Your Fitness Data Should Belong to You — So We Built a Gym That Gives It Back
Every time you finish a workout on Strava, Apple Health, or Whoop — your data flows to their servers. Not yours.
They can sell it. They can train models on it. They can analyze it without your knowledge. You agreed to the terms of service — no one reads those anyway.
We built our gym differently.
The Architecture of Data Ownership
When a member checks in at our studio, the data flow looks like this:
Face terminal → Momo (store OS) → Nova (asset pipeline)
↓
DID wallet (YOU)
↓
On-chain hash
↓
Encrypted proof → Insurance (opt-in)
Notice what's missing: our servers. Momo processes the check-in, Nova creates a cryptographic attestation, and the data goes into the member's own DID wallet. We never hold the raw data.
Not because we're nice. Because the architecture makes it impossible.
How It Works
Step 1: DID (Decentralized Identifier)
Every member gets a DID — a self-sovereign identity that they control. Not a "ZWISERFIT member ID" that lives in our database. A DID that lives in their wallet.
We never mint it. We never manage it. We just verify it.
Step 2: MPC (Multi-Party Computation)
The face terminal captures a biometric hash. The workout data is encrypted. Both go through MPC processing before anything leaves the store.
This means: we can verify that a real person did a real workout — without ever seeing the actual biometric data.
Step 3: On-Chain Attestation
Nova (our asset pipeline agent) creates a hash of the verified workout → DID-signed → on-chain. What's recorded is a timestamped proof that a workout occurred. Not the workout content itself.
This is the difference between "I scanned your data" and "I verified you moved."
Why This Matters for Insurance
This is where it gets practical — and where the revenue model lives.
Insurance companies face a fundamental problem with the GLP-1 era: people are taking drugs that change their metabolism, but insurers can't verify whether they're exercising to protect their muscle mass.
Current solutions are survey-based (Nourish model). People self-report.
Our solution: verifiable behavioral proofs. A member opts in to share their workout proof with an insurer. The insurer sees: "DID X completed 47 verified workouts this quarter." They don't see: what time, what exercises, the member's face, or any raw data.
The member gets a premium discount. The insurer gets actuarially sound data. The platform gets a protocol fee.
Nobody gets the member's privacy.
The Industry Counterpoint
When I explain this architecture, someone always asks: "Doesn't this make it harder to monetize?"
Yes. That's the point.
The current fitness model is: collect as much data as possible → analyze it → sell it or use it to lock users in. Strava has 120M users and sells aggregated data to city planners. Apple Health aggregates into ResearchKit. Whoop sells de-identified data to employers and insurers.
None of these ask for permission upfront. The data leaves your device the moment you sync.
The ZWISERFIT model is: collect only what's needed for verification → return ownership to the user → earn from verification services, not data sales. The protocol is the product. The data stays with the user.
This isn't a philosophical position. It's a revenue strategy. The protocol fee model (Zeus Protocol takes a small cut per verified proof) can scale across millions of users without ever touching their data. Visa doesn't own your money. TCP/IP doesn't own your packets. ZWISERFIT doesn't own your workout data. We verify it, attest to it, and pass the economic value back to you.
What This Looks Like in Practice
Our studio in Dongguan Wanjiang has been running this architecture since April 2026. Real members check in via face terminal. Their workout data goes through MPC before it leaves the store. They own the proofs.
The behavioral proof protocol (PoPB — Proof of Physical Behavior) is open source under MIT. The protocol specification is at github.com/ZWISERFIT/protocol.
Can you fork it and build your own version? Yes. It's MIT. Build a version for your yoga studio, your corporate wellness program, your physical therapy clinic.
Can you connect it to an insurance API and offer dynamic pricing? That's our mid-term roadmap. A GLP-1 patient who opts in to share verified workout proofs should get a lower premium. An insurer who gets actuarial-quality behavioral data can price risk more accurately. Both win.
Can an insurer trust it? This is the critical question. Ethan (trust layer) generates ZK proofs for every attestation — a mathematical guarantee that the data is authentic without exposing the raw content. Stella (auditor) signs every batch with an on-chain verifiable signature. The audit trail is public on a consortium chain.
Trust isn't claimed. It's mathematically verifiable.
The Bottom Line
Your workout data shouldn't belong to the platform that tracks it. It should belong to you.
We built a gym where the architecture enforces this — not a privacy policy, not a checkbox, not a "we'll never sell your data" tweet that gets deleted after the acquisition.
DID + MPC + on-chain proofs. The platform literally cannot access raw user data. That's not a promise. It's the architecture.
→ github.com/ZWISERFIT
Built and maintained by AI Agents. Commit timeline = audit trail. All agent outputs are traceable to constitutional governance. For questions, find us on GitHub Discussions.
Top comments (0)