Effective date: 2026-06-29 · Last updated: 2026-06-29
This Privacy Policy explains how the iOS app "The Abyss" (the "App") handles your data. The App is
published by Vladimir Adamovic ("we", "us"). Contact:
hey@vlado.me.
The short version: the App does not collect, store, transmit, or sell your personal data to us
or to any third party. Everything you type, say, or share in the App flows between your device
and the self-hosted "Hermes" backend that you yourself configure and control. We are not in the
middle.
If you only read one section, read Section 2.
1. What the App is
The Abyss is a remote-control client for Hermes, an open-source AI agent that you run on hardware you own
(your computer, your VPS, your home server). The App does not include any hosted AI service. It is a
user interface for the backend you point it at.
This means the privacy guarantees of your data depend on the backend you connect to, not
on the App. We have no visibility into, and no control over, your backend.
2. Data the App does NOT collect
We do not collect, receive, or have access to any of the following:
- - Your name, email, phone number, or any contact information.
- - Your messages, prompts, or chat content.
- - Your voice recordings or transcriptions.
- - Your photos or attached images.
- - Your IP address, device location, or network identifiers.
- - Your usage patterns, taps, screen views, session durations, or any analytics.
- - Crash logs or diagnostics.
- - Advertising identifiers.
- - Any unique identifier tied to your Apple ID.
We do not use third-party SDKs of any kind. The App does not contain analytics, tracking, advertising,
A/B testing, remote logging, or crash reporting services.
3. Data the App stores on your device
The following data is created and stored locally on your iPhone or iPad. It never leaves the device
except when you explicitly send a message to your backend.
| Data | Storage | Purpose |
| Backend connection profiles (server name, URL, optional username) |
iOS UserDefaults |
Lets the App remember which backends you've added. |
| Backend credentials (tokens, passwords) |
iOS Keychain |
Authenticates you to your backend. Protected by the device passcode and, when you reveal
them, Face ID / Touch ID. |
| Session history (chat messages, timestamps, tool calls) |
SwiftData (local SQLite) |
Lets you scroll past conversations offline. |
| Image attachments |
In-memory only, while composing |
Sent to your backend when you press send. Not written to disk. |
| Voice recordings |
Processed on-device by Apple's Speech framework |
Used only for live transcription. The audio itself is not retained. |
You can wipe all of this at any time by removing a backend (Backends → Remove) or by uninstalling
the App.
4. Data that flows over the network
When you use the App, network traffic happens only between:
- - Your device, and
- - The Hermes backend(s) you have configured.
We do not operate any servers. We do not have a backend. The App does not phone home.
You decide what your backend does with the data you send it. Read your backend's privacy policy (or write
one, if you're the one running it). If your backend is on your home network or your Tailscale tailnet,
the data does not leave your network.
5. Permissions the App requests
The App asks for a few iOS permissions. Each is used only for the stated purpose and only while you are
using the relevant feature.
| Permission | Why | When |
| Local Network | To reach your Hermes backend on your LAN or Tailscale tailnet. | On first connection attempt. |
| Camera | To scan a pairing QR code shown by another configured device. | When you tap "Scan QR" during onboarding. |
| Microphone | To capture your voice for the in-app voice mode. | Only when you open Voice mode and tap to speak. |
| Speech Recognition | To transcribe your voice into text on-device using Apple's Speech framework. | During voice mode. |
| Photo Library | To attach an image to a message. | Only when you tap the attachment button. |
| Face ID / Touch ID | To gate revealing backend credentials (e.g. when sharing a pairing QR). | Only on actions that reveal a secret. |
| Notifications (if enabled) | To alert you when a scheduled agent task delivers a result. | Off by default. |
We never send the contents of camera, microphone, or photo library to ourselves. They go only to the
backend you have explicitly configured, and only when you take an action that initiates a send.
6. Third parties
The App contains no third-party SDKs. We do not share data with anyone, because the App does not have
data to share.
If you choose to connect the App to a third-party Hermes backend (for example, a hosted instance run by
someone other than yourself), your data is subject to that party's privacy policy, not ours.
7. Children
The App is not directed at children under 13. We do not knowingly collect any data from children. Because
we do not collect data at all, this is structurally guaranteed — but if you are a parent or
guardian and you believe your child is using the App, you can uninstall it at any time. There is nothing
for us to delete.
8. Your rights (GDPR, CCPA, and similar)
Because we do not collect, store, or process your personal data, requests to access, correct, delete, or
port your data have nothing to act on at our end. Such requests should be directed at the operator of
the Hermes backend you have connected to (which may be yourself).
For data stored locally on your device, you can:
- - Access it: directly through the App's UI.
- - Delete it: by removing the backend in Settings → Backends, or by
uninstalling the App.
9. Security
- - Credentials are stored in the iOS Keychain, the system's secure encrypted store.
- - Network connections to your backend use whatever transport your backend exposes. The App supports
HTTPS and pairing-by-QR for credential transfer.
- - The App permits insecure HTTP connections only when explicitly configured by the user (e.g.
development backends on a local network). This is a deliberate trade-off for the self-hosting
audience the App serves.
- - We do not have access to your credentials. If you forget them, your backend operator can reset
them; we cannot.
10. International users
You can use the App from anywhere iOS is supported. Because we do not collect any data, no cross-border
data transfer occurs at our end. The flow between your device and your backend may cross borders
depending on where your backend is hosted — that is governed by your backend, not by the App.
11. Changes to this Policy
If we change this policy in any way that affects how the App handles data, we will update the "Last
updated" date at the top of this document and post the new version at the URL where you found this one.
Because we do not collect contact information, we cannot email you about the change. We recommend
checking back when the App receives a major update.
Material changes (anything that broadens what the App collects, stores, or shares) will also be summarised
in the App Store release notes for that version.
12. Contact
Questions, concerns, or requests about this policy:
- - Email: hey@vlado.me
- - Subject line suggestion: "The Abyss — Privacy"
We aim to respond within 7 business days.
Summary
| Question | Answer |
| Does the App collect my data? | No. |
| Does the App share my data with third parties? | No. |
| Does the App contain analytics or trackers? | No. |
| Does the App have ads? | No. |
| Where does my chat content go? | To the Hermes backend you configured. Not to us. |
| Where are my credentials stored? | iOS Keychain, on your device. |
| Can I delete everything? | Yes — remove backends in-app, or uninstall. |
| Who do I contact? | hey@vlado.me |