We've built UpgradeYourself with a zero-knowledge architecture. Your sensitive health information is encrypted with keys only you control.
Your encryption passphrase never leaves your device. We don't store it, we can't recover it, and we certainly can't read your data without it. This isn't just a promise—it's mathematically impossible.
All sensitive data is encrypted in your browser before it ever reaches our servers. We only store encrypted blobs—gibberish without your passphrase. Even if our servers were compromised, your data remains unreadable.
We don't sell your data. We don't share it with advertisers. We don't mine it for insights. Our business model is simple: you pay for the service, not with your privacy.
Your encrypted data is stored on Cloudflare's D1 database with global edge distribution. This means blazing fast access from anywhere, with enterprise-grade security infrastructure protecting the encrypted data at rest.
A simplified explanation of the cryptography protecting your health data
During onboarding, you create a strong passphrase. This is used to derive a cryptographic key using PBKDF2 or Argon2id—industry-standard key derivation functions that make brute-force attacks computationally infeasible.
When you enter health data—blood test results, supplement logs, peptide protocols—it's encrypted in your browser using AES-256-GCM, the same encryption standard used by governments and banks. The encrypted data is then sent to our servers.
Our servers only ever see encrypted data. Without your passphrase, it's indistinguishable from random noise. We couldn't read your blood test results even if a court ordered us to—we simply don't have the key.
When you log in, encrypted data is fetched from our servers and decrypted locally in your browser. Your passphrase is never transmitted—only you can unlock your data vault.
Some minimal data is stored unencrypted for basic app functionality. This does not include any health or medical information.
Unfortunately, we cannot recover your data if you forget your passphrase. This is by design—if we could recover it, so could attackers. We recommend using a password manager to store your passphrase securely.
We can only provide encrypted data blobs in response to legal requests. Without your passphrase, this data is meaningless. We literally cannot decrypt your health information—it's mathematically impossible without your key.
Most health apps store your data in plaintext on their servers. They can read it, analyse it, and potentially sell it. With end-to-end encryption, your data is encrypted before it leaves your device—we never see the unencrypted version.
Yes! You can export all your data at any time in standard formats. Since your data is decrypted locally, you have full control over it. We believe your health data belongs to you.
Join thousands of biohackers who trust UpgradeYourself with their most sensitive health information.
Get Started FreeEnd-to-end encryption included on all plans