Privacy Policy

Last updated: April 2026

Overview

Hermes is a self-hosted AI assistant platform. This policy explains what information is collected, how it is stored, and your rights as a user.

What we collect

• Account credentials — your username and a bcrypt-hashed password. Plaintext passwords are never stored.
• Conversation data — messages you send and AI responses, stored on the server that runs Hermes.
• Workspace files — files you upload or generate within your workspace session.
• Session cookies — a signed, HttpOnly session cookie used to authenticate your browser. No tracking cookies.
• Usage metadata — token counts and request timestamps used to enforce fair-use rate limits.

What we do NOT collect

• No advertising identifiers or cross-site tracking.
• No analytics sent to third parties.
• No sale or sharing of your data with advertisers or data brokers.
• No device fingerprinting.

Data storage

All data is stored on the server infrastructure operated by the instance owner — either a private server or a self-hosted cloud instance. Hermes does not operate a central cloud service. If you are using a shared Hermes instance, contact the instance operator for information about their specific data-hosting arrangements.

AI model providers

Messages sent through Hermes are forwarded to upstream AI model providers (such as Anthropic, OpenAI, or local models) to generate responses. These providers have their own privacy policies and data-handling practices. Hermes's built-in LLM proxy routes your requests without exposing your personal credentials to the AI provider.

Data retention

Your conversations and files are retained as long as your account exists. You may delete individual conversations or your entire account at any time from the Settings panel. Account deletion removes all associated data from the server immediately.

Security

Passwords are hashed with bcrypt. Session tokens are signed with HMAC-SHA256. All communication should be served over HTTPS in production. Per-user containers are isolated on separate Docker networks.

Your rights

• You may delete your account and all associated data from Settings → Account → Delete account.
• You may export conversations by copying them from the chat interface.
• You may contact the instance operator to request data deletion or a data export.

Contact

For privacy inquiries, contact the operator of this Hermes instance. For questions about the open-source Hermes project, open an issue on the project repository.

This policy applies to the Hermes WebUI platform. The exact data practices may vary depending on how this instance is configured and operated.