I built a habit tracker where the server has no idea what you’re tracking.
Every habit app I looked at stores your data in plaintext on their servers. Your daily check-ins, your goals, your mood journal, your streaks — sitting in a database, readable by anyone with access. That felt wrong to me.
So I built Metamorphic: a habit and self-improvement tracker where all your data is encrypted in your browser before it ever reaches the server. The server only stores opaque blobs of ciphertext. Not even your email address is stored in plaintext.
Why encrypt a habit tracker?
Think about what a habit tracker actually contains. It’s not just “drink more water” and a checkbox. Over time, it becomes a detailed map of what you’re trying to change about yourself — your struggles, your patterns, the things you fail at repeatedly. That’s more intimate than most of what you’d share on social media.
The idea came from watching my partner, who has a background in psychology and behavior science. She’s always thinking about how to break old habits and build better ones. It clicked: if your habits, goals, and self-reflections are this personal, they should be private to only you. And you shouldn’t have to worry about whether they are.
The backstory
I run Moss Piglet, a bootstrapped public benefit company. Our other product, MOSSLET, is a privacy-first social platform built with Elixir. When I was becoming a new dad, I’d just finished reading The Age of Surveillance Capitalism by Shoshana Zuboff — and I wanted a better digital world for my daughter. When Meta rolled back end-to-end encryption on its messaging, I was pushed to implement real E2EE in MOSSLET.
Metamorphic takes that work further. Instead of encrypting just messages, the entire application is zero-knowledge. The server can’t read your habits, your goals, your reflections, your schedule, your group data — none of it. If our database were fully breached tomorrow, an attacker would get nothing useful.
What Metamorphic actually does
It’s a complete self-improvement platform, not just a checkbox app:
- Habit tracking — Daily and weekly check-ins, streaks, drag-and-drop reordering, categories
- Self-reflections — A journal with mood tracking and daily prompts
- Goal setting — Milestones, progress bars, and the ability to link goals to habits so check-ins automatically advance your progress
- Schedule and calendar — Recurring events, a day planner, and printable views for people who like paper
- Family and group accountability — Shared habits, shared goals, a group dashboard, and member spotlights
- Progress insights — Activity heatmaps and completion stats
- Data export — JSON and CSV, decrypted entirely in your browser. The server never sees the plaintext, even during export
One thing I feel strongly about: encryption is not a premium feature. Every tier — including the free one — gets full end-to-end encryption. Paid tiers unlock convenience features like unlimited habits, reminders, data export, and groups. But privacy is not something you should have to pay extra for.
How the privacy works (without the jargon)
When you create a habit, type a journal entry, or set a goal, your browser encrypts that data before sending it to the server. The server stores it, but has no way to read it. When you load the page later, the server sends the encrypted blobs back, and your browser decrypts them using keys that only exist on your device.
Your password is never stored or transmitted in a usable form. Instead, it’s used to derive a cryptographic key locally, and that derived key unlocks everything else. If you lose your password and haven’t set up a recovery key, your data is gone — by design. That’s the real trade-off of zero-knowledge, and it’s the correct one.
For the more technically inclined:
- Client-side encryption uses libsodium (XSalsa20-Poly1305)
- Key distribution uses a hybrid post-quantum scheme: ML-KEM-768 combined with X25519 — the same approach Signal and Apple iMessage have adopted to protect against future quantum computers
- Three independent encryption layers at rest : client-side E2E, AES-256-GCM in Postgres, and LUKS disk encryption on the hosting infrastructure
- Zero-knowledge email : no plaintext email column in the database. Only a one-way hash for lookups and an encrypted blob
- A detailed architecture writeup is at metamorphic.app/encryption
The interesting tension
Metamorphic is built with Phoenix LiveView, a framework where the server renders the page. But in a zero-knowledge system, the server can’t render the content — it doesn’t know what it says. The result is a choreography: the server sends the page structure with placeholder skeletons, and JavaScript hooks decrypt and fill in the real content on arrival.
It works. The skeletons flash in briefly, then the real data appears. UX-wise, it’s not dramatically different from any app with a loading state. Architecturally, it’s a very different beast — 15+ JavaScript hooks managing the encrypt/decrypt lifecycle across habits, goals, reflections, events, groups, and export.
The real trade-offs
I won’t pretend zero-knowledge doesn’t have costs:
- No server-side search. If you want to filter habits by name or search your reflections, that happens client-side after decryption. Fine at our current scale.
- If you lose your password and your recovery key, your data is unrecoverable. This is a real UX concern. The recovery key flow mitigates it, but the fundamental constraint is by design.
- Testing is harder. You can’t assert on decrypted content in server-side tests because decryption only happens in JavaScript. Tests verify DOM structure and that encrypted fields are stored correctly — the decrypt-and-display pipeline is the gap.
These are trade-offs I’m willing to make. Your habit data being unreadable to everyone except you — including me — is worth it.
Try it
I’m not very good at habit tracking myself, which is partly why I built this. I’ve been using Metamorphic to get back into yoga, meditation, and running. So far, so good.
Check it out at metamorphic.app.
Top comments (0)