Workout Logging
Track exercises, sets, reps, and weight. See your full history and volume over time.
Track your fitness.
Keep it private.
Your PIN encrypts everything on-device before it touches a server. We store ciphertext. Only you hold the key.
Your data leaves your device encrypted.
Not even we can read it.
Private Fitness Tracking App
Every feature built around one rule: your data belongs to you, unreadable by anyone else.
Nutrition Logging
Log calories and macros across meals. Daily totals. Progress bars against your goals.
Dashboard
Calorie ring, macro bars, today's workout. One screen that tells you where you stand.
Custom Goals
Set calorie, protein, carb, and fat targets. The app adapts progress tracking to match.
Export Anytime
Download all your data as plain JSON. Import it on another device. No lock-in.
Works Offline
Full functionality with no connection. Syncs encrypted data when you're back online.
How the Encryption Works
Three steps. Your PIN never moves. Your data never arrives in plaintext.
Set Your PIN
Your PIN derives an AES-256 key on-device via PBKDF2-SHA256. The key stays in memory. The PIN is never stored or sent.
Log Workouts & Meals
Every entry is encrypted locally before it's uploaded. The server receives ciphertext — nothing it can read or use.
Only You Can Open It
To read your data, you enter your PIN. The key is derived again. The ciphertext is decrypted — on your device, not ours.
Why Hercule Is Different from Other Fitness Apps
Most fitness apps are free because you're the product. Hercule is free because the architecture doesn't require selling anything.
| What happens to your data | Most fitness apps | Hercule |
|---|---|---|
| Data storage | Plaintext on their servers | Encrypted before it leaves your device |
| Who can read your data | The company, data brokers, advertisers | Only you — with your PIN |
| Behavioral tracking | In-app analytics, session recording | None. Zero tracking code. |
| Data selling | Common in free-tier apps | Impossible — we can't read it |
| Sign-in method | Email, social login, phone number — all linked to your data | Google Sign-In for auth only. Your data stays encrypted — we can't link it to you. |
| Ads | Targeted based on health data | No ads, ever |
Hercule is a fitness app that doesn't sell your data — because it structurally cannot.
Technical Details
Encrypted Fitness App
"Encrypted" gets thrown around. Here's exactly what Hercule does.
- Data is encrypted with AES-256-GCM before leaving your device
- Your PIN derives the key via PBKDF2-SHA256, 310,000 iterations
- The server stores ciphertext only — no plaintext, ever
- Decryption happens on your device, not on our servers
- In-memory key only — cleared when you lock or close the app
- No analytics SDK, no tracking pixel, no third-party scripts
Zero-Knowledge Architecture
We built the system so that even a full server breach exposes nothing readable. Ciphertext without your PIN is useless noise.
AES-256-GCM
PBKDF2-SHA256
310k iterations
Zero-knowledge
In-memory key
No third-party scripts
Fitness Tracking That Doesn't Harvest Your Data
Your health data is uniquely sensitive. It should be uniquely protected.
No Ads. By Design.
There's no ad network, no tracking layer, and no data pipeline to monetize. The architecture doesn't permit it.
You Hold the Only Key
Your PIN generates your encryption key locally. Hercule never sees the key, the PIN, or the plaintext. Mathematically.
Sign In, Stay Private
You sign in with Google. That's where our access ends. Your health data is encrypted before it reaches us — we never see what you're tracking.
Frequently Asked Questions
Straight answers. No marketing.
A private fitness tracking app is one where your health data can't be read, sold, or accessed by anyone but you. Most apps say "private" but store your data as plaintext on their servers. Hercule encrypts on your device first — the server only ever sees ciphertext.
Most free fitness apps fund themselves through advertising or data licensing. Hercule can't sell your data because it can't read your data. The encryption key never leaves your device, so there's nothing to hand over, legally or technically.
Yes. Encryption: AES-256-GCM. Key derivation: PBKDF2-SHA256, 310,000 iterations. The key lives in memory only while the app is unlocked, derived fresh from your PIN each session. The server stores encrypted blobs it cannot decrypt.
You enter your PIN. Your device runs PBKDF2 to derive an AES-256 key. That key encrypts your data locally. The ciphertext is then synced to the server. When you open the app again, the same process runs in reverse — decryption happens on your device, not ours.
There is no recovery. The PIN never leaves your device, so we have nothing to verify or reset it against. Without the PIN, the encrypted data cannot be decrypted — by anyone. Keep it somewhere safe.
No. The server stores encrypted bytes. Without your PIN-derived key, those bytes are unreadable. This isn't a policy — it's a technical constraint. We built the system so that access is impossible, not just prohibited.
Yes. Hercule is local-first. All logging and tracking works offline. Encrypted data syncs to the server when you reconnect. You're never blocked from using the app by a network condition.
Yes. No premium tier, no in-app purchases, no ads. Hercule exists because fitness apps shouldn't require handing over your health data as the price of admission.
Your fitness data. Private by default.
Sign in with Google. No data harvesting. Encrypted before it leaves your device. Start in 30 seconds.
Open Hercule — Free →