Privacy Policy
Effective Date: May 31, 2026
App: Hermes: AI Daily Brief (iOS) — bundle identifier com.marcusmattier.hermes
Developer: Marcus Mattier
Contact: supporthermesherald@gmail.com
1. Introduction
This Privacy Policy explains how Hermes: AI Daily Brief (“Hermes,” “the App,” “we,” “us”) collects, uses, and protects your information. By using the App, you agree to the practices described in this policy.
Hermes is built on a simple principle: your personal data stays on your device wherever possible. When data must leave your device to power AI features, it is transmitted in anonymized summary form over encrypted connections and is never sold or shared with advertisers.
2. Information We Collect
2.1 Information You Provide Directly
- Your name — entered during onboarding, used to personalise your brief.
- Home and work addresses — used locally on your device to calculate commute times and auto-trigger briefs based on location; never transmitted to external servers.
- Preferences and settings — brief timing, interests, diet type, voice selection, language; stored locally on your device.
2.2 Health Data (HealthKit)
With your permission, Hermes reads the following from Apple HealthKit:
- Sleep duration
- Step count
- Resting heart rate
- Active calories burned
- Workout summaries (type, duration, calories)
Hermes does not write to HealthKit or access clinical health records. You can revoke this access at any time via iOS Settings → Privacy & Security → Health → Hermes.
2.3 Calendar and Reminders
With your permission, Hermes reads your calendar events and reminders to surface upcoming meetings and tasks in your brief. This data is processed on your device. Event titles and attendee counts may be sent to our AI processing service in anonymized form to generate meeting summaries.
2.4 Email (Gmail and Microsoft Outlook)
With your permission, Hermes connects to your Gmail or Outlook account via official OAuth2 APIs. We access:
- Email sender names and addresses
- Email subjects
- Email body previews (up to approximately 200 characters)
This data is used solely to surface relevant emails in your brief and to generate smart reply drafts. Email metadata is transmitted to our AI processing service for this purpose. Hermes never reads full email bodies, sends emails on your behalf, or stores email content beyond your active session.
2.5 Slack
With your permission, Hermes connects to your Slack workspace to surface relevant messages in your brief. We access message previews and sender names. Hermes never posts messages, reactions, or replies on your behalf without your explicit action.
2.6 Location
With your permission, Hermes uses your device’s location to:
- Automatically trigger your morning brief when you arrive at the office
- Automatically trigger your evening brief when you arrive home
- Provide accurate local weather data
Your precise location coordinates are processed entirely on your device and are never transmitted to any external server. Weather is fetched using only your general geographic region (city-level).
2.7 Voice and Microphone
With your permission, Hermes uses your microphone to listen for hands-free voice commands during brief playback (“continue,” “stop,” “read drafts”). Voice input is processed locally on your device using Apple’s on-device speech recognition. Audio is not recorded or stored.
2.8 Automatically Collected Information
- Device information — iOS version and device model, used solely for compatibility.
- App usage data — brief generation timestamps and feature usage patterns, stored locally on your device only.
- Subscription status — verified through Apple’s StoreKit 2 framework; we do not store payment information.
- Anonymous diagnostic data — see Section 2.10 below for what we collect, what we do not collect, and how to opt out.
2.9 Background Proactive Alerts
When Proactive Smart Alerts are enabled, Hermes periodically checks in the background for conditions that may require your attention:
- Imminent calendar events within 45 minutes
- Significant market movements of 1.5% or greater
- Severe weather events for your location
Alert summaries may appear on your lock screen and in Notification Center. Event titles displayed in notifications are limited to 40 characters.
2.10 Anonymous Diagnostic Data
Starting with version 1.6.0, Hermes collects a small amount of anonymous diagnostic data to help us understand how the app is used and to fix problems. This data is transmitted over HTTPS to a Cloudflare Worker that we operate at hermes-proxy.marcusmattier.workers.dev.
What we collect:
- Onboarding funnel events (which step you reached, which persona you chose)
- Brief engagement events (started, completed, paused, skipped a section, voice command used)
- Integration health events (which provider connected, and a numeric HTTP status code if a connection failed)
- Feature-use signals (assistant query asked, widget tapped — counts only, never content)
- A daily heartbeat indicating the app was opened that day
- An anonymous installation identifier (a randomly-generated UUID stored in your device’s Keychain). This identifier is not linked to your name, email, Apple ID, or any other identifier, and is wiped if you uninstall the app.
What we do NOT collect: We never send your name, email address, calendar event titles, message content, transcript text, health values, location coordinates, response bodies from any third-party API, or any other content from your day. Event properties are limited to short enumerated strings, booleans, and integers, and are filtered by a strict allow-list before transmission.
Legal basis (EU/UK users): We process this data on the basis of our legitimate interest (GDPR Article 6(1)(f)) in maintaining and improving the app. You may object to this processing at any time by disabling Diagnostics in Settings, which immediately stops collection and purges any locally buffered events.
California users (CCPA/CPRA): We do not sell or share this data. Cloudflare acts solely as a processor under our instructions and does not access the event content for its own purposes.
How to opt out: Open Settings inside Hermes and toggle off the Diagnostics → Share anonymous usage data switch. The change takes effect immediately.
2.11 Brief Interaction History (On-Device Only)
To avoid repeating information you’ve already handled, Hermes maintains a record of how you interact with your brief. This record includes:
- Which items have been read aloud to you and how many times.
- Which items you have marked as done, dismissed, or asked Hermes to remind you about later.
A short journal of your interactions with Hermes. This includes structured events (for example, “you asked Hermes to remind you about laundry at 6:30pm”) and, at the end of evening briefs, verbal responses to Hermes’s reflection prompt (“Anything you want me to remember from today?”). If you respond verbally to that prompt, your spoken response is transcribed on-device, encrypted with AES-GCM, and written to your local Hermes Memory. These reflection transcripts never leave your device EXCEPT when the Agentic Brief Composer (see Section 4.1) is enabled, in which case journal entries — including reflection transcripts — are sent to Anthropic Claude during brief generation as described in Section 4.1. Decline phrases (“no,” “nothing,” “skip,” “not really”) short-circuit before any transcript is written.
The journal also captures meal planning events (which weeks you planned, which meals you swapped or skipped) so the suggestion engine can avoid proposing the same meals in consecutive weeks. These entries are encrypted on your device and are NOT transmitted to Anthropic with the weekly suggestion prompt — only the meal names from the prior one to two weeks are sent (see Section 4.1, Weekly Meal Planning).
This history is stored only on your device, encrypted at rest, and is never sent to our servers, our analytics, or any third party. We cap storage at 500 recent item-state records and 1,000 journal entries, with the oldest entries removed first. Handled and dismissed items expire automatically after 7 days; journal entries expire after 90 days. You can clear this history by uninstalling the app or by disconnecting your linked accounts in Settings.
3. How We Use Your Information
| Data | Purpose |
|---|---|
| Name | Personalise brief greeting |
| Health data (anonymised summaries) | Generate AI habit insights and weekly recaps |
| Calendar events | Surface upcoming meetings; generate meeting summaries |
| Email metadata | Surface priority emails; generate smart reply drafts |
| Slack messages | Surface relevant communications in brief |
| Location (on-device only) | Auto-trigger briefs; local weather |
| Voice input (on-device only) | Hands-free brief control |
| Subscription status | Unlock premium features |
| Proactive alert checks | Surface time-sensitive reminders for meetings, market moves, and weather |
| Live Activity status | Display real-time brief status on lock screen and Dynamic Island |
| Proactive suggestions | Bring up looming reminders during your brief and suggest specific time blocks |
| Follow-through Live Activities | Show countdown to a committed time on lock screen and Dynamic Island |
| Check-in notifications | Send one reminder at the time you committed to handle a task |
4. AI Processing and Third-Party Services
Hermes uses the following third-party services to deliver its features:
4.1 Anthropic (Claude API)
AI-generated content in your brief — including health insights, habit coaching, email reply drafts, meal suggestions, weekly recaps, and the AI assistant — is powered by Anthropic’s Claude API. Data sent to Anthropic is transmitted via our encrypted proxy server and consists of anonymized summaries only (e.g., “average sleep: 7.2 hours,” “3 meetings today”). Raw personal data, full email bodies, and HealthKit records are never sent. Anthropic’s privacy policy is available at anthropic.com/privacy.
Proactive Suggestions (added in v1.7.7): Hermes also uses Claude to occasionally suggest specific time blocks for items you may have forgotten to act on — for example, a reminder that’s been on your list for several days. At the end of each brief, Hermes sends Claude a small context bundle containing: your first name, your remaining calendar events for the day, your typical meal window, your commute estimate as a number of minutes (not the addresses themselves), today’s weather summary, and short previews (up to 120 characters) of looming items. Claude returns at most one suggestion per brief, which Hermes then reads aloud using on-device speech synthesis. You can turn this off in Settings → Chief of Staff → Proactive Suggestions.
Agentic Brief Composition (added in v1.7.7): Beginning with build 135, Hermes uses Claude to compose brief narrative connectors — short conversational sentences that reference your cross-section state (for example, “you haven’t sent Sarah the deck yet”). To produce these, we transmit to Anthropic via our encrypted proxy: (a) the structured summary the brief is about to speak aloud, (b) up to seven days of journal entries from your local Hermes Memory, which may include reflection-prompt transcripts you provided verbally at the end of evening briefs, and (c) gate transparency counters showing how many times Hermes considered staying silent that day. Anthropic processes this content under its zero-retention API contract for the duration of the request only. We do not store these prompts on any Hermes server. You can disable this composer entirely by turning off “Proactive Suggestions” in Settings → Chief of Staff, or by clearing your Hermes Memory in Settings → Privacy & Security.
Weekly Meal Planning (added in v2.0): Beginning with the v2.0 release, Hermes uses Claude to suggest a week of meals and consolidate the resulting grocery list. To produce these, we transmit to Anthropic via our encrypted proxy: (a) your dietary preferences (e.g., omnivore, vegan, keto), (b) any allergens or dislikes you have entered, (c) your selected mood for the week (e.g., “quick weeknight meals,” “health-focused”), (d) the relative density of your calendar for each day of the week (counts only, never event titles), and (e) the names of meals you selected during the prior one to two weeks so the suggestion engine can avoid exact repeats. Anthropic processes this content under its zero-retention API contract for the duration of the request only. We do not store these prompts on any Hermes server. You can opt out by skipping the meal planning feature — it is opt-in from the Meals tab, never invoked automatically.
4.2 Murf AI (Text-to-Speech)
If you select a Murf voice for brief narration, the text of your brief is sent to Murf’s API to generate audio. The text contains the content of your brief (weather, news headlines, calendar summaries, etc.) but does not include raw health records or full email content. The brief content sent to Murf may include short previews of items from your connected accounts when those items are being read aloud — specifically: email subject lines and short body previews from Gmail and Outlook, and direct message previews and @-mention previews from Slack. Each preview is limited to approximately 80 characters. Hermes never sends full message bodies, attachments, or content from items you have not connected to your brief. Murf’s privacy policy is available at murf.ai/privacy-policy.
4.3 Apple HealthKit
Health data is accessed through Apple’s HealthKit framework, in accordance with Apple’s HealthKit guidelines. Apple’s privacy policy is available at apple.com/privacy.
4.4 Google (Gmail API)
Email data is accessed through Google’s official Gmail API via OAuth2. The scopes requested are https://www.googleapis.com/auth/gmail.readonly (read-only access to your Gmail messages and metadata) and https://www.googleapis.com/auth/userinfo.email (your Google account email address, used to label connected accounts and detect token problems). Google’s privacy policy is available at policies.google.com/privacy.
For uninterrupted service, Hermes periodically issues a lightweight authenticated request (typically every 7 days) to Google’s user profile endpoint to keep your connection alive. This request retrieves no message content and exists solely to prevent Google’s automatic revocation of long-idle authentication tokens. The request is performed in the background using iOS background app refresh and respects all standard iOS battery and data settings.
4.4.1 Google API Services User Data Policy — Limited Use
Hermes’ use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Use: Google user data is used solely to provide and improve the user-facing features that are prominent in the App’s requesting interface — namely, surfacing recent and unread Gmail messages in your daily brief and generating AI-suggested draft replies that you review before sending.
- Transfer: Google user data is not transferred to others except (a) as necessary to provide or improve those user-facing features, (b) to comply with applicable law, or (c) as part of a merger, acquisition, or sale of assets with your explicit consent.
- Advertising: Google user data is not used or transferred for serving advertisements, including retargeted, personalized, or interest-based advertising.
- Human access: No human reads your Google user data unless (i) we have your affirmative agreement for specific messages, (ii) doing so is necessary for security purposes (such as investigating abuse), (iii) it is required to comply with applicable law, or (iv) the data has been aggregated and anonymized and is used to improve the App in accordance with applicable privacy requirements.
To support these commitments, AI processing of Gmail content occurs through an automated, request-scoped call to the Anthropic Claude API via the proxy described in Section 4.1; the Anthropic API does not use data submitted through it to train its general models.
4.5 Microsoft (Outlook / Microsoft Graph API)
Outlook email and calendar data is accessed through Microsoft’s Graph API via OAuth2. Microsoft’s privacy policy is available at privacy.microsoft.com.
Hermes performs a periodic background request (typically every 7 days) to Microsoft Graph’s user profile endpoint to keep your authentication tokens active. This request retrieves no email or calendar content and is used only to prevent automatic disconnection due to inactivity.
4.6 Slack API
Slack message data is accessed through Slack’s official API via OAuth2. Slack’s privacy policy is available at slack.com/privacy-policy.
Hermes performs a periodic background request (typically every 7 days) to Slack’s authentication-test endpoint to verify your token remains valid. This request retrieves no message content and is used only to prevent automatic disconnection due to inactivity.
4.7 Open-Meteo (Weather)
Weather data is fetched from Open-Meteo using your approximate geographic region (city-level). No personally identifiable information is sent. Open-Meteo’s privacy policy is available at open-meteo.com.
4.8 CoinGecko (Market Data)
Cryptocurrency price data is fetched from CoinGecko’s public API. Only the requested ticker symbols are transmitted; no personally identifiable information is sent. CoinGecko’s privacy policy is available at coingecko.com/en/privacy.
4.9 Apple Foundation Models (iOS 26+)
On devices running iOS 26 or later, brief narrative synthesis may be performed using Apple’s on-device Foundation Models framework. This processing occurs entirely on your device and no data is transmitted to any external server. Apple’s privacy policy is available at apple.com/privacy.
5. Data Storage and Security
- On-device storage: Your preferences, calendar data, health flags, AI memory entries, and brief history are stored locally on your device in encrypted form.
- Keychain: OAuth tokens (Gmail, Outlook, Slack) and API keys are stored in the iOS Keychain with device-only protection and are never backed up to iCloud.
- No cloud database: Hermes does not operate its own cloud database. We do not store your personal data on our servers.
- Proxy server: AI requests are routed through our encrypted Cloudflare proxy server solely to protect our API credentials. This server does not log or store the content of your requests beyond the immediate processing window.
- Encryption in transit: All data transmitted between the App and external services is encrypted using HTTPS/TLS.
Live Activities: When enabled, Hermes uses iOS Live Activities to display two kinds of information on your lock screen and in the Dynamic Island:
- Brief status: a summary of your current brief — including your next event title, energy score, and a market ticker — shown while a brief is active.
- Follow-through countdowns (added in v1.7.7): when you accept a Hermes suggestion to handle a task at a specific time (“yes, remind me at 6:30”), a countdown timer is displayed until that time arrives, along with the task’s preview text and Done, Snooze, and Push-to-tomorrow action buttons.
Live Activity content is drawn from data already held locally on your device and is never transmitted to any external server. The visibility of Live Activity content on your lock screen inherits your iOS “Show Previews” notification setting — if you have previews set to “When Unlocked” or “Never,” Live Activity content is hidden until you unlock your phone.
6. Data Retention
- On-device data is retained until you delete the App or use the “Delete All Hermes Data” option in Settings.
- Brief interaction history (which items you’ve handled, dismissed, or deferred) and the local Hermes journal expire automatically: handled and dismissed items are removed after 7 days; journal entries are removed after 90 days. Storage is also capped at 500 item-state records and 1,000 journal entries, with the oldest entries evicted first.
- OAuth tokens are cleared when you disconnect an integration in Settings or use the data deletion option.
- AI processing requests are not retained by our proxy server beyond the immediate API call.
- Anthropic and Murf process your data according to their own retention policies. Neither is authorised to use your data for training AI models under their standard API agreements.
7. Children’s Privacy
Hermes: AI Daily Brief is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the App, please get in touch with us, and we will take steps to address it.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
All users:
- Delete all locally stored data at any time via Settings → Privacy & Security → Delete All Hermes Data.
- Revoke any data permission (Health, Calendar, Location, Microphone) at any time via iOS Settings.
- Disconnect any third-party integration (Gmail, Outlook, Slack) at any time via the Settings tab.
- Turn off Hermes’s proactive suggestions (anticipation moments, follow-through Live Activities, and check-in notifications) at any time via Settings → Chief of Staff → Proactive Suggestions.
California residents (CCPA):
- Right to know what personal information is collected and how it is used.
- Right to delete personal information.
- Right to opt out of the sale of personal information — Hermes does not sell personal information.
- Right to non-discrimination for exercising your privacy rights.
European Economic Area residents (GDPR):
- Right of access to your personal data.
- Right to rectification of inaccurate data.
- Right to erasure (“right to be forgotten”).
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing.
- Right to lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at the email address in Section 11.
9. Third-Party Links and Services
Your brief may contain links to external news articles and websites. Hermes is not responsible for the privacy practices of those external sites. We recommend reviewing the privacy policy of any external site you visit.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The effective date at the top of this page will be updated accordingly. We will notify you of material changes via an in-app notice. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Marcus Mattier
Email: supporthermesherald@gmail.com
Hermes: AI Daily Brief is an independent product and is not affiliated with, endorsed by, or sponsored by Apple Inc., Google LLC, Microsoft Corporation, Slack Technologies, Anthropic PBC, or Murf Inc.