GitHub

Last updated: May 23, 2026

Hermēs (referred to herein as "we," "our," or "us") respects and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access hermesgex.com, our terminal app, APIs, Discord channels, and related services (collectively, the "Service").

This policy applies together with our Terms of Service and Disclaimer. By using the Service you consent to this policy.

1. Information We Collect

1.1 Information You Provide

Account data — email, password hash, display name, preferred language/timezone, avatar.
Authentication data — OAuth identifiers returned by Google or GitHub when you sign in via those providers.
Payment & subscription data — processed by Stripe; we retain only transaction metadata (plan, status, Stripe Customer ID) and never store full card numbers or CVV.
Activation codes — records of codes you redeem or that are issued to you.
User content — trade journals, alert templates, custom parameters, and notes you create in the terminal.
Support & community communications — emails, contact-form submissions, Discord direct messages you send us.

1.2 Information Collected Automatically

Device & log data — IP address, browser type, OS, device fingerprint, timestamps, referrer, error stack traces.
Usage data — pages visited, click events, API call records and frequency, feature-usage patterns.
Cookies & local storage — for session persistence, theme/timezone memory, A/B experiments, and analytics (see Section 6).
MT5 / MotiveWave / Bookmap integration metadata — when you opt into these third-party integrations we collect only the minimal binding identifiers (account ID, broker, server name); we do not read your live positions or order content unless you explicitly enable a corresponding module.

1.3 Information from Third Parties

Market data partners — aggregated options exposure and Greek data (not personal).
Stripe — payment status, refund events, dispute status.
OAuth providers (Google, GitHub) — email, username, avatar URL, unique ID.
Analytics providers (Plausible, Vercel Analytics, etc.) — aggregate-level visit metrics.

2. How We Use Information

We use the above information to:

Provide and maintain the Service — account creation, login, subscription auth, code redemption, API rate limits.
Deliver core features — HuntingFlow real-time refreshes, key-level computation, Discord push delivery.
Process payments — through Stripe for transactions, reconciliations, and refunds.
Provide customer support — answer your questions, investigate abuse reports, resolve disputes.
Improve the Service — monitor errors, performance, and UX. We do not use your private trade journals to train any public model.
Security & compliance — fraud detection, abuse prevention, compliance audits, legal obligations.
Marketing communications — send product updates or offers if you have subscribed to our newsletter. You can unsubscribe at any time.

3. Third-Party Processors

For specific operational tasks Hermēs may engage third-party processors (e.g., automated content classification, narrative review of pushed materials). When such processing applies:

We send processors the minimum input necessary to complete the task (e.g., a current GEX summary, market regime label).
We do not transmit personally identifiable information such as your email, name, or payment data to those processors.
Processors handle inputs and outputs under their own privacy and retention policies. Where the processor offers that option, we have requested via API contracts that they not use your inputs to train their models.

4. Disclosure of Information

We disclose your information only in the following situations:

Service providers (data processors) — cloud hosting (Vercel/Cloudflare/AWS), databases (Postgres/Redis), email (Resend), analytics (Plausible), AI models (OpenAI/Anthropic/Google), payments (Stripe). Each is bound by a data processing agreement (DPA).
Legal requirements — to comply with subpoenas, court orders, or lawful government/regulatory requests; to protect the rights, property, or safety of us or others.
Business transfers — if Hermēs undergoes a merger, acquisition, or asset sale, your information may be transferred as part of the business assets; we will notify you by email or in-app notice before the change.
Your consent — any other disclosure with your explicit consent.

We do not sell or rent your personal information for marketing purposes.

5. Data Retention

Account data — retained for the lifetime of your account; once deleted, reversible data is wiped within a reasonable period (typically 30 days).
Payment records — retained for at least 7 years to comply with U.S. tax and accounting laws.
Server logs — typically retained 30—90 days for debugging and security analytics.
Backups — may persist longer in encrypted offline backups, accessed only when needed for operational recovery.

6. Cookies & Similar Technologies

We use the following cookie categories:

Necessary cookies — session persistence, CSRF protection, login state.
Preference cookies — theme (dark/light), language, timezone, layout choices.
Analytics cookies — aggregate visit statistics and performance monitoring (no personal identification).

You can disable cookies in your browser at any time, but some features (such as login sessions) will not work properly.

7. Data Security

We apply industry-standard safeguards to protect your information, including:

HTTPS/TLS encryption end-to-end;
Argon2/bcrypt one-way hashing of passwords;
Database encryption at rest;
Least-privilege access and tiered key management;
Periodic penetration testing and vulnerability scanning.

However, no system is absolutely secure. We will notify you and the relevant authorities of a material data breach as required by applicable law.

8. Your Rights

Depending on your jurisdiction (including the GDPR and California's CCPA/CPRA), you may have the right to:

Access — obtain a copy of the information we hold about you;
Rectify — request correction of inaccurate or incomplete information;
Erase — the "right to be forgotten" — ask us to delete your account and personal information;
Restrict processing — pause certain processing activities;
Data portability — receive your data in a structured, machine-readable format;
Object — to processing based on our legitimate interests;
Withdraw consent — without affecting the lawfulness of processing prior to withdrawal.

To exercise these rights contact us at admin@hermesgex.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under 13 (or a higher age where applicable law requires). We do not knowingly collect information from children under 13. If we discover such collection we will delete it immediately.

10. International Data Transfers

Hermēs operates primarily from the United States. If you access the Service from the EU, UK, or other jurisdictions, your information will be transferred to U.S. servers and the locations of the service providers identified above. We rely on Standard Contractual Clauses (SCCs) and similar mechanisms to ensure lawful cross-border transfers.

11. California Resident Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

Know — what categories of personal information we collected about you in the last 12 months;
Delete — request deletion of your personal information;
Opt out of sale/sharing — "Do Not Sell or Share My Personal Information." We do not sell your personal information.
Non-discrimination — you will not receive discriminatory service for exercising these rights.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 30 days in advance. The updated Policy takes effect upon posting.

13. Contact Us

For questions, complaints, or to exercise your rights, contact us via /contact or admin@hermesgex.com.

Data Controller:

Entity: Hermēs Trading, LLC
Email: admin@hermesgex.com