Privacy Notice
How Hermes Platform processes account data and accepted agent content during beta.
Effective 10 July 2026 · Policy 2026-07-10.v1 · Draft pending counsel review
Controller
The proposed controller is Links Academy EOOD / Линкс Академи ЕООД, UIC 208651214, registered at България, област Добрич, община Генерал Тошево, с. Чернооково 9532, ул. Шеста № 8, Bulgaria. Privacy requests: privacy@links.academy.
Who may use the service
The service is for users aged 18 or older. Signup records the Terms version, Privacy Notice version, age confirmation and acceptance timestamp.
Data and purposes
We process account identity, legal acceptance evidence, configuration, encrypted credentials, masked connection metadata, accepted conversations, memory, workspace files, beta-access state and content-free audit/security events to provide, secure, support and comply with obligations for the managed agent service.
Tenant content
Accepted content is used only to provide, secure and support the service. It is not sold, used for advertising or used to train platform-owned models. Human access is denied by default and requires an authorized, time-limited and audited support or incident procedure.
Automated checks
Supported messages and attachments may be checked for narrow prohibited categories, malware, active content, resource limits and prompt injection. This is automated processing, not routine human reading or general profiling, and no detector guarantees perfect identification.
Recipients and transfers
Hetzner hosts the service in Nuremberg, Germany. Accepted content may be sent to the messaging, model and integration providers selected by the user. Those providers may process data outside the EEA; each supported configuration requires an applicable transfer safeguard and provider review.
Retention
Ended sessions and runtime/cron output target 30 days, active sessions rotate after 90 days, quarantine normally deletes immediately and no later than 24 hours, security events target 180 days, and backups no more than 30 days. Targets are binding only where the corresponding implementation is verified.
Your rights
Depending on applicable law, you may request access, correction, deletion, restriction, objection or portability and complain to the Bulgarian Commission for Personal Data Protection or another competent authority. Send requests to privacy@links.academy.
Security and changes
We use tenant isolation, encrypted platform secrets, bounded quarantine, mandatory guard health checks and incident procedures. Material Notice changes receive a new version and notice where required. DPO, lawful-basis and transfer decisions remain pending counsel approval.