End-to-end secure data storage, processing, and sharing framework with zero trust to storage/exchange infrastructure.

Hermes is AGPL-licensed. Special business-friendly licensing is also available.

Crafted with your platform in mind


End-to-end security.


Easy integration library and infrastructure.


Works with any storage scheme.

Hermes provides:

Crypto-based management of rights
  1. 1 Client-centric trust
  2. 2 Compatibility with any storage model
  3. 3 State/callback integration

End-to-end data security

Hermes is built for applications where the client side is the only trusted entity. Client applications are responsible for data encryption and access control through using Hermes engine, while the server-side knows nothing about the nature of data.

Data model-agnostic

Hermes imposes no limitations on data structure/database choice. Hermes fits anything you use – lists of files, rows in a database, structured documents, etc. Adding new storage types can be as easy as adding 10 lines of code.

Cryptographically bulletproof

Unlike typical ACL and role management schemes, the access control in Hermes relies completely on cryptography, where trust is bound to client’s keys. As long as the keys are safe – the system is safe..

Security cornerstone

With a solid security foundation on the data layer, building other security controls gets easier, the risk model becomes precise, and the overall security cost goes down considerably.

Favourable use


Secure the data in GPL-friendly open-source software designed to provide greater privacy for the users.

The GPL version of Hermes comes free of charge for GPL-friendly projects.

If you’re building something that’s exciting and is helping the world to become a better place – let us know, we’re avid supporters of open-source and might get in touch to help you with your project.


Share FHIR and other medical records safely and distribute granular access to personnel in a secure way. Cut HIPAA costs by pushing many security controls to the encryption layer.


Store and process customer payment data securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.


Protect commercially sensitive data and enforce access control, integrate with existing PKI and IAM stack, enforce group policies and efficient key/storage management – all the while keeping the data end-to-end encrypted.

B2C: Customer apps
B2C: Customer apps

Instill greater trust in your product by implementing end-to-end encryption of customer data. It’s not only E2EE messengers that deserve the right to use user trust as competitive advantage. Implement it in your products or infrastructure, hassle-free.

Build with Hermes

Cryptographic access control engine

Deploy Hermes to build cryptographic access control in your application: regulate read and write access through a cryptographic scheme resistant to privilege escalation.

Secure distributed collaboration and data sharing enabler

Hermes is a cryptography-based method of providing protected data storage and sharing that allows the enforcement of cryptographically-checked permissions between any number of Hermes clients.

Multi-user object store

Build end-to-end secure document/object stores where every document or field’s access rights can be granted to any registered user of the system, transparently, and with low overhead.

Security layer for complex data exchange

Collaborating securely when a document is one blob of data is straightforward, but a modern object/document is actually a large tree-like structure. Hermes was designed precisely for today’s applications.

Get started with Hermes

See Hermes documentation for more info and how-tos

Available for:

Swift Android linux Web Php Python Nodejs Golang Ruby Java C++