PRIVACY POLICY

Your data stays yours.

Last updated: June 2, 2026

0. The short version

Hellomens runs on your hardware. Your data, your knowledge graph, and your agent logs default to local storage. Nothing leaves your namespace unless you flip a switch. We do not sell data, we do not profile you, and we collect nothing by default.

1. Data residency

All compute defaults to local. Agent execution, indexing, embeddings, and memory persistence run on the device where Hellomens is installed. There is no implicit cloud tier.

  • Default state. One hundred percent of operational data is written to local storage under your user namespace. We never receive a copy.
  • No silent egress. The OS does not phone home, sync in the background, or upload state for "improvement" purposes.
  • Remote is explicit. Data only leaves your device when you bind a remote engine for a specific request. Hellomens surfaces that binding before execution, and the data sent is scoped to that single call.

2. Telemetry

Telemetry is strictly opt-in. The installer ships with all diagnostic and usage reporting disabled. Until you explicitly enable it, we receive zero events, zero metrics, and zero crash reports.

  • Off by default. No analytics SDK runs, and no event queue is populated, unless you turn it on.
  • Scoped when on. If enabled, telemetry covers anonymous performance counters and crash traces only. It never includes prompt content, file contents, or memory graph data.
  • Revocable. Disabling telemetry halts collection immediately and purges any locally queued events that have not yet been sent.

3. Bounded memory

Context graphs never leave the local namespace. Every agent operates inside a declared boundary, and the memory it builds stays inside that boundary.

  • Namespace isolation. Each context graph is keyed to your local namespace. It is not replicated, mirrored, or indexed off-device.
  • No cross-context bleed. Bounded contexts cannot read each other's memory unless you explicitly link them. Autonomy is bounded by design, not by policy alone.
  • You hold the keys. Memory lives in storage you control. Deleting a context graph locally deletes it everywhere it ever existed.

4. Remote engines

When you opt into a hosted model API, the minimum payload required to fulfil that request is transmitted to the provider under their terms. Hellomens does not add hidden context to that payload. Disabling remote engines returns the system to fully local operation.

5. Local logs

Every agent invocation is logged locally so you can audit what ran, when, and against which model. These logs are stored on your device, are never transmitted to us, and can be rotated or wiped at any time from within the OS.

6. Third parties

We do not sell, rent, or share your data. The only third parties that can ever receive data are remote model providers you explicitly bind, and only for the duration of the request you authorised.

7. Your control

Because data resides on your hardware, access, export, and deletion are local operations you perform directly. There is no account database for us to query on your behalf and no support ticket required to erase your own state.

8. Changes to this policy

We may update this policy as the local compute model evolves. Material changes will be announced in-product and dated at the top of this page. Continued use after an update constitutes acceptance.

9. Contact

Questions about how Hellomens handles data? Reach the team.