmation is secure

Phone instead of a master password

Secure chip in your phone
heylogin uses XSalsa20+Poly1305 and Curve25519, secure state of the art encryption algorithms.
Two-Factor AuthenticationSmartphone & fingerprint or PIN
Secure browser logins

Replacing insecure password logins

Always protected
Your logins are secured and encrypted all the way to the website.
Single Sign-On experience
heylogin implements a Single Sign-On experience that works with all websites, without integration costs.
Login everywhere securely
The data exchange between your browser and your phone is secured by a key exchange protocol.
Protection against phishing
heylogin always shows you whether you log into a trusted website.
Founder Dr. Dominik Schürmann
Dr. Dominik Schürmann
Founder, heylogin
Security Whitepaper


Security Whitepaper

We are working closely with security researchers and take reports of security vulnerabilities seriously. You can submit security vulnerabilities via If your email includes sensitive information, please use the OpenPGP key 327E E095 BDC1 BD81 631C 8D82 2949 0F2D 481F 4E59. More details are available in our security whitepaper.

Thank you! Your submission has been received!
An error occurred while sending the data. Try again.