MangoTart data flow

What Stays Local on Your Agent Computer

MangoTart keeps the agent runtime and its working state on hardware you own. But an agent that calls a model, sends messages, browses websites, checks for updates, and optionally backs up is not an offline system. Here is the boundary without the hand-waving.

Data paths reviewed against the product implementation on July 13, 2026.

The short version

Local Ownership, Connected Workflows

MangoTart gives the agent a clear home. It does not pretend every service the agent uses becomes local.

Hermes configuration, memory, skills, chat state, provider credentials, messaging credentials, browser profile, and service diagnostics are stored on MangoTart. They are not routinely copied to MangoTart's website just to run the agent.

Relevant data leaves when a workflow needs an outside service: the model provider you chose, a messaging platform, a website the browser visits, or an MCP/API integration. Separately, the device contacts MangoTart services for heartbeat, versions, updates, support, and optional encrypted backup. Each connection keeps its own policies and security boundary.

“Private” here means a locally owned runtime with explicit external connections. It does not mean fully offline, anonymous, or inaccessible to every service you choose to connect.

The map

Where Each Kind of Data Goes

Start from the device in the center, then follow only the connections a task actually uses.

On MangoTart

Hermes configuration, memory, skills, chat state, provider and messaging credentials, browser profile, and local service diagnostics.

Stored on hardware you own and used by the local runtime.

Your model provider

Prompts, selected context, tool results, or files needed for a model request; model responses return to Hermes.

The provider's pricing, retention, and data terms apply.

Messaging platforms

Messages, attachments, identifiers, and channel metadata sent through a Telegram, Discord, email, or other connected channel.

The platform processes that traffic under its own policies.

Websites and tools

Normal browser requests, account sessions, form content, files, and tool inputs that a workflow deliberately submits.

A website sees the interaction much as it would from a browser you control.

MangoTart services

Account and order data, device binding, heartbeat status, software versions, support/update traffic, and optional encrypted backup files.

Routine Hermes prompts are not part of the normal website data path.

Local does not mean offline

Every Connection Has Its Own Boundary

Local ownership makes the home of state and credentials clearer. It cannot erase the policies of a service you actively use.

Model requests

When Hermes asks a cloud model to reason over a task, the prompt and context required for that request go to the selected provider.

Messages

A message sent through Telegram, Discord, email, or another channel is processed by that platform and may be retained there.

Browser work

A signed-in website receives the requests, content, files, and actions that the workflow performs in that browser session.

External tools

MCP servers and APIs receive the inputs necessary for the tool call. Review each tool's operator and permissions before connecting it.

Bring your own provider

Provider Credentials Are Configured on the Device

MangoTart does not run a shared model account or token pool.

OAuth tokens, API keys, and custom endpoint details are written locally for Hermes. The MangoTart website does not need a copy and does not bill for model usage.

Those credentials are still powerful secrets. Protect the provider account, use the least privilege available, and revoke a credential if you suspect exposure. Manual, unencrypted Hermes export archives can contain credentials and chat state, so handle them like a password.

Provisioned devices are designed to join a MangoTart-operated private support network. Authorized support operators can use Tailscale SSH with administrative mango/root access, which can expose unencrypted local content—including Hermes state, conversations, credentials, the browser profile, and the local backup key. The current product does not require per-session owner approval in the UI for this path.

Optional disaster backup

Encryption Happens Before Upload

Cloud disaster backup is opt-in. Its purpose is recovery after a device is lost or damaged, not routine operation of the agent.

  1. 1

    Prepare Hermes state

    MangoTart creates the supported Hermes backup archive on the device.

  2. 2

    Encrypt locally

    The device encrypts the archive with the backup password before it leaves MangoTart.

  3. 3

    Store ciphertext

    Object storage receives the encrypted file plus operational metadata such as object name, size, and retention information.

  4. 4

    Restore with your password

    Recovery needs the encrypted file and the password you kept. The service does not store or return that password.

Lose the password and the encrypted backup cannot be recovered. Browser profiles and website logins are not part of the Hermes archive, so sites need to be signed in again after a restore.

Account and device service

What the MangoTart Website Knows

The product still needs a small service layer for sales, device ownership, software maintenance, and support.

Account and order

Sign-in email, optional waitlist answers, order and fulfilment details, and the account-device relationship. Stripe processes full card details.

Device identity

Hardware serial, short code, hostname, device binding, and provisioning credentials used to identify the computer and its owner.

Heartbeat and versions

Local-network IP, last-seen time, MangoTart software version, and Hermes version are reported for discovery, health, updates, and support.

Website analytics

When production analytics is configured, page views and limited interaction events are processed by Vercel Analytics and Mixpanel; session replay and captured text content are disabled.

Sales chat

Messages you submit to the website sales assistant are sent to OpenRouter and its selected downstream model (currently DeepSeek) to generate a reply. Do not include passwords, API keys, or private data.

Provisioned devices are designed to join a MangoTart-operated private support network. Authorized support operators can connect over Tailscale SSH with administrative mango/root access to all device ports. That access can expose unencrypted Hermes state, conversations, credentials, the browser profile, and the backup key. The current implementation is controlled by MangoTart's support identity and network ACL; it does not require a per-session approval from the owner in the product UI. This is why we do not claim the manufacturer is technically unable to access the device.

Read the legal Privacy Policy

Practical controls

A Privacy Checklist You Can Actually Use

Most risk comes from connected accounts and permissions, not from whether the computer sits on your desk.

Choose the provider deliberately

Use a model provider whose data handling, retention, region, and account security fit the work.

Use least-privilege accounts

Give the agent only the browser profile, mailbox, tool, and API permissions that a workflow truly needs.

Review before scheduling

Test a workflow interactively and inspect its results before allowing it to run unattended on a schedule.

Protect recovery material

Keep the cloud-backup password somewhere separate and secure, and treat every manual export archive as a secret.

Direct Answers About Local and Private

No absolute slogans—only the boundaries that matter when an agent connects to outside services.

A Private Agent Starts With Clear Boundaries

Own the runtime, choose the services it connects to, keep permissions narrow, and make recovery part of the design.

See MangoTart