Appearance
Privacy & offline data
Running Hermes locally is a privacy choice. Here is what stays on your machine and what to watch for.
What stays local
| Data | Location |
|---|---|
| Conversations | ~/.hermes/sessions/ |
| Memory | ~/.hermes/memory/ |
| Skills | ~/.hermes/skills/ |
| Config | ~/.hermes/config.yaml |
| Model inference | Ollama on localhost |
Hermes does not collect telemetry or usage analytics. API calls go only to the LLM provider you configure. With Ollama, that's localhost.
What can leave your machine
| Feature | Data leaves? |
|---|---|
| Ollama (local) | No |
| Telegram/Discord gateway | Messages via platform servers |
| Web search/browse tools | Queries go to web |
| Cloud fallback provider | Prompts go to API |
| Nous Portal tools | Via Portal subscription |
For complete offline, disable web tools and cloud fallbacks. Use CLI only (no messaging gateway).
My privacy setup
yaml
model:
provider: custom
base_url: http://localhost:11434/v1
agent:
disabled_toolsets:
- web
- browser
- image_gen
approvals:
mode: manualNo cloud provider configured. No gateway (or Telegram only when I choose to enable it).
Handling sensitive files
- Hermes with shell access can read anything your user can read.
- Don't run as root.
- Use the Docker
terminal.backendfor untrusted tasks. - Review memory periodically; it may store sensitive facts from past sessions.
Backing up (stays local)
To move everything to another machine without any cloud service:
bash
hermes backup # zips all of ~/.hermes/ to your home dir
hermes import ~/hermes-backup-<ts>.zip # restore on the new machineFor a single profile, use hermes profile export <name> / hermes profile import <file> (credentials stripped, safe to share).
Air-gapped checklist
- [ ] Ollama running locally, no outbound model API
- [ ] Web toolsets disabled
- [ ] No cloud fallback configured
- [ ] No messaging gateway (CLI only)
- [ ] No MCP servers with external access
This gives you an agent that never sends data off the machine.