Legal
Privacy Policy
Hermes One is built local-first. The desktop app keeps your data on your own device, and you connect your own model providers — so most of your data never touches our servers at all. This policy explains exactly what we do and don't collect.
Last updated: June 28, 2026
No account needed
Download and run the app without signing up with us.
Your data stays local
In local mode, conversations and memory live on your device.
You own your keys
Your provider credentials are stored by you, used by you.
1. Overview
This Privacy Policy explains how the Hermes One team (“Hermes One,” “we,” “us,” or “our”) handles information in connection with hermesone.org (the “Site”) and the Hermes One desktop application (the “App”).
The short version: the App is local-first and open source, you bring your own model providers, and we run a simple informational website with privacy-respecting analytics. We do not sell your data, and we never have.
2. Local-first by design
The App runs on your device. In local mode, it installs to a directory on your machine (for example, ~/.hermes) and stores your conversations, memory, profiles, skills, and settings there. That data is yours. We do not receive it, and we cannot read it.
Because the source is open, you can audit exactly how the App handles data in our GitHub repository.
3. Data in the app
The App may handle the following on your device:
- Conversations and memory — chat history, session summaries, and the user model your agent builds over time.
- Credentials — API keys and tokens for the providers and platforms you connect, stored locally so the App can talk to them on your behalf.
- Configuration — profiles, personas, enabled tools, schedules, and preferences.
- Files and tool output — any files you share with the agent or that its tools generate.
If you connect the App to a remote Hermes API server instead of running locally, this data is stored on the server you choose, under your control.
4. Data on the website
The Site is an informational marketing and documentation site. You do not need an account to use it. We collect only:
- Usage analytics — aggregate, privacy-respecting metrics about page visits (see Section 6).
- Standard server logs — information such as IP address and browser type that web and CDN infrastructure records automatically to deliver and secure the Site.
If you choose to contact us, join our community channels, or download a release, you interact with the relevant third-party platform (GitHub, Discord, and so on) under their privacy policies.
5. Third-party providers
Hermes One has no model lock-in: you bring your own providers. When your agent runs, the App sends your prompts, context, and any attached data directlyfrom your device to the model providers, messaging platforms, and infrastructure you have configured. That data is handled under each provider's own terms and privacy policy — not ours.
We do not act as an intermediary for that traffic and we do not receive a copy of it. Please review the privacy policies of any provider you connect, since their handling of your data is solely between you and them.
7. Data retention
Data the App stores locally is retained until you delete it — you control it directly on your device. Aggregate analytics are retained according to our analytics provider's standard retention periods. Server logs are retained only as long as needed for operation and security.
8. Security
Because Hermes One is local-first, the security of your data largely depends on the security of your own device and accounts. Keep your operating system updated, protect your API keys, and use strong credentials for the providers you connect. For our hosted Site and services we apply reasonable safeguards, but no method of transmission or storage is perfectly secure.
9. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete personal data, and to object to certain processing. For data stored locally by the App, you can exercise these rights yourself at any time by viewing, editing, exporting, or deleting it directly in the App. For any data we hold (such as analytics), contact us and we will respond consistent with applicable law.
10. Children's privacy
The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us so we can address it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, may announce them through our community channels. Your continued use of the Services after an update constitutes acceptance of the revised policy.
12. Contact
Questions about your privacy or this policy? Reach us through our community channels or open an issue on GitHub.