Privacy Policy

Last Updated: May 2, 2026

1. Introduction

Welcome to Hermes OS. We are committed to protecting your personal information and your right to privacy. Because Hermes OS provides you with autonomous agents that interact with external services, we take data security very seriously.

2. Information We Collect

We collect information necessary to provide our services:

  • Account Data: Email address and authentication data when you create an account, managed securely via Clerk.
  • API Keys: Keys submitted to access third-party AI models (e.g., OpenRouter, OpenAI, Anthropic). These are encrypted at rest and injected directly into your agent instances at runtime.
  • Usage Metrics: Aggregated system logs, compute usage metrics, and error reports necessary to maintain service stability and infrastructure scaling.
  • Diagnostic Telemetry: Runtime exception reports, incident metadata, and operator-visible troubleshooting events generated when the product fails or behaves unexpectedly.
  • Fraud & Abuse Prevention: IP address, browser/device signals, FingerprintJS request identifiers, and Stripe verification metadata when a card-on-file check is required. Stripe handles card numbers directly; we only receive limited metadata such as card fingerprint and funding type for abuse prevention.
  • Session Replay & Product Analytics: We use product analytics and session replay tooling to understand navigation, UI friction, and bugs. Input fields are masked by the analytics provider by default, but non-input page content may be visible in replay unless specifically masked or blocked.
  • Agent Data: Data generated by your autonomous agents is strictly isolated within your deployment context.

3. How We Use Information

We use your information exclusively to operate, maintain, secure, troubleshoot, and improve Hermes OS infrastructure. This includes preventing fraud and free-tier abuse, investigating failures, reviewing diagnostic logs and session replays, and fixing bugs that impact user experience. We do not sell your personal data. We do not use your agent's interactions or your proprietary data to train generalized AI models.

4. Diagnostics & Internal Access

Authorized internal operators may access incident dashboards, error reports, and replay tooling solely to diagnose problems, monitor service health, and improve reliability. We aim to minimize the amount of sensitive information included in these tools, but replay and debugging systems can still capture contextual application data needed for support and incident response.

5. Data Security

All sensitive data, including your Third-Party LLM API keys, is encrypted in transit and at rest. Your agent environments are isolated. While we employ rigorous security hardening to protect your data, no method of transmission over the Internet is 100% secure.

6. Contact Us

If you have questions or comments about this Privacy Policy, please contact us via our Discord community or support email.