Privacy notice.
This notice explains the personal data categories HermesAI handles for the public website, user accounts, billing, newsroom workspaces, and integrations.
How HermesAI handles personal data
This notice explains how HermesAI and HermesAI handle personal data in the public website and product.
1. Roles
HermesAI acts as a controller for website, account, authentication, billing, and direct commercial communications. For newsroom workspace data handled on behalf of a customer organization, HermesAI may also act as a processor under that customer's instructions.
2. Data categories
HermesAI currently processes categories that may include:
- account and organization data from authentication flows,
- billing and subscription data,
- newsroom workspace data such as drafts, feedback, review state, and settings,
- integration data such as webhook configuration, API key metadata, and delivery logs,
- support or commercial communications,
- technical and operational records needed for product security and troubleshooting.
3. Purposes
HermesAI uses personal data to:
- authenticate users and manage tenant access,
- operate billing, invoicing, and subscription flows,
- run newsroom workflows and integrations,
- maintain product security, auditability, and abuse prevention,
- respond to support, privacy, security, or commercial requests.
4. Service providers and infrastructure
Depending on the deployment, HermesAI uses service providers such as Clerk for authentication, Polar for billing, Postgres or Neon-compatible database infrastructure, Upstash Redis, Supabase Storage or Vercel Blob, and AI-routing or model access infrastructure such as AI Gateway and Azure-backed model access.
5. AI-related processing
HermesAI may process newsroom content through AI systems for synthesis, compose flows, refinement, and related editorial-assist features. Customers remain responsible for determining whether they have the rights and legal basis needed for that processing.
6. Retention
Retention depends on the data category and the reason it was collected. HermesAI retains account, billing, security, and workspace records for as long as needed to run the service, meet legal obligations, resolve disputes, and protect the service.
7. Sharing
HermesAI shares data only to the extent needed to run the service, fulfill customer instructions, comply with law, or protect the service and its users. HermesAI does not treat customer or partner content as a free pool for unrelated reuse.
8. Data subject rights
Depending on applicable law, users may have rights of access, rectification, erasure, restriction, objection, and portability. GDPR-specific details are described on the GDPR page.
9. Transfers
Some providers may process data outside the country where the customer is based. Where that happens, HermesAI relies on the safeguards made available through the relevant provider terms and customer contract set.
10. Contact
Privacy requests can be sent to the HermesAI privacy contact listed on the Contact page.