Vitora

On-Device vs Cloud Health Apps: Where Does Your Data Go?

Updated · 6 min read

Health apps handle some of the most sensitive data you generate — sleep, heart rate, weight, cycle, workouts. Almost all of them call themselves "private." Very few explain what that means. This guide separates on-device processing from cloud processing, shows the three ways apps quietly move your data off your phone, and gives you concrete questions to ask before trusting any of them.

What "on-device" really means

On-device (or on-phone) processing means the app computes its scores and insights on your iPhone, and the raw health data never leaves it. There is no account holding your metrics on a server, and no copy of your HRV or weight sitting in someone else's database.

Cloud processing means your data is uploaded to the company's servers, where the analysis runs. That can enable features like cross-device sync, but it also means a third party now holds your health record — subject to their security, their business model, and their data-retention policy.

The distinction matters because uploaded data can be breached, subpoenaed, sold, or used to train models. Data that never leaves your phone can't be any of those things.

The three ways health apps leak your data

1. Account sync. If you have to create an account, your metrics almost certainly live on a server. That's the design — sync requires a copy in the cloud.

2. Analytics and ad SDKs. Many apps embed third-party trackers that send usage data (and sometimes more) to advertising and analytics networks. This happens even when the app's core feature runs locally.

3. "AI insight" backends. Features branded as AI often ship your data to a server to be processed. The convenience is real, but so is the data transfer — and it's rarely spelled out.

Questions to ask any health app

Do I have to create an account to use it? (An account usually implies cloud storage of your data.)

Does it work with the network off? (If core scores still compute in airplane mode, they're running on-device.)

What exactly is sent, and when? A trustworthy app names its outbound calls instead of hiding behind "we value your privacy."

Is any data used to train models or shared with advertisers? The answer should be an unambiguous no, in writing.

How HealthKit — and Vitora — are built

Apple's HealthKit stores your health data in an encrypted store on the device and only shares it with apps you explicitly grant access to, per data type. It's a solid privacy foundation, but an app can still read from HealthKit and then upload that data anywhere — so HealthKit access alone is not a privacy guarantee.

Vitora is built to the stricter standard: all scoring runs on your iPhone, there is no account, and your health data is never sent to a server. The only outbound calls are optional AI features — text food descriptions (processed on-device when your iPhone supports Apple Intelligence, otherwise sent to Google Gemini) and photo analysis (always via Gemini, using your own API key, with no user ID and no health context attached). Everything else stays on your phone by default.

FAQ

Can health apps sell my data?

Many can and some do, depending on their privacy policy — especially free apps that upload data to their own servers and embed advertising SDKs. The safest protection is an app that processes data on-device and has no server copy to sell. Always check whether an account is required and read what the policy permits.

Is Apple Health data private?

Data in Apple Health / HealthKit is encrypted on your device and only shared with apps you explicitly authorize, type by type. But once you grant an app access, that app can upload the data elsewhere — so HealthKit access alone doesn't guarantee privacy. What the individual app does with the data is what matters.

How do I know an app processes data on-device?

Two quick tests: check whether it requires an account (on-device apps usually don't), and see whether its core features still work in airplane mode (if scores compute offline, they run locally). Beyond that, look for an app that explicitly names any outbound network calls instead of only saying it "respects your privacy."

Keep reading