Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

heylogin

VERIFIZIERT
Passwort-Manager · Germany
Gegründet 2021 · heylogin.com ↗

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

Kurzfassung

heylogin aus der Kategorie Passwort-Manager ist ein EU-eigener Dienst mit Germany als Hosting-Standort und ohne erkennbares CLOUD-Act-Risiko.

Bewertungsnotizen

heylogin GmbH (Sophienstr. 40, 38118 Braunschweig; HRB 207299 Amtsgericht Braunschweig; founders Dr. Dominik Schürmann & Vincent Breitmoser, ex-TU Braunschweig) is a passwordless, zero-knowledge password manager whose vault is end-to-end encrypted (Curve25519 / XSalsa20-Poly1305 / Argon2 / age, BSI TR-02102-1 aligned) so the cloud is a pure transport/storage layer that cannot decrypt customer data. Every sub-processor is German with no third-country transfer: Hetzner (Nuremberg production + Falkenstein standby), IONOS (Frankfurt S3 backups), Myra Security (Munich, DDoS + CDN, a German CDN, not Cloudflare US), and Heinlein/mailbox.org (Berlin, transactional email); and the ISMS is ISO 27001:2022 certified with a publicly downloadable DPA and detailed sub-processor annex. The only US touchpoints are non-data: Mozilla Ventures' minority 2022 pre-seed stake, the Webflow-hosted marketing site (explicitly separated from the product on heylogin.app, holds no customer data), and user-side phone backups of the recovery seed to the user's own Google/Apple platform account. EU-owned, EU-hosted (Germany only), DPA + sub-processors public, no Cloudflare US, no CLOUD Act exposure → 5/5.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 keine offengelegt
Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über heylogin

heylogin is a passwordless, zero-knowledge password manager built by heylogin GmbH in Braunschweig, Germany, a company spun out of IT-security research at TU Braunschweig by Dr. Dominik Schürmann (CEO) and Vincent Breitmoser (CTO), and originally incorporated as Confidential Technologies GmbH in 2018 before relaunching under the heylogin brand with the product's 2021 release. Its distinguishing idea is that there is no master password: the vault is unlocked and synced using the security chip in the user's smartphone (and FIDO2 keys, Touch ID, Windows Hello), with a "swipe to login" confirmation and a 1-click browser overlay that automates the actual website sign-in. The second factor is built into the vault encryption itself rather than bolted on as a separate login step.

For an EU-sovereignty audit heylogin is best-in-class. The vault is end-to-end encrypted on the device before it ever reaches the cloud (Curve25519, XSalsa20-Poly1305, Argon2 key-stretching, age for at-rest backups, aligned to BSI TR-02102-1), so the heylogin cloud is a pure transport-and-storage layer with no ability to decrypt customer data. Every sub-processor is German with no third-country transfer: Hetzner Online (production in Nuremberg, standby in Falkenstein), IONOS (S3 backups in Frankfurt), Myra Security (Munich) for DDoS protection and CDN (a German CDN rather than Cloudflare US), and Heinlein Hosting / mailbox.org (Berlin) for transactional email. The ISMS is ISO 27001:2022 certified, the DPA and a detailed sub-processor annex are publicly downloadable without a login, and all data centres are ISO 27001-certified Hetzner facilities running on renewable electricity. The only US touchpoints are non-data: a minority Mozilla Ventures pre-seed stake (2022), the Webflow-hosted marketing site that is explicitly separated from the product on heylogin.app, and user-side recovery-seed backups to the user's own Google/Apple account.

Pricing is freemium: a free Private tier for individuals; Business at €3.99/user/month billed yearly (€4.99 monthly) adding user/team management plus Entra ID, Google Workspace and CSV provisioning; and a yearly Enterprise tier (50+ seats) adding audit logs, Pwnitoring breach monitoring, optional on-premises backup and phone support. A separate Enterprise-for-MSPs tier and an EVB-IT cloud contract for European public-sector buyers are available. Best fit: German and EU SMBs, MSPs and public-sector buyers that want a passwordless, ISO 27001-certified vault with a genuinely all-German processing stack and zero CLOUD Act exposure. Buyers wanting open-source instead should compare Passbolt or Psono.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · keine offengelegt

Quelle ↗
Anbieter gibt null Unterauftragsverarbeiter an. Die gesamte Datenverarbeitung erfolgt im eigenen Haus.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen

ISO/IEC 27001
AKTIV
FEATURES

Funktionsmatrix

Passkeys Nein
Autofill Ja
Leak-Überwachung Ja
Familienfreigabe Nein
Datenexport Ja
Geräte Unbegrenzt
Plattformen iOS Android Windows macOS Web
INTEGRATION & ZUGRIFF
REST API No
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Preise & Tarife

FREEMIUM
ab €4/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

  • Auftragsverarbeitungsvertrag (AVV)
    www.heylogin.com/en…
    Öffnen ↗
  • Liste der Unterauftragsverarbeiter
    www.heylogin.com/en…
    Öffnen ↗
  • Nutzungsbedingungen
    www.heylogin.com/en…
    Öffnen ↗
ALTERNATIVES

Alternativen in dieser Kategorie

KeePassXC
Germany · Gegründet 2016
EU-SOUVERäN

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
CLOUD ACT
NONE
LC-Pass
Germany
EU-SOUVERäN

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

Öffentl. AVV Subprozessoren Open Source
FROM
€3.99/Mt.
CLOUD ACT
NONE
NordPass
Lithuania · Gegründet 2019
EU-GEHOSTET

Lithuanian password manager by Nord Security, zero-knowledge XChaCha20, ISO 27001 + SOC 2, but hosted on AWS (US): material CLOUD Act exposure.

Öffentl. AVV Subprozessoren Open Source
FROM
€2/Mt.
CLOUD ACT
MATERIAL