Skip to main content

Data Handling

Understanding how your health data moves through the system.

Data Flow

┌──────────────┐      ┌──────────────┐      ┌──────────────┐
│    WHOOP     │      │   Wellpipe   │      │     You      │
│   (Source)   │ ───▶ │   (Bridge)   │ ───▶ │ (AI Client)  │
└──────────────┘      └──────────────┘      └──────────────┘
     Your               Fetches &            Receives
     data               forwards             insights

Step by Step

  1. You ask a question → "How did I sleep last night?"
  2. AI calls Wellpipe → MCP tool or REST API request
  3. Wellpipe authenticates → Verifies your API key
  4. Wellpipe calls WHOOP → Fetches your sleep data
  5. WHOOP returns data → Your raw health data
  6. Wellpipe forwards response → Data sent to AI
  7. AI analyzes and responds → You get insights

What's Not Stored

At no point does Wellpipe store:

  • Sleep sessions
  • Recovery scores
  • Workout data
  • HRV readings
  • Any health metrics

Data passes through and is immediately returned.

What Is Stored

OAuth Tokens

DataEncryptionPurpose
Access tokenAES-256-GCMAPI authentication
Refresh tokenAES-256-GCMToken renewal
Expiry timestampUnencryptedRefresh scheduling
Provider user IDUnencryptedAccount linking

Account Data

DataPurpose
EmailAccount identification
NameDisplay
API key hashAuthentication
Subscription tierRate limiting

Usage Logs

DataPurpose
TimestampRate limiting
Request typeAnalytics
ProviderUsage breakdown
Success/failureDebugging

Usage logs do NOT contain health data.

Token Encryption

Algorithm: AES-256-GCM

Plaintext token → AES-256-GCM → Encrypted token

              256-bit key + IV

AES-256-GCM provides:

  • 256-bit encryption strength
  • Authentication (prevents tampering)
  • Unique IV per encryption

Key Management

  • Encryption keys stored in environment variables
  • Keys never logged or exposed
  • Keys rotated periodically
  • Separate from encrypted data

Data Retention

Tokens

  • Retained while account is active
  • Deleted on account deletion
  • Deleted on provider disconnection

Usage Logs

  • Retained for 90 days
  • Used for rate limiting and analytics
  • Anonymized after retention period

No Health Data Retention

Health data is never retained—it's fetched on-demand and returned immediately.

Third-Party Services

Services We Use

ServicePurposeData Access
VercelHostingRequest logs (no health data)
Neon/PostgresDatabaseEncrypted tokens only
NextAuthAuthenticationOAuth sessions

Services We Don't Use

  • No analytics tracking pixels
  • No advertising networks
  • No data brokers
  • No AI training services

Self-Hosting Option

For maximum control, self-host Wellpipe:

  • Run on your own infrastructure
  • Tokens stored locally
  • No cloud dependency
  • Full code visibility

Your Rights

You can:

  • Access - View what data we store
  • Export - Download your stored data
  • Delete - Remove all stored data
  • Revoke - Disconnect providers anytime
  • Regenerate - Create new API keys

See Data Deletion for instructions.