1. Scope of This Policy
This Privacy Policy applies exclusively to the website hrmes.info (the "Site") operated by Very Good Engineering LLC, doing business as Hermes Data Infrastructure ("Hermes," "we," "us," or "our").
This Privacy Policy does NOT cover proxy-routed traffic. Hermes operates a wholesale residential and mobile proxy node service for upstream business partners. Traffic that transits Hermes's proxy infrastructure is subject to the Master Services Agreement ("MSA") between Hermes and the relevant upstream partner. Data handling and privacy notice obligations to end users whose traffic transits Hermes nodes are the responsibility of the upstream partner under that MSA. If you are an end user seeking information about how your data is handled by a proxy or VPN service, contact the service provider from which you purchased access.
This policy covers only what happens when you visit the pages of hrmes.info.
2. Information We Collect on This Website
Hermes's website is a static informational site. We do not operate any user registration, login, checkout, contact form, chat widget, or interactive application.
When you visit hrmes.info, the web server (nginx) automatically records a standard access log entry for each HTTP request. Each log entry contains the following fields (nginx "combined" log format):
| Field | Example | Description |
|---|---|---|
| Client IP address | 203.0.113.42 | The IP address of the requesting browser or device |
| Timestamp | 26/Apr/2026:14:30:00 +0000 | Date and time of the request |
| Request line | GET /legal/dmca.html HTTP/1.1 | HTTP method, path, and protocol version |
| HTTP status code | 200 | Response status returned by the server |
| Response size (bytes) | 4821 | Size of the response body in bytes |
| Referrer | https://example.com/ | URL of the page that linked to this request (if provided by the browser) |
| User agent | Mozilla/5.0 … | Browser and operating system identifier string |
This data is recorded automatically as a function of how HTTP servers operate. It is not submitted by you voluntarily; it is a technical byproduct of your browser making a request to our server.
3. Information We Do Not Collect
We do not collect or process the following on this website:
- Cookies — No cookies are set by this site (first-party or third-party).
- Analytics — No analytics service (Google Analytics, Plausible, Cloudflare Web Analytics, or any other) is active on this site.
- Forms and submitted data — There are no contact forms, signup forms, or any other data submission mechanism on this site.
- JavaScript — This site contains no JavaScript. No client-side tracking, fingerprinting, or session management occurs.
- Payment information — No payments are processed through this website.
- Account or authentication data — There are no user accounts on this site.
4. How We Use Website Log Data
Server access logs are used solely for the following purposes:
- Security and abuse detection — Identifying unauthorized access attempts, scanning, DDoS activity, or other malicious behavior directed at this server.
- Operational integrity — Diagnosing server errors, confirming that pages are being delivered correctly, and monitoring server health.
- Legal process compliance — Responding to lawfully issued subpoenas, court orders, or law enforcement requests.
We do not use website log data for marketing, profiling, advertising, or any commercial purpose beyond the operational purposes described above.
5. Lawful Basis for Processing
To the extent that data protection laws such as the EU General Data Protection Regulation (GDPR) apply to visitors who access this site from the European Economic Area, we rely on legitimate interests (Article 6(1)(f) GDPR) as our lawful basis for processing the server log data described above. Those legitimate interests are: maintaining the security and operational integrity of this website, and complying with legal obligations.
We do not claim full GDPR compliance and have not designated a Data Protection Officer. If you are accessing this site from within the EU or EEA and have concerns about how your data is handled, please contact us at legal@hrmes.info.
For California residents: We do not "sell" personal information as that term is defined under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). We do not knowingly share personal information with third parties for cross-context behavioral advertising. We do not claim full CCPA/CPRA compliance; however, you may contact us at legal@hrmes.info to inquire about or request deletion of any personal information we may hold relating to your website visit.
6. Data Retention
Server access logs are retained for 90 days from the date of collection. After 90 days, logs are rotated and permanently deleted from both primary storage and any backup copies.
During the 90-day retention period, logs are backed up to Cloudflare R2 object storage (operated by Cloudflare, Inc., acting as a data processor on our behalf). Backup copies are subject to the same 90-day deletion schedule as primary logs. Cloudflare's privacy practices are described at cloudflare.com/privacypolicy.
DMCA correspondence and related records are retained for a minimum of three years to support safe harbor compliance documentation, as described in our DMCA policy.
7. Data Sharing and Recipients
We do not sell, rent, or trade your personal information.
Website log data may be disclosed to:
- Cloudflare, Inc. — as a data processor for offsite backup storage of server logs (Cloudflare R2), under a data processing arrangement.
- Law enforcement and legal process — where we are required by a lawfully issued subpoena, court order, or other legal process to disclose information.
- Security incident response — to the extent necessary to investigate, contain, or report a security incident affecting this server, we may share log data with security professionals or authorities.
Beyond the above, website log data is not shared with any third party.
8. Your Rights and How to Exercise Them
You may contact us at legal@hrmes.info to:
- Request information about what personal data (if any) we hold relating to your website visit.
- Request deletion of personal data we hold relating to your website visit.
We will make reasonable efforts to respond within 30 days of receiving a verifiable request. Because our logs contain only technical request metadata (IP address, timestamp, request path) and are retained for only 90 days, the practical scope of any access or deletion request is limited accordingly.
We do not formally claim GDPR or CCPA compliance. Exercises of rights under those frameworks are accepted and processed as a good-faith matter; we make no representation that our processing meets all formal requirements of those laws.
9. Children
This website is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at legal@hrmes.info and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. The current version of this policy is always available at hrmes.info/legal/privacy-policy.html. Continued use of the Site after a policy update constitutes acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by the laws of the State of Florida, without regard to its conflict of law principles. Any disputes arising under this policy shall be resolved in the state or federal courts located in Brevard County, Florida.
12. Contact
For privacy-related inquiries: