HERMES
Terms Privacy Acceptable Use

Privacy Policy

Last updated: March 28, 2026

1. Overview

Hermes is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights. We comply with applicable privacy regulations including GDPR and CCPA.

2. Data We Collect

Account Data

  • Email address and username
  • Organization/workspace information
  • Authentication tokens

Reddit Integration Data

  • Reddit OAuth credentials (stored encrypted)
  • Reddit username associated with connected accounts
  • Subreddit monitoring configuration

Product & Monitoring Data

  • Product names, descriptions, and keywords you configure
  • Competitor information you enter
  • AI-generated reply drafts and post history
  • Queued and posted replies

Usage Data

  • Log data: IP addresses, browser type, pages visited, timestamps
  • Application telemetry and error logs

3. How We Use Your Data

  • Authenticate you and provide access to the Service
  • Monitor Reddit on your behalf and surface relevant posts
  • Generate AI-powered reply drafts using your product context
  • Send email notifications and alerts you configure
  • Improve the Service through aggregated, anonymized analytics
  • Comply with legal obligations

4. Third Parties

We share data with third parties only as necessary:

  • Reddit — API access to monitor subreddits and post replies on your behalf
  • OpenAI / AI providers — Post content and product context sent to generate reply drafts
  • Cloud hosting providers — Infrastructure and database hosting
  • Email delivery services — Transactional email delivery

We do not sell your personal data.

5. AI Processing

Post content and product information you configure may be sent to AI providers to generate reply drafts. We use only what is necessary for generation. Review the privacy policies of our AI providers (e.g., OpenAI) for their data handling practices.

6. Data Retention

We retain your account and product data while your account is active. Reddit credentials are stored encrypted and can be revoked by you at any time. After account deletion, personal data is removed within 30 days.

7. Your Rights

Depending on your location, you may have the right to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Data portability
  • Lodge a complaint with your local supervisory authority (GDPR)

Contact privacy@hermes.app to exercise these rights.

8. Security

We use TLS for data in transit and encryption at rest for sensitive credentials. No security measure is guaranteed; we will notify affected users of any breach as required by law.

9. Cookies

We use session cookies necessary for authentication. We do not use advertising or tracking cookies.

10. Contact

Privacy requests: privacy@hermes.app