heylogin GmbH operates an Information Security Management System (ISMS) compliant with the ISO 27001 standard. All assurances mentioned in this chapter are mapped to corresponding technical and organizational measures within the ISMS.
Server locations
The heylogin production environment is located in Nürnberg, the standby server in Falkenstein. Backups are stored separately in Frankfurt (all mentioned cities are located in Germany). All data centers are ISO 27001 certified.
Failure safety
The defined Recovery Time Objective (RTO) of the heylogin service is 8 hours. The measured Recovery Time Actual (RTA) is less than 2 hours. The architecture of heylogin allows us to start a replacement instance of our productive environment within a short time. If the data center used by our hosting provider is no longer available, there is a standby server that can be converted into a functioning productive environment within a restart time of no more than 30 minutes. No data loss occurs in this case.
The defined Recovery Point Objective (RPO) is 60 minutes. Encrypted backups of the server-side database are automatically created every hour. The backups are stored for 90 days. This database continues to be actively replicated to the previously mentioned standby server in another data center. With this backup, we protect ourselves against a complete failure of our hosting provider. Within a recovery time of maximum 60 minutes we can start up a new productive environment at an alternative hosting provider. In this case, the heylogin client applications will synchronize login data that is still locally available with the server to reduce the probability of data loss even more.
Monitoring
The heylogin production environment is monitored by a system every minute. In case of failures and anomalies, notifications are sent and logged.
Security incident response
All administrative logins to the production environment and the standy server are logged and must be justified. There is always an employee on standby to intervene in case of anomalies.
Availability
heylogin GmbH strives for an availability of 99.9% on annual average. Through our architecture and technical measures for fail-safety, we have achieved an availability of ~99.95% on annual average in 2022, for example. Contractually, we guarantee an availability of 99% on annual average. For a contractually guaranteed higher availability, please contact our sales team.
Support
heylogin GmbH aims to answer general support requests within 2 working days (Mon-Fri). Errors that affect the operation will be handled within 8 hours on working days. Critical errors, such as failures of the productive environment, are processed within 8 hours on all weekdays (Mon-Sun).
Capacity
heylogin has no limits on the amount of logins and teams stored. We reserve at least 500MB of storage per organization.