Privacy Policy

This policy covers users of the Hermes Sync browser extensions (Chrome, Firefox, and other Chromium-based browsers) and the web application at hermesync.me.

The data we collect depends on which sync mode you use.

Cloud sync mode

• Account information: the email address you sign in with, a display name if provided, and a unique user identifier issued by Firebase Authentication.
• Bookmark data: the URLs, titles, folder paths, and organizational metadata of the bookmarks you choose to sync, plus modification timestamps.
• Reading list: URLs, titles, folders, and read/unread state for items you save.
• Device data: a locally generated device identifier, the browser type (Chrome / Firefox / etc.), and the time of last sync. This is used to prevent sync loops and show you a list of devices connected to your account.
• Subscription data: your Stripe customer ID, subscription status, and trial / renewal dates. Card numbers and billing addresses are processed and stored by Stripe and never touch our servers.

Local file sync mode

In local file sync mode, your bookmarks are written to a file of your choosing (for example, inside a Dropbox or iCloud Drive folder). That file never touches our servers. We do not collect any of your bookmark data in this mode. You still need a Hermes Sync account to receive extension updates, but no account sign-in is required for local file sync to function.

What we do not collect

• The contents of the web pages you visit.
• Your browsing history outside of what you explicitly bookmark or save.
• Analytics or usage telemetry from the extension.
• Advertising identifiers or tracking cookies.

• To provide the sync service across your devices.
• To authenticate you and keep you signed in.
• To process subscription payments and manage your plan.
• To contact you about critical service issues, subscription events, or security notices. We do not send marketing email unless you opt in.

We use the following third-party processors. They only receive the data necessary for their specific function.

• Google / Firebase Authentication — verifies your identity (email + password or Google Sign-In) and issues the ID tokens our servers validate. See Firebase's privacy notice.
• Stripe — processes subscription payments. See Stripe's privacy policy.
• Infrastructure providers — our API and database are hosted on servers we operate (via Coolify). We do not share data with analytics, advertising, or data-broker platforms.

We do not sell, rent, or license your data to anyone. Ever.

Bookmark, reading list, account, and device data in cloud sync mode is stored in a PostgreSQL database we operate. Authentication state is managed by Firebase Authentication (Google Cloud). Payment data is held by Stripe. We take reasonable technical and organizational measures to protect this data, including encryption of all network traffic (HTTPS) and scoped per-user access.

• Active account data: retained while your account is active.
• Deleted bookmarks: soft-deleted for 30 days (to support undo and cross-device conflict resolution), then purged.
• Closed accounts: when you delete your account, your bookmarks, reading list, profiles, and device list are removed within 30 days. Stripe may retain payment records for as long as required by tax and accounting law.

Depending on where you live (particularly if you are in the European Economic Area, the United Kingdom, or California), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (“right to be forgotten”).
• Export your data in a portable format.
• Object to or restrict certain processing.
• Lodge a complaint with your local data protection authority.

You can exercise most of these rights directly from your account settings, or by emailing us at privacy@mausv.com. We will respond within 30 days.

Hermes Sync is not directed at children under 13 (or under 16 in the EEA), and we do not knowingly collect data from them. If you believe a child has provided us with personal data, email us and we will delete it.

When we make material changes, we will update the “Last updated” date at the top of this page and, for significant changes, notify you by email.

Questions, data requests, or complaints: privacy@mausv.com.