Your health data stays on your machine.

More Life is built on a simple principle: your biometric data is yours. Here's exactly what we access, where it lives, and what leaves your device.

Data access

What More Life reads from WHOOP

During setup, you authorize More Life to access your WHOOP data via OAuth 2.0. The following data is fetched:

  • Recovery scores (daily percentage and qualitative state)
  • Heart rate variability (HRV in milliseconds)
  • Sleep data (duration, efficiency, stages, disturbances)
  • Strain scores (daily strain, workout strain)
  • Resting heart rate
  • Respiratory rate

Strava integration (optional) reads training load and activity data. No data from either source is forwarded to any third party.

Local storage

Where your data lives

All health data is stored locally on your machine in your home directory:

~/.more-life/
  data/          # Health events, baselines, patterns
  profile/       # Your personal findings
  experiments/   # N=1 experiment data
  memory/        # Daily logs and context

WHOOP API tokens are stored in your system keychain (macOS Keychain / Linux Secret Service), not in plain text files. They are never logged, never written to disk outside the keychain, and never transmitted anywhere except directly to the WHOOP API.

Premium computation

What leaves your device (and what doesn't)

Free features run entirely locally. Nothing is ever sent anywhere.

Premium features (pattern discovery, experiments, research) use server-side computation for statistical analysis. Here's exactly what is sent:

What IS sent

  • Anonymous numeric arrays (e.g., [72, 65, 59, 54])
  • Statistical parameters (means, standard deviations)
  • Experiment design metadata (duration, phases)

What is NEVER sent

  • Your name, email, or any identifier
  • Dates or timestamps
  • WHOOP credentials or tokens
  • Calendar data or location
  • Intervention names or descriptions
  • Any text that could identify you

The server receives a sequence of numbers. It has no way to know who you are, when the data was collected, or what it represents beyond a statistical computation request.

No tracking

What we don't do

  • No analytics or tracking on the CLI tool
  • No telemetry, crash reporting, or usage data
  • No third-party data sharing
  • No user accounts or authentication (license keys are verified, not accounts)
  • No advertising, ever

Questions about data handling? Open an issue or email support@morelife.dev.