Enterprise Security for your Business

Our EU Haiilo infrastructure is hosted in Germany, and our hosting provider is Open Telekom Cloud (OTC). The OTC is fully aligned and certified with the following compliance requirements.

• EU – GDPR Compliant
• ISO Family Certifications:  ISO 27001 (Certified by Dekra for an information security management system), ISO 27017 (Certified by Dekra for additional information security controls for the use of cloud services), ISO 27018 (Certified by Dekra for a data protection management), ISO 9001 (Certified by Dekra for a quality management system), ISO 22301 (Certified by Dekra for a business continuity management system),  ISO 14001 (Certified by Dekra for an  environmental management system)
• SOC 2 and SOC 3 compliant. – Trust Service Criteria – security, availability, integrity, confidentiality, and data protection – are performed and tested for their effectiveness.
• TISAX Level 3 compliant – TISAX certification is the definitive standard for data security in the automotive industry
• BSI C5 (ISAE 3000) compliant – Verifies minimum information security requirements for cloud services of the BSI Cloud Computing Compliance Criteria Catalog (BSI C5).
• TCDP 1.0 compliant – Data protection requirement for order data processing certified by DEKRA

Our Haiilo infrastructure can be hosted in the US for US-based customers. The hosting provider is fully aligned and certified with the above compliance requirements.

We run backups of all relevant systems on a daily basis, which are stored at geo-redundant locations and are performance-optimized. These are available for incident recovery.

The uptime with our cloud provider (Open Telekom Cloud) is 99.5%, meaning downtime is extremely rare and non-critical.

Our internal and external IT infrastructure is hardened in accordance with the CIS Benchmark and regularly benchmarked in order to identify and apply updates as quickly as possible.

With the help of a penetration test, or pentest for short, we have our existing IT infrastructure and web applications checked annually for potential vulnerabilities. In addition, we perform internal security scans and checks as a part of our secure software development lifecycle process.

Access to Haiilo’s production network is meticulously restricted to the core developer operations team. This access involves vigilant monitoring and control. We employ Okta IdP with MFA authentication, following the principle of least privilege, for software and system access.

In transit
All system communication via public networks is fortified through HTTPS with Transport Layer Security (TLS 1.2 or higher) and Perfect Forward Secrecy (PFS). Our TLS encryption holds  an A+ rating with Qualys.

At rest
Your data is stored encrypted, adhering to regulatory and industry standards, utilising AES 256 encryption. This approach ensures compliance and security.

We employ robust one-way hash functions to encrypt users’ passwords, minimising the potential impact of a data breach.

No, Haiilo does not link or store personal data to file accesses.

The application itself only saves the ID of mobile end devices and the end device name, until they are manually deleted by the user in the profile settings. deleted in the profile settings.

The application itself does not store IP addresses. With regard to the firewall and load balancer: IP addresses are only stored for 90 days in the event of an error.

Yes. The Haiilo Cloud is hosted in the Open Telekom Cloud (OTC). The OTC is one of the most secure and modern clouds in Europe. This is confirmed by certification ISO 27001, the certification for quality management certification for quality management ISO 9001 and the Trusted Cloud seal of the German Federal Ministry for Economy and Energy. Further ISO certifications of the OTC are listed above.

As a cloud customer, we can make your data available to you as an export at the end of the term.
your data as an export after the end of the term. This is done in written form as a .json file with an extra folder for all uploaded files. The transfer takes place either digitally or on a suitable storage medium. Please note that a fee may be charged for this, depending on the effort involved. If you do not wish to export your data, Haiilo will completely delete your instance with all data after 30 days.