Privacy Policy

Privacy Policy

Last updated: May 31, 2026.

This Privacy Policy applies to Vylen, including the Android app Vylen: Hermes agent controller, the hosted Vylen Cloud relay, the Vylen web app, and the public Vylen site.

Vylen is built around local ownership. Your Hermes instance, model provider keys, tool outputs, skills, memory, and durable chat history belong on hardware you control. Vylen Cloud exists to authenticate you, pair your devices to your Hermes gateway, and relay traffic over an outbound tunnel.

What Vylen Cloud stores

Vylen Cloud stores the records needed to operate the hosted controller:

  • Firebase identity and profile metadata. When you sign in, Firebase Authentication identifies your account. Vylen stores your Firebase UID and may store profile fields returned by the sign-in provider, such as email address, display name, photo URL, and account creation time.
  • Paired instance metadata. Vylen stores the instance name, owner user ID, instance ID, connection status, health timestamps, Hermes health status, latency, last reported Hermes error, chat-state health status, created time, and optional gateway metadata reported on reconnect, such as host name, remote address, gateway plugin version, Hermes version, and Python version.
  • Gateway token and pairing records. Each paired Hermes gateway has an instance token. The plaintext token is shown once during setup. At rest, the long-lived token is stored as a hash with its instance ID, user ID, creation time, last-seen time, and revocation time. Short pairing-code records are created so you can move the token into the gateway plugin. Those records include the pairing code, the temporary plaintext token needed for the one-time exchange, instance ID, user ID, created time, expiry time, and exchange time. Pairing codes are short-lived and single-use.
  • Memory audit metadata. When the gateway reports memory-related activity, Vylen stores audit metadata such as user ID, instance ID, target, event type, operation type, revision hash, snapshot ID, redacted metadata, and creation time. Vylen stores this as audit metadata, not as a general copy of your Hermes memory.
  • Notification device tokens. If you enable notifications, Vylen stores a platform label, Firebase Cloud Messaging device token, hashed cleanup secret, user ID, device ID, and created/updated timestamps so it can deliver and clean up push notifications.
  • Notification preferences. If you configure notification settings, Vylen stores whether push is enabled and, when enabled, your quiet-hours window, timezone, and update time.

What stays local

Your Hermes API keys and other provider credentials are not sent to Vylen Cloud. The open-source gateway plugin runs alongside Hermes and injects those credentials locally when it talks to your Hermes runtime or model providers.

Vylen Cloud relays chat, command, file, approval, response, notification, and status frames between your signed-in client and your paired gateway. It does not store your message transcripts, prompts, assistant outputs, tool transcripts, or attachments as a durable cloud chat history.

When you use the mobile app, Vylen may transmit the content you choose to send through the app, including chat messages, command text, image attachments, and voice recordings for transcription or voice-message handling. Those payloads are used to deliver your request to your paired Hermes gateway and are not used for advertising.

Chat state is stored locally where you run Vylen:

  • The Hermes gateway plugin may keep local SQLite chat state, event cursors, and bounded response buffers on your Hermes host so your devices can reconnect and catch up.
  • The web and mobile clients may keep local app state, transcripts, attachments, auth session material, and notification cleanup data on that device or browser so the app can resume your session.

Deleting local browser data, app data, or the gateway plugin’s local state removes the copies stored in those places. If you run Vylen yourself, you control those local stores and their backups.

Admin access

Vylen’s hosted admin tools are restricted to a small Firebase UID allowlist. Those operators may access production operational records when needed for security, abuse prevention, debugging, support, or service reliability. Admin access does not give operators your Hermes API keys, local files, local model-provider credentials, or local gateway plugin database unless you separately provide that information.

Service providers

Vylen uses third-party service providers to operate the hosted service:

  • Google Firebase Authentication for sign-in and account identity.
  • Google Cloud Firestore / Firebase services for hosted production records such as users, instances, token hashes, pairing records, memory audit metadata, and notification device records.
  • Firebase Cloud Messaging for push notification delivery when notifications are enabled.
  • Firebase Hosting / Google Cloud infrastructure for serving the public site, web app, admin app, and relay infrastructure.
  • Google Fonts for website font loading. When your browser requests those fonts, Google receives the request metadata normally involved in serving a web font, such as IP address, user-agent, and referrer information.

Your self-hosted Hermes runtime, your chosen LLM providers, Telegram/Discord/Slack or other Hermes-side integrations, and any tools your agent calls are outside Vylen Cloud’s control. Review those services’ policies before connecting them to Hermes.

Android app permissions

The Android app requests only the permissions needed for its app features:

  • Microphone / audio recording lets you record voice input for transcription or voice-message delivery to your paired Hermes instance.
  • Photos / media picker access lets you attach an image to a chat message when you choose to do so.
  • Notifications lets Vylen deliver background notifications from your Hermes instance when you enable notifications.

Vylen does not sell personal data, does not show ads, and does not use Android Advertising ID for advertising or profiling.

Retention

Vylen keeps hosted account, instance, token-hash, pairing, memory-audit, and notification records for as long as needed to operate the service, secure the system, debug production issues, comply with legal obligations, or until you ask for deletion where deletion is available.

Short pairing-code records are designed to expire quickly and be used once. Revoked or deleted instance records may leave behind security or audit metadata needed to prevent abuse and understand production incidents. Local chat state is retained according to the device, browser, gateway plugin, and backup settings you control.

Contact

For privacy questions, deletion requests, or corrections, contact the maintainer through the gateway plugin issue tracker. Do not post secrets, API keys, private transcripts, or sensitive personal data in public issues; ask for a private contact path if your request includes sensitive details.