MangoTart keeps the agent runtime and working state on hardware you own, but it is not an offline or zero-access appliance. A useful agent must communicate with model providers, messaging platforms, websites, tools, update services, and—in some cases—MangoTart support and encrypted backup storage.
This guide explains the practical boundary. The Privacy Policy and complete data-flow page provide the formal and system-level detail.
What lives on the device
The following normally live on MangoTart:
- Hermes configuration, memories, skills, and chat state;
- model-provider and messaging credentials;
- API keys for configured tools and skills;
- schedules and agent settings;
- the browser profile, including signed-in website sessions; and
- the local encryption key for optional cloud disaster backup.
Routine agent conversations are not copied to the MangoTart website just to run the agent. Local storage does not stop the agent from sending relevant information to the outside service needed for a task.
What leaves the device
| Destination | Typical data sent | Who controls its policy |
|---|---|---|
| Model provider | Prompt, relevant conversation/memory context, tool results, and content needed to answer | The provider you chose |
| Messaging platform | Messages, attachments, account/bot identifiers, and delivery metadata | Telegram, Discord, WeChat, or the selected platform |
| Websites | Browser requests, forms, uploads, cookies, and actions performed in signed-in sessions | Each website |
| MCP/API/tool service | The arguments and data required for the selected tool call | The tool operator |
| MangoTart services | Account/device binding, serial/hostname, local IP, heartbeat, software versions, update/support traffic | MangoTart |
| Backup storage | An encrypted backup file and object metadata, only if cloud backup is enabled | MangoTart and its storage provider |
The agent can combine context from several sources. Before connecting a sensitive account, consider what the model and tools may need to see to complete your instruction.
Authorized remote support access
Provisioned devices are designed to join a MangoTart-operated private support network. Authorized support operators can connect through Tailscale SSH with administrative mango/root operating-system access. This path can expose unencrypted local content, including conversations, memory, provider credentials, the browser profile, and the local cloud-backup key.
The current product UI does not require the owner to approve each support connection. Access is controlled through MangoTart support identities and network ACLs. This is why MangoTart says the runtime is on hardware you own, but does not claim that the manufacturer is technically unable to access a live provisioned device.
Cloud encryption and live-device access are separate boundaries
Cloud backups are encrypted before upload, so storage does not receive the password. Administrative access to the live device can still expose the locally stored backup key and unencrypted runtime state.
Local management protection
During onboarding you set a six-digit management PIN. It is used to protect sensitive local actions, such as changing credentials, network settings, command-approval policy, updates, SSH keys, backups, and other agent capabilities. The dashboard can also be locked so other people on the LAN cannot casually open it.
Some ownership-level operations require more than the local PIN. Resetting a forgotten PIN and factory-resetting the device use a fresh pairing code generated from the owner's MangoTart account.
Choose a PIN that is not reused elsewhere. Anyone who can use your unlocked local browser may inherit its temporary elevated session.
Command approval
The System page offers three policies for terminal commands:
- Smart approval (recommended) — low-risk work can proceed; risky or uncertain commands ask first.
- Strict confirmation — every command Hermes classifies as high-risk needs approval. Safer, but tasks pause more often.
- Approval off — high-risk commands can run without this check. Use only in a fully trusted and isolated environment.
Approval is a guardrail, not a guarantee. Websites, documents, messages, and tool results can contain misleading or malicious instructions. Review requests in context and do not approve a command merely because the agent says it is necessary.
Browser and connected-account risk
The built-in browser can hold signed-in sessions for websites you authorize. This lets the agent act without asking you to log in every time, but it also gives the runtime the permissions of those sessions.
- Start with low-risk accounts and minimum permissions.
- Use separate service accounts where practical.
- Do not give the agent payment, admin, or publishing authority unless the workflow truly requires it.
- Sign out or revoke access when a connection is no longer needed.
- Browser sessions are not included in Hermes backups; you must sign in again after migration or recovery.
One shared trust boundary
MangoTart does not isolate memory, credentials, or tools per family/team member. Separate chat groups may create separate conversation sessions, but they still connect to the same underlying agent and device state.
Use a separate MangoTart when people require independent private agents. Do not connect a shared device to an account one participant must not access or influence.
Backups and exports
A manual export contains sensitive data in a portable archive, including memories, settings, chat history, and credentials. It is not encrypted by MangoTart automatically. Store it like a password and delete copies you no longer need.
Optional cloud disaster backups are encrypted on the device. MangoTart does not store or return the password, so losing it makes the backup unrecoverable. Read Backup, restore, and migration before enabling it.
Removing data or transferring ownership
- Delete or replace individual provider/tool credentials from their dedicated pages.
- Sign out of websites in the browser when practical.
- Export anything you want to preserve.
- Factory reset removes local user state and returns the device to onboarding.
- Unbinding removes the device from your MangoTart account and permanently deletes its cloud backups.
For a sale, return, or transfer, perform both the local reset and account unbinding only after saving the backups you need.
Safer default setup
- Keep the dashboard lock and management PIN enabled.
- Leave command approval on Smart or Strict.
- Connect only the accounts needed for the first workflow.
- Set budgets and security controls with the model/tool providers.
- Enable encrypted disaster backup and save its password separately.
- Review schedules, skills, MCP servers, and API keys periodically.
- Contact hello@mangot.art if you need clarity about support access or a security issue.