Data and GDPR in Haiilo

Haiilo complies with the requirements of the GDPR and offers a secure communication platform that protects employee and customer data. Our customers' right to privacy and the security of personal data is our top priority. Therefore, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.

If you have any questions about the general data protection regulation, please contact our data protection officer at If you have any questions about Haiilo's security, please contact


The European General Data Protection Regulation (GDPR) is a regulation regarding the protection of citizens' personal data within the EU. The regulation includes strict requirements for the collection and processing of personal data and, therefore, also affects the majority of all companies and public institutions. The GDPR has been in force since May 25, 2018.

The scope of the GDPR is very comprehensive concerning protecting personal data. For you, this means that you, as the data controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the GDPR.

To minimize our customers' risk around the GDPR, we at Haiilo have taken comprehensive measures in technical and structural terms. In addition, we have developed a "contract for the processing of personal data on behalf of a controller" (ADV contract), which we conclude with our customers to create legal certainty for both sides.

Insofar as personal data is stored and processed by our customers in the Haiilo Cloud, Haiilo GmbH acts as a processor and is obligated to its customers to implement technical organizational measures under Article 32 of the GDPR.


Recognizing the significance of hosting locations for our customers and their adherence to compliance standards, Haiilo offers a choice between EU and US hosting options for our services in the cloud. For our EU customers, the EU cloud is hosted in Germany, and for US customers, the US cloud is hosted in the US.

You can find additional information on our website. You will also receive detailed guidelines and further information with your contract documents.

Data storage

Below are answers to frequently asked questions on storing data:

  • No, Haiilo does not link or store personal data to file accesses.
  • For data protection reasons, we don't log which person changed or deleted what or when in Haiilo.
  • The application only stores the ID of mobile devices and the device name until the user manually deletes them in the profile settings. The load balancer does not store any information about users' devices.
  • The application itself does not store IP addresses. Regarding the firewall and load balancer, IP addresses are stored for 90 days only in case of error.
  • As a cloud customer, we can make your data available to you as an export at the end of the term. Please contact our Service Desk for assistance with this. The export is provided as a .json file with an extra folder for all uploaded files via a download link. If you do not wish to export your data, Haiilo will completely delete your instance with all data after 30 days.

Was this article helpful?