Privacy isn't a feature — it's the foundation

Jun 6, 2026 · 2 min read

Most health apps ask you to trust them with some of the most sensitive data you have — what you eat, your glucose, your weight, how you feel — and then quietly send it to their servers. Bodyproof is built the other way around. Your data never leaves your phone, because there’s nowhere for it to go.

On-device, encrypted at rest

Everything you log lives in the app’s private storage on your device. The database — meals, macros, glucose, well-being and other readings — is encrypted with SQLCipher (AES-256). The encryption key is generated on your device and protected by the Android Keystore, so it never leaves your phone. Even with the file in hand, the data isn’t readable without your device.

No account, no cloud, no trackers

The only thing that can ever leave the device is optional, off-by-default crash reporting — and only if you turn it on.

Backups you control

You can export everything — data and photos — to a single file, kept wherever you choose. That backup is encrypted with a passphrase you set, so it’s safe to store and portable to a new phone. Without the passphrase, no one (including us) can open it.

Why it matters

Privacy isn’t a checkbox we added at the end. It’s the reason the architecture looks the way it does: local-first, encrypted, accountless. The honest version of “we take your privacy seriously” is not collecting your data in the first place.

That’s the foundation Bodyproof is built on.

← All posts