We care about your security
Stored with the utmost care
What makes our vault so special?
End-to-End Encryption
The operator and data center cannot decrypt the ‘vault’ and thus cannot access logins.
Made in Germany
No Amazon or Google Cloud. Company and infrastructure in Germany.
GDPR compliant
We do not collect unnecessary data about you (data minimization).
ISO 27001-certified information security management system of the data center
Why phone confirmation is secure
Phone instead of a master password
Secure chip in your phone
Cryptography
heylogin uses XSalsa20+Poly1305 and Curve25519, secure state of the art encryption algorithms.
Two-Factor Authentication
Smartphone & fingerprint or PIN
Secure browser logins
Replacing insecure password logins
Always protected
Your logins are secured and encrypted all the way to the website.
Login everywhere securely
The data exchange between your browser and your phone is secured by a key exchange protocol.
Single Sign-On experience
heylogin implements a Single Sign-On experience that works with all websites, without integration costs.
Protection against phishing
heylogin always shows you whether you log into a trusted website.

Dr. Dominik Schürmann
Founder, heylogin
At the TU Braunschweig, I researched on how to establish an encrypted channel without having to trust a third party.
In studies with well over 1000 users, we analyzed how this can be implemented with minimal user interaction while still being easy to understand. Paired with modern cryptographic algorithms, these findings form the basis for heylogin.