Data protection is close to our heart
We are fans of the GDPR, data protection is close to our hearts. That's why we have done everything in our power to implement the protection of personal data exactly as prescribed. As a SaaS provider, we strictly separate our marketing site heylogin.com from our product heylogin.app.
In short, this means that personal data is processed in the web app and is only available to the respective users in encrypted form. On the marketing side, we do not use tracking cookies, so we do not automatically collect data to uniquely identify you. If we ask for personal data, then only explicitly after the user's consent.
Your data stays in the EU
Our software is a trust and security product, which is why we refrain from collecting marketing data in our product. In addition, as a German company, we commit to storing all personal data that we (have to) collect for operational purposes exclusively in the EU. When purchasing via self-service in the app, this also includes the UK. By the way, we don't just say this, it is laid down in our order processing contract and can be read at any time. We are also transparent with our sub-processors, the list of which can be viewed here at any time.
We have also stipulated that the inclusion of providers outside the European Economic Area requires explicit consent from the customer (§7 in our GCU). This means that we cannot simply introduce additional sub-processors "through the back door". To protect these conditions and guarantee implementation, we have established numerous technical and organisational measures. All these measures have been additionally audited by activeMind AG.
No marketing trackers? Not a matter of course.
No marketing trackers? It was already clear to us in the early development phase of heylogin: marketing trackers have no place in our software. That's why we don't use any commercial tracking in our apps. You can check this at any time in heylogin's Exodus Report: We are proud to be one of the exceptions on the password manager market, along with 1Password and a few others, that do not use tracking. However, in order to be able to record errors automatically and eliminate them, we use a self-hosted error reporting system. No data is transferred to third-party providers.
Minimum data - maximum protection
In addition to all previous measures, we also adhere to the data minimisation requirements of the GDPR. In the case of heylogin.app, this means that we only collect the data that we really need, i.e. the user's email and the organisation name. For troubleshooting purposes, we also see communication data between the smartphone, server and browser extension, but not the content of the communication. All other data stored in heylogin is end-to-end encrypted and only accessible by the respective user, but not by us.
Our biscuit tin remains empty
Have you noticed? Our website heylogin.com does not have a cookie banner, because this is only necessary if personal data is automatically collected via tracking cookies. We do not use tracking cookies, but only aggregated usage data for our marketing. For this, we rely on Plausible, as it allows appropriate settings for adequate data protection compliance. You can read more about this here.
If we do process personal data, we will ask for your explicit consent at that moment. For example, when using the chat or booking a video call.