Data and GDPR in Haiilo

Haiilo complies with the requirements of the GDPR and offers a secure communication platform that protects employee and customer data. Our customers' right to privacy and the security of personal data is our top priority. Therefore, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.

If you have any questions about the general data protection regulation, please contact our data protection officer at If you have any questions about Haiilo's security, please contact


The European General Data Protection Regulation (GDPR) is a regulation regarding the protection of citizens' personal data within the EU. The regulation includes strict requirements for the collection and processing of personal data and, therefore, also affects the majority of all companies and public institutions. The GDPR has been in force since May 25, 2018.

The scope of the GDPR is very comprehensive concerning protecting personal data. For you, this means that you, as the data controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the GDPR.

To minimize our customers' risk around the GDPR, we at Haiilo have taken comprehensive measures in technical and structural terms. In addition, we have developed a "contract for the processing of personal data on behalf of a controller" (ADV contract), which we conclude with our customers to create legal certainty for both sides.

Insofar as personal data is stored and processed by our customers in the Haiilo Cloud, Haiilo GmbH acts as a processor and is obligated to its customers to implement technical organizational measures under Article 32 of the GDPR.


Recognizing the significance of hosting locations for our customers and their adherence to compliance standards, Haiilo offers a choice between EU and US hosting options for our services in the cloud. For our EU customers, the EU cloud is hosted in Germany, and for US customers, the US cloud is hosted in the US.

You can find additional information on our website. You will also receive detailed guidelines and further information with your contract documents.

Data storage

Below are answers to frequently asked questions on storing data:

  • No, Haiilo does not link or store personal data to file accesses.
  • For incident handling purposes, load balancer logs are stored for 7 days. The logs might include information on which person changed or deleted what and when in Haiilo, primarily for use in case of a security incident.
  • The application only stores the ID of mobile devices and the device name until the user manually deletes them in the profile settings. The load balancer does not store any information about users' devices.
  • The application itself does not store IP addresses. Regarding the firewall and load balancer, IP addresses are stored for 90 days only in case of error.
  • As a cloud customer, we can make your data available to you as an export at the end of the term. Please contact our Service Desk for assistance with this. The export is provided as a .json file with an extra folder for all uploaded files via a download link. If you do not wish to export your data, Haiilo will completely delete your instance with all data after 30 days.

Social network permissions

The below information is only relevant if you use the Employee Advocacy module.

When you connect a social account to Haiilo, Haiilo securely stores an authentication code in the form of OAuth (version 1 and 2) tokens. These tokens are random strings that are generated by social networks and don't include the username or password of the user. They are only used to allow users to interact with the respective social network, such as sharing content and receiving clicks and reactions on their shares, without disclosing any sensitive login information.

Below are answers to frequently asked questions on obtaining data from social networks:

  • For each social media network you connect, Haiilo collects:
    • The above-mentioned token
    • The number of your connections (used to calculate potential reach)
    • The number of your shares from Haiilo
    • The number of clicks on your shares from Haiilo
    • The number of reactions (likes, comments, reshares) on your shares from Haiilo
  • No, your personal data will not be visible to Haiilo. We do not collect information about your actions on your social account other than your shares from Haiilo.
  • Only the quantitative number of your connections is collected; no information on individual connections or the actions they take on your account. Haiilo collects the quantitative number of clicks and reactions on your shares from Haiilo, but no information about who engages with your content or what/how they comment.
  • To share posts and gather clicks, reactions, and connection data from your social account, social networks require an authorization process that is standard for all third-party programs creating a connection.

    The social networks predetermine the permission message based on the authorization scope required for sharing and collecting clicks, reactions, and connections. Haiilo cannot influence the terminology in the permission messages from the social networks.

Was this article helpful?