Back to Hermes

Effective date: May 27, 2026

Hermes Agent Mobile Privacy Policy

This policy explains how Hermes Agent Mobile handles information on iPhone and what gets sent to the Hermes server you configure.

Overview

Hermes Agent Mobile is a native iOS client for a user-configured, self-hosted Hermes WebUI server.

The app does not create an account with the developer. For normal public use, there is no hosted backend operated by the developer.

Hermes Agent Mobile does not send user data anywhere except the server the user configures, other than normal Apple/iOS system services used by permissions.

Tracking, analytics, and ads

Hermes Agent Mobile does not track you across apps or websites.

The app does not show ads, include third-party analytics SDKs, or collect in-app purchases or payments.

Server connection and auth

You provide the Hermes server URL and access details used to connect to your configured server.

The app stores the configured server URL in iOS Keychain.

If the server requires a password, the password is sent to the configured Hermes server only to sign in. Hermes Agent Mobile does not store the server password after login.

Login/session cookies are handled by iOS networking cookie storage and are cleared when the user signs out or reconfigures the app.

Data sent to the configured server

As part of app functionality, Hermes Agent Mobile may send prompts/messages and assistant conversation data to the user-configured Hermes server.

The app may also send selected attachments, photos, files, shared content, URLs, workspace/file requests, and session actions or settings such as model, profile, reasoning, and workspace choices.

This data goes to the configured Hermes server, not to a developer-hosted backend in normal public use.

Local device storage

Hermes Agent Mobile stores the saved server URL in Keychain and app preferences in UserDefaults.

The app uses a local SwiftData offline cache so recent content can be viewed when the configured Hermes server is unavailable.

Cached sessions/messages can include session metadata, message text, reasoning text, tool-call metadata, and attachment metadata. The local message cache is capped at 5,000 messages.

Cached data expires after 7 days. Users can clear it from Settings -> Offline Data -> Clear Offline Cache.

Clearing the local cache removes local cached data from the iPhone and does not delete anything from the configured Hermes server.

Share extension and App Group staging

Shared text, URLs, files, and photos may be staged locally in the app group container when using the iOS share sheet.

Staged shared content is loaded by Hermes Agent Mobile when the app opens.

Staged content is sent to the configured Hermes server only when the user attaches or sends it through the app.

Photos, files, microphone, and speech

Photos and files are accessed only when the user selects them, shares them to the app, or exports/saves content.

Photos add-only permission is used to save exported workspace images to Photos.

Camera capture is not implemented.

Microphone and speech recognition are used only when you explicitly use composer dictation.

Hermes Agent Mobile does not persist audio recordings. Dictation produces editable draft text, and that text is sent only if the user sends the message.

Notifications and Live Activities

Response-complete notifications are optional local notifications.

Notification title/body are generic and do not include transcript content. Notification payload is limited to routing info such as a session ID when needed.

Live Activities may show session title, status, timer, or tool state on the Lock Screen or Dynamic Island.

Response excerpts in Live Activities are off by default and require explicit opt-in in Settings.

Retention and deletion

Local cache can be cleared in the app.

Configured-server data retention and deletion depends on the user's Hermes server setup.

Users should manage or delete server-side data on their configured Hermes server.

Questions about retention, deletion, or this policy can be sent to uzairansar@gmail.com.

Third-party code summary

Hermes Agent Mobile uses app libraries, not tracking or advertising SDKs.

Current third-party code includes LDSwiftEventSource, MarkdownUI, Splash, Highlightr / highlight.js assets, KeychainAccess, NetworkImage, swift-cmark, and Lucide icons.

Contact

Questions about this policy can be sent to uzairansar@gmail.com.