HEINI
DE Book demo Choose plan
Start Features
Solutions Managing directorsCFO & financeIT leadershipTax advisorsTradesFreight & logisticsAll industriesEnterprise
Pricing Integrations
Customers All customersPSE TechnikKnowledge staysSupplier with HeiniGroup & holdingAgencies & partners
Resources All resourcesFAQBlogCustomers & casesStories
Login Book demo Choose plan
Security & Compliance

Your data. Your server.
Your control.

Hosted in Germany. Anchored in code.

Operational data in Germany, no shared data space. HEINI prepares — you approve. Every action lands in the audit-proof log.

Book a demo (30 minutes) →Choose a plan

Hosting in Falkenstein

The standard processing location is the Hetzner data centre Falkenstein (FSN1), Germany — single-tenant per customer, no shared infrastructure. Hetzner is ISO 27001:2022 and BSI C5 Type 2 certified.

On cancellation the key is deleted — data becomes irreversibly unreadable, even in backups (crypto-shredding). Transport via TLS 1.3, storage encrypted (AES-256).

GDPR & data processing

For SaaS use the Data Processing Agreement (DPA) under Art. 28 GDPR applies. We report personal-data breaches without undue delay, at the latest within 48 hours.

Data-subject rights (access, erasure, restriction) via datenschutz@heini.app. Details in the privacy policy.

DPA on request

Available immediately — no sales gate.

Art. 17 erasure

Clean process with export window before key deletion.

No model training

Customer data is not used to train AI models.

GoBD & audit-proof log

Every action lands in the audit-proof log — with time, reason and your approval. As a PDF for the auditor, even years later. Approval-first is anchored in code, not disableable by configuration.

HEINI prepares postings and receipts — tax assessment remains with you or your advisor. Reviewer mode for read-only access (e.g. DATEV bridge).

Approval before every step

No irreversible step without your OK.

Why? explanation

Three lines in plain language — traceable for every action.

GoBD preparation

Log and receipt chain audit-grade — no certification promise.

Certifications & AI governance

Hetzner: ISO 27001:2022 and BSI C5 Type 2. ISO 42001 (AI management system) is in preparation — not promised unless expressly agreed.

AI components are marked BETA; human-in-the-loop aligns with the EU AI Act. Details in the AI usage terms.

Where exactly is my data?

Your operational data exclusively on Hetzner servers in Falkenstein, Germany — single-tenant per customer. For AI inference, EU sub-processors with US parent companies may apply per the DPA; website analytics (Umami) stays in Germany.

Do I get a DPA?

Yes, on request. Available at /en/legal/dpa/.

What happens to my data on cancellation?

30-day export window, then key deletion — data irreversibly unreadable.

Is HEINI compliant with the EU AI Act?

Approval-first = human-in-the-loop. ISO 42001 in preparation.

Questions from your IT or DPO?

30 minutes on the architecture — DPA and security overview on request.

Book a demo (30 minutes) →Choose a plan