2 Functionality of the heylogin password management
heylogin is a secure password management system. With the help of a mobile app or a security token and an extension to their browser, users will no longer have to remember passwords in the future. heylogin generates a secure password during the registration process on a website and then stores it in its database in encrypted form.
heylogin exclusively uses 2-factor secure methods. The 2-factor security is provided by the smartphone (1st factor: ownership) and the security mechanisms on the smartphone (2nd factor: PIN/biometrics).
The next time the user logs in to the website, they no longer has to type in their password. Instead, they can log in in a 2-factor secure manner by allowing the login on their mobile device or via security token.
This function works accordingly with already assigned passwords. At the next login heylogin remembers the entered password and includes it in its list.
We do not guarantee that we will be able to recover the user's passwords in the event that they are lost. In this case, the modalities and requirements for password recovery of the respective service for which the user has stored the password must be observed.
In general, we distinguish between two different types of accounts: (a) the private account of a natural person and (b) the account of a natural person if he or she is part of an organization (usually the company in which the person is employed). A separate email address is required for each account.
The creation of the account as part of an organization is done by linking by invitation by the respective organization. The private account, on the other hand, can be created by a natural person themselves with heylogin.
4 Registration with heylogin
For using heylogin each user must first register. For this purpose, it is initially only necessary to provide a valid email address, which must be confirmed in a further step.
The user then installs the mobile heylogin-app and links the respective browser of the PC or Mac via QR code. A similar link is also possible via security token. These are hardware components, e.g. in the form of a USB token or a smart card. After linking, the user installs the corresponding extension for the respective browser, which enables him to securely store passwords when registering anew or logging in to websites.
All information to be entered by the user in the registration process must be true. The user must also ensure that the mobile device on which the heylogin app is installed is sufficiently secured. For this reason, the user must select a secure screen lock, such as PIN, Face ID.
If the user has reason to be concerned that his personal information, including user accounts, access data or personal data, has been violated, unlawfully disclosed or stolen, they shall notify heylogin thereof without undue delay.
5 Right of use
In particular, use by third parties, whether inside or outside the customer's company, is not permitted. Nor does the single user license include the right to use technical aids (such as software) to access heylogin (so-called "indirect use" or "automated use").
If a subscription takes place via one of our partners (e.g. Paddle), the corresponding granting of the right of use is made by our partner.
6 User obligations
The user will not use heylogin for the following purposes:
- for any illegal activities, including the development of applications that violate the rights of third parties or other applicable laws or regulations;
- for sending spam or any other unsolicited advertising;
- to perform benchmark tests or other capacity tests of our technical infrastructure;
- develop a similar product, service, the main purpose of which is to program password management.
The user shall maintain all necessary hardware and software required to be able to use heylogin.
In particular, the user is prohibited from the following:
- Creation of user accounts through bots or other automated methods
- Grant third parties access to his heylogin account.
7 Intellectual property
We claim copyrights and trademark rights in heylogin. With the use of heylogin the user acknowledges our rights in heylogin and will not do anything that impairs our rights. In particular, he will not use our trademark without our express written consent.
8 Deletion of the account, blocking
If a payable subscription of the user (or the parent organization as which he has an account) ends as a result of a cancellation, we delete the affected account at the end of the subscription.
In the case of a free (non-private) trial, we will delete the user account or organization, including all accounts within that organization, 12 weeks after the trial period expires.
Until the deletion, the user has the possibility to save data that is important for him.
At the express request of the user or the parent organization, we will delete his account even before the end of a respective subscription. This may result in the user no longer having access to heylogin although the user is still obligated to pay within the existing term.
heylogin reserves the right to manually delete the account in cases of obvious misuse or if heylogin considers an account to be inappropriate or offensive or if the user violates essential obligations from the user contract. We announce such a manual deletion of the account 14 days in advance.
Notwithstanding the foregoing, we reserve the right to take subsequent restrictive measures to maintain the IT security of all users, namely:
- Apps that have not been updated for more than 12 weeks or contain known security issues can no longer be used until the app is updated.
- If a user is inactive for 12 weeks, we disconnect heylogin from their devices with a 14-day notice by email. There will be no data loss and the user can connect their devices again with heylogin again. In case of free private use, we delete the user's account after 12 weeks of inactivity. This may result in a loss of the data stored at heylogin. We announce the deletion 14 days in advance.
We are liable without limitation
- in the event of intent or gross negligence,
- for injury to life, limb or health as well as
- in accordance with the provisions of the Product Liability Act.
In the event of a simple negligent breach of an obligation that is essential for achieving the purpose of the contract (cardinal obligation), our liability shall be limited in amount to the damage that is foreseeable and typical according to the nature of the transaction in question. The foreseeable and typical damage does not include the entrepreneurial success of the customer, lost profit or indirect damage.
If the user is an entrepreneur in the sense of § 14 BGB, the parties agree that the typical and foreseeable damage per year is limited to the annual amount payable by the user.
Beyond that we are not liable.
10 Modification of these conditions
- the changes are only beneficial for the user;
- the changes are based on technical or process-related reasons, provided they do not have a significant impact on the customer;
- we have to follow a court decision or an authority decision; or
We will inform the user about such changes, for example on our website.
11 Final conditions
This agreement shall be governed exclusively by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods and conflict of laws provisions. If the User is a consumer within the meaning of Section 13 of the German Civil Code (BGB), mandatory statutory consumer protection provisions under the law of the country in which the consumer has his habitual residence shall remain unaffected.
The exclusive place of jurisdiction for all disputes arising out of or in connection with this Agreement shall be Munich, Germany, provided that the contracting parties are merchants, the User does not have a general place of jurisdiction in Germany or in another EU member state, the User has moved its permanent place of residence abroad after these General Terms and Conditions came into force, or the User's place of residence or habitual abode is unknown at the time the action is brought.
The place of performance for all obligations arising from the contract of use is our registered office (Braunschweig, Germany).