Zero knowledge.
By design.
Your data. Your gains. No exceptions.
Most fitness apps store your personal data in plaintext on their servers. We took a different path. reppd uses a zero-knowledge architecture — your sensitive data is encrypted on your device before it ever reaches us. We store only encrypted blobs. We physically cannot read your data, and neither can anyone else.
See it in action.
Type something personal — watch it become unreadable.
What we encrypt
All sensitive personal data is encrypted on your device. Our servers only store encrypted blobs — opaque data we cannot read.
Personal Profile
- ✓ Name
- ✓ Date of birth
- ✓ Gender
- ✓ Height
- ✓ Body weight
Body Measurements
- ✓ Weight
- ✓ Chest
- ✓ Waist
- ✓ Hip
- ✓ Biceps
- ✓ Thigh
- ✓ Calf
- ✓ Notes
KEK/DEK Architecture
Your password derives a Key Encryption Key (KEK) that wraps your personal Data Encryption Key (DEK). The DEK encrypts your data. Only the wrapped key is stored on our servers — never the password, never the plaintext key. Key versioning allows for rotation without re-encrypting your entire history.
How it works
Encryption
- 1 You enter sensitive data (name, measurements, etc.)
- 2 Your app derives encryption keys from your password
- 3 Data is encrypted locally using your personal DEK
- 4 Only the encrypted blob is sent to our server
- 5 Plaintext never leaves your device
Decryption
- 1 Your app fetches the encrypted blob from the server
- 2 The wrapped DEK is retrieved and unwrapped using your password-derived KEK
- 3 Data is decrypted locally on your device
- 4 Decrypted data is used in the app, never stored in plaintext remotely
Data deletion
When you delete your account, all data is permanently removed via cascading delete — workouts, measurements, settings, encryption keys. No soft-deletes, no 30-day retention. Gone means gone.
If you lose your password,
even we cannot recover your data.