HermesPilot Privacy Policy

Last updated: May 3, 2026

The HermesPilot team ("we", "us", or "our") cares about your privacy and data security. This Privacy Policy explains how we process information when you use the HermesPilot mobile app, HermesPilot Server, Hermes Relay, and related website pages, and what rights you may exercise.

1. Scope

This Policy applies to the HermesPilot app and services we operate, including account sign-in, Hermes Link pairing and connectivity, Relay-assisted connectivity, in-app purchase entitlement validation, session title generation, error log reporting, version update checks, tutorials, and legal page hosting.

This Policy does not apply to independently operated components or services, such as Hermes, Hermes Link, local model services, third-party model services, third-party tools, Apple App Store, or Android distribution channels. Those parties process data under their own rules.

2. Information We Collect

We follow a data-minimization approach and process only what is necessary for current product functionality.

  • Account and sign-in information: account ID, username, password hash, login sessions, and necessary access-token and refresh-token records. We do not store plaintext passwords.
  • App installation and device information: app instance ID, platform, app version, build number, OS version, device model, locale, sign-in time, and recent activity time, used to identify the device, maintain session state, and troubleshoot issues.
  • Hermes Link pairing and connectivity information: Link ID, installation ID, display name, platform, hostname, Link version, LAN addresses, public addresses, Relay URL, connection status, pairing code, pairing session state, and necessary error snapshots, used for account-to-Link binding, route selection, and connection diagnostics.
  • Purchase and entitlement information: App Store product ID, transaction ID, original transaction ID, purchase time, transaction environment, transaction verification data, appAccountToken, entitlement status, and validation time, used to verify purchases and grant or restore access. The current entitlement flow is initiated by the app reporting transaction information, after which our server validates it with Apple.
  • Error logs and diagnostics: when the app crashes, encounters network errors, or catches handled exceptions, it may report error type, error message, stack trace, feature area, request path, app version, device information, and necessary context. Logs are designed to filter sensitive fields such as passwords, tokens, secrets, and keys where possible.
  • Session title generation information: when you use automatic title generation, relevant user-message and assistant-message excerpts may be sent to the title-generation model service configured by us to generate a short title.
  • Chat, attachments, and voice messages: HermesPilot's core chat content, attachments, and voice messages are processed by the app and the Hermes Link / Hermes instance you connect to by default. Under the current implementation, our Server is not the persistent store for regular chat content. If a connection uses Hermes Relay, request data may pass through Relay for forwarding, but we do not retain ordinary chat content as long-term product data.
  • Local data and device permissions: the app stores sign-in state, Link connection information, chat cache, media cache, and UI preferences locally in secure system storage and the app sandbox. When you actively use QR scanning, camera capture, photo selection, voice recording, media saving, or file access, the app may request camera, photos, microphone, local network, or file-related system permissions.

The current app does not proactively request contacts, precise location, advertising identifiers, or system-level remote push tokens.

3. How We Use Information

  • To create and maintain accounts, sign you in, refresh sessions, sign you out, and delete accounts.
  • To support Hermes Link pairing, account binding, route selection, Relay-assisted connectivity, and connection diagnostics.
  • To validate App Store purchase transactions, maintain entitlement status, and show purchase or restore results.
  • To provide session title generation, version update checks, tutorials, and legal pages.
  • To detect, diagnose, and fix app or server issues, and to protect account, connectivity, and entitlement flows.
  • To comply with legal, regulatory, security, or dispute-resolution obligations.

4. Sharing and Disclosure

We do not sell your personal information. We share or disclose information only where necessary, including:

  • Infrastructure providers for cloud hosting, database, website hosting, monitoring, and related services, acting within the scope necessary to provide the service.
  • Apple App Store, for purchase transaction validation and refund or revocation status checks.
  • The model service used for session title generation, only when you trigger that feature and only with the context needed to generate the title.
  • Hermes Link, Hermes, model providers, and tool services that you configure or connect to yourself.
  • Disclosure required by laws, regulations, regulators, courts, or administrative authorities.
  • Necessary disclosure in emergencies to protect significant lawful rights and interests of users or the public.

5. Storage and Retention

  • We retain account, Link binding, entitlement, log, and diagnostic data based on functional necessity and security needs, and apply measures such as access control, authentication checks, sensitive-field filtering, and minimized writes.
  • Local device data is stored in secure system storage and the app sandbox. You may revoke permissions in system settings, sign out in the app, clear cache, or remove Hermes Link bindings.
  • When you delete your account, we mark the account as deleted, revoke active login sessions, and remove active Link bindings under that account. Data directly associated with the account will be deleted or de-identified within a reasonable period.
  • Records that must be retained for security, auditing, dispute resolution, App Store transaction verification, or legal obligations may be kept where permitted by law. Please note that the current App Store lifetime entitlement is account-bound, and after account deletion that entitlement may not be recoverable in the app.

6. Your Rights

Subject to applicable laws and regulations, you may:

  • Learn about the rules, scope, and purposes of our processing.
  • Request correction, deletion, or restriction of processing of your information.
  • Withdraw device permissions such as camera, photos, microphone, or local network access.
  • Sign out, delete your account, or remove bound Hermes Links in the app.
  • Contact us with privacy questions, complaints, or data security inquiries.

7. Protection of Minors

HermesPilot is primarily intended for users with full civil capacity. If you are a minor, please read this Policy and use the service with your guardian, and let your guardian decide whether to agree to the relevant data processing.

8. Policy Updates

We may update this Policy due to changes in product functionality, technical architecture, legal requirements, or regulatory requests. Updated versions will be published on the legal pages of our website or through an in-app entry point, with the latest update date. If an update materially affects your rights, we will provide reasonable notice.

9. Contact Us

If you have any questions, suggestions, or complaints about this Policy, please contact us at:

Email: [email protected]

We will respond as soon as reasonably practicable after receiving your request.

Last updated:

HermesPilot

Copyright © 2026 HermesPilot