Open Source Sunday: Open Source Health Tools That Don't Sell You Out

Every fitness app promises to help you "reach your goals." Most curricula never raise a relevant question: where does your heart rate data go after the app syncs it to the cloud, and who profits from the intimate story your body tells?

The answer involves a data supply chain spanning advertising networks, insurance companies, and data brokers you have never heard of. This is not about paranoia or tinfoil hats. It is about understanding what happens to the most personal data you generate — and the growing ecosystem of tools that let you keep it entirely.

TL;DR

Open source health tools have matured dramatically in 2025. You can now track fitness, manage medications, monitor vital signs with medical-grade accuracy, and aggregate your complete medical records — all without sending data to corporate servers or paying monthly subscriptions.

This guide covers the best open source alternatives across five categories: wearables, fitness tracking, medication management, mental health, and medical records. Each tool includes an honest difficulty rating (1-5 stars) and a frank assessment of what you gain and what you give up.

The minimum viable setup costs nothing and shares zero data. The advanced setup gives you complete sovereignty over health information that commercial apps routinely sell.

Why This Matters Now

The Privacy Illusion

Most people believe their health app data is protected by HIPAA. It is not.

HIPAA applies only to "covered entities" — healthcare providers, insurers, and their business associates. Your Fitbit, Oura ring, period tracker, or meditation app? Not covered. The data these apps collect falls entirely outside federal health privacy law.

The regulatory gap has consequences. A BMJ analysis found that 79% of health apps share user data with third parties. Those third parties then share with "fourth parties" — a cascading data supply chain you never consented to join.

This is not theoretical. In 2023, the FTC ordered BetterHelp to pay $7.8 million after the company shared users' mental health data with Facebook, Snapchat, and other advertising platforms. The company had promised to keep user data private. It did not.

Security vulnerabilities compound the privacy problem. A 2025 analysis found an average of 44 critical vulnerabilities per Android healthcare app, with over 2,000 high-severity issues across the apps studied. More than 176 million patients have been affected by protected health information breaches historically.

The uncomfortable question: if you would not post your medication schedule, sleep patterns, and menstrual cycle on social media, why are you sharing this data with apps that have fewer legal obligations than your doctor?

The Subscription Trap

The economics of wearables have inverted. The device is no longer the product — your data is.

Consider the real cost of "free" and subsidized wearables:

Device	Upfront Cost	Subscription	5-Year Total
Whoop 4.0	"Free" with subscription	$199-300/year mandatory	~$1,200
Oura Ring 4	$349	$5.99/month ($72/year)	~$709
Fitbit (with Premium)	$100-300	$9.99/month ($120/year)	$700-900

Whoop requires a 12-month commitment minimum. Fitbit's advanced analytics sit behind the Premium paywall. And Fitbit users face a deadline: move to a Google account by February 2026 or lose access.

You are paying monthly rent for access to your own body's data.

The 2025 Turning Point

Two developments have shifted the landscape.

Regulatory awakening: On November 4, 2025, Senator Bill Cassidy introduced HIPRA — the Health Information Privacy Reform Act. Unlike HIPAA, HIPRA specifically addresses wearables and health apps. The legislation creates a new category called "Applicable Health Information" covering digital health metrics that fall outside traditional medical records. It requires consent before selling health data.

HIPRA signals that regulators are finally recognizing the gap between what consumers expect and what the law requires.

Open source maturity: Late 2025 saw major launches in the open source health ecosystem:

Open Wearables (December 2025): A unified API connecting 200+ wearable devices, MIT licensed
HealthyPi Move: An open source biometric monitor with medical-grade sensors, 329% crowdfunded
Gadgetbridge 0.88.0: Added Garmin support, expanding the universe of "liberated" wearables

These are not hobbyist experiments. They are production-grade tools that make data sovereignty practical.

The Open Source Health Stack

Before diving into specific tools, here is how the pieces fit together:

┌─────────────────────────────────────────────┐
│           YOUR PHONE/COMPUTER               │
│  ┌─────────────────────────────────────┐    │
│  │     Data Stays Here (Local-First)   │    │
│  └─────────────────────────────────────┘    │
└─────────────────────────────────────────────┘
         ↑               ↑               ↑
    ┌────┴─────┐    ┌────┴─────┐    ┌────┴─────┐
    │Hardware  │    │  Apps    │    │Aggregator│
    │(Wearable)│    │(Tracking)│    │(Records) │
    └──────────┘    └──────────┘    └──────────┘
    PineTime        FitoTrack        Fasten
    HealthyPi       Gadgetbridge     Open Wearables
    ZSWatch         wger

The key principle: data flows to your device, never from it to corporate servers.

Gadgetbridge illustrates this concretely. The app literally cannot send data anywhere — it has no network permission in its Android manifest. This is not a policy decision that could change. It is an architectural guarantee enforced by the operating system.

Category 1: Wearables & Companion Apps

Gadgetbridge — The Universal Liberation Tool

Gadgetbridge is an open source Android app that replaces the official companion apps for smartwatches and fitness bands. Instead of pairing your Amazfit to the Zepp app (which uploads your data to servers in China), you pair it to Gadgetbridge (which stores everything locally).

Supported devices:

Amazfit: Bip, GTR, GTS, T-Rex, Balance, Active, Falcon, Cheetah
Xiaomi: Mi Band 4-8, Smart Band series
Garmin: Partial support since v0.81.0
PineTime, Bangle.js, Casio, Fossil
And 50+ more

What you gain:

Zero network permission = mathematically impossible to leak data
All data stored locally in exportable SQLite database
Works offline indefinitely
No account creation required

What you lose:

Cannot update watch firmware automatically (you must download files manually)
Some advanced features may be missing compared to official apps
Initial setup requires auth key extraction for newer Amazfit/Xiaomi devices

Difficulty rating: ⭐⭐ (2/5)

The app install itself is trivial — get it from F-Droid. The complication is that newer Amazfit and Xiaomi devices require "server-based pairing." You must pair with the official app once, extract an authentication key, then enter that key into Gadgetbridge. It sounds tedious. It takes about fifteen minutes, and you never touch the official app again.

Quick setup for Amazfit/Xiaomi devices:

Install Gadgetbridge from F-Droid
Install the official Zepp Life app temporarily
Create an account and pair your device normally
Use the Huami-token tool to extract your auth key
In Gadgetbridge, add your device and paste the key (prefix with 0x)
Uninstall Zepp Life

From this point forward, your health data never leaves your phone.

Source: Gadgetbridge Official

Gadgetbridge app interface showing device management and health data

Gadgetbridge main interface — all your health data stays on your device

HealthyPi Move — Medical-Grade Open Hardware

HealthyPi Move is an open source biometric monitor in a watch form factor. Unlike consumer wearables that track steps and heart rate, HealthyPi measures eight vital signs with medical-grade sensors:

Single-lead ECG for heart rhythm analysis
PPG for heart rate, HRV, and SpO₂
EDA/GSR for stress and emotional response
Body temperature
Blood pressure trends (via finger-based PPG attachment)
6-axis IMU for activity tracking

The hardware is fully open (CERN-OHL-P v2 license). The firmware runs on Zephyr RTOS. The companion app is built with Flutter and supports Android, iOS, macOS, Windows, and Linux.

Why this matters: Medical-grade health monitoring has historically required either expensive professional equipment or consumer devices that send your most sensitive biometrics to corporate clouds. HealthyPi eliminates both constraints.

Specifications:

Nordic nRF5340 dual-core SoC
1.2" 390×390 AMOLED touchscreen
128 MB flash (10 days of processed data storage)
BLE 5.2 and USB-C connectivity
$249 one-time cost

What you lose:

Higher upfront cost than consumer wearables
Not FDA-approved for medical diagnosis (consumer device classification)
The form factor is functional rather than fashion-forward

Difficulty rating: ⭐⭐⭐ (3/5)

The device works out of the box, but understanding the medical-grade features (ECG analysis, blood pressure calibration) requires some learning.

Source: Crowd Supply - HealthyPi Move

HealthyPi Move open source wearable device

HealthyPi Move — medical-grade biometrics in a fully open hardware package

Budget Option: PineTime

If you want to experiment with open source wearables without significant investment, Pine64's PineTime costs $27 and runs the open source InfiniTime firmware.

The feature set is basic: notifications, step counting, heart rate, timer, music control. But everything — hardware and software — is completely open. You can flash custom firmware, modify the watch face, and know exactly what code runs on your wrist.

Difficulty rating: ⭐⭐⭐ (3/5) — Best for patient early adopters comfortable with evolving firmware.

Category 2: Fitness & Activity Tracking

FitoTrack — The Clear Winner for GPS Activities

When a Lemmy user tested 49 open source health apps, FitoTrack emerged as the preferred choice for GPS-based fitness tracking.

The app handles running, cycling, and hiking with real-time tracking of speed, distance, and elevation. Routes display on OpenStreetMap. Workout history includes charts and statistics. Audio announcements can read your progress through headphones during workouts.

Why FitoTrack wins:

Minimal permissions (no notification access, no nearby devices permission)
Lighter weight than alternatives like OpenTracks
Better individual exercise view
GPLv3 licensed, no ads, no tracking
Works completely offline

Vs. OpenTracks: Both are solid choices. OpenTracks integrates better with Gadgetbridge for recording workouts via your wearable. FitoTrack is leaner and requires fewer permissions. If you have a smartwatch, consider OpenTracks. If you just want a phone-based tracker, FitoTrack.

Difficulty rating: ⭐ (1/5) — Install and go.

Source: Codeberg - FitoTrack

FitoTrack — GPS tracking, route mapping, workout statistics, and history — all offline and private

wger — Self-Hosted Workout & Nutrition Manager

FitoTrack handles outdoor activities. What about strength training, nutrition logging, and body measurements?

wger (pronounced "Vega") is a self-hosted fitness management platform. It handles workout planning with progression rules, nutrition tracking via the Open Food Facts database, body weight logging, progress photos, and multi-user support for families or gyms.

The REST API enables integrations with other tools. You can run it on a Raspberry Pi 4, a home server, or any machine with Docker.

Quick deployment:

# docker-compose.yml
version: '3'
services:
  wger:
    image: wger/server:latest
    ports:
      - "8000:8000"
    volumes:
      - wger-data:/home/wger/data
volumes:
  wger-data:

Run docker-compose up -d, and wger is available at http://localhost:8000.

If self-hosting sounds like too much friction, wger.de offers a hosted instance. The tradeoff is obvious: you trust them with your data instead of keeping it local.

Difficulty rating: ⭐⭐⭐ (3/5) — Docker knowledge helps but is not strictly required.

Source: GitHub - wger-project/wger

wger — workout planning, nutrition tracking, and progress monitoring in one self-hosted platform

Quick Mentions

Feeel: The 7-minute workout app. Open source, customizable workouts, no account required. Difficulty: ⭐ (1/5)

Flexify: Minimal strength training logger. No frills, just exercise tracking. Difficulty: ⭐ (1/5)

OpenTracks: Activity tracking with Gadgetbridge integration. Records workouts directly from your smartwatch. Difficulty: ⭐ (1/5)

OpenTracks — integrates with Gadgetbridge for wearable-based workout recording

Category 3: Medication Management

MedTimer — The Privacy-First Pill Reminder

Medication data is among the most sensitive health information. Your prescription list reveals conditions, treatments, and health history. Commercial medication apps often share this with insurers, advertisers, or data brokers.

MedTimer stores everything locally. It has no network capability and works offline indefinitely.

Features:

Unlimited medications with customizable reminder schedules
Stock tracking with refill alerts when supplies run low
Weekend mode: delay reminders to a later time on chosen days
Birth control pill support with scheduled breaks
Latest version: v1.21.4 (December 22, 2025)

The app does what medication reminders should do and nothing else. No accounts, no sync, no advertising, no telemetry.

Difficulty rating: ⭐ (1/5) — Just works.

Source: F-Droid - MedTimer

MedTimer — medication tracking, reminders, and stock management — zero data leaves your device

Alternatives

Simpill: Even more minimal than MedTimer. No trackers, no ads. You can block its internet access entirely and it still functions.

Daily Pill: Focused on single daily medication. Ideal if you just need one reminder.

OpenMedTracker: A hardware solution for patients with limited tech ability. Physical button interface with Raspberry Pi backend.

Category 4: Mental Health & Wellness

Mental health apps handle uniquely sensitive data. BetterHelp's $7.8 million FTC settlement demonstrates what can go wrong: promises of privacy, followed by data flowing to Facebook.

HealSphere — The New Contender

HealSphere launched in September 2025 as a modular mental health support platform. The security approach includes JWT-based authentication, encrypted data storage, and no cloud sync by design.

The project is actively seeking contributors. If you are interested in the intersection of mental health and privacy-preserving software, this is an opportunity for involvement.

Difficulty rating: ⭐⭐⭐ (3/5) — Self-hosting required.

Source: Open Source For You - HealSphere

if me — Community-Focused Mental Health Sharing

if me takes a different approach: it is a platform for sharing mental health experiences with trusted people — friends, family, therapists.

The project has 1.6k GitHub stars and an established community. It is web-based and requires deployment, making it suitable for users comfortable with basic server setup.

Difficulty rating: ⭐⭐⭐ (3/5)

Source: GitHub - ifmeorg/ifme

Meditation & Mindfulness

Medito: A 100% free meditation app with guided sessions, breathing exercises, and sleep content. Open source, no ads, no premium tier. What Headspace charges monthly for, Medito provides free.

Difficulty rating: ⭐ (1/5)

Category 5: Medical Records & Data Aggregation

Fasten — Your Medical History, Your Server

Fasten is a self-hosted electronic medical record aggregator. The premise is straightforward: your medical history belongs to you, not to a corporation.

"This is my medical history, I'm not willing to give it to some random multi-national corporation to data-mine and sell."

Fasten connects to 25,000+ healthcare providers using your existing patient portal accounts. It pulls records from different hospitals, clinics, and labs into a single local database. You control what gets shared.

This is the most ambitious project in the open source health space, and accordingly the most complex to set up. Expect to spend time configuring provider integrations.

Difficulty rating: ⭐⭐⭐⭐ (4/5) — Requires Docker and patience.

Source: GitHub - fastenhealth/fasten-onprem

Open Wearables — The Developer's Dream

Open Wearables, launched December 2025, is a unified API connecting 200+ wearable devices: Apple Health, Garmin, Fitbit, Oura, Whoop, Strava, Suunto, Polar.

For developers, this eliminates weeks of integration work per device. For advanced users, it enables building custom health dashboards that combine data from multiple sources.

The architecture is HIPAA-ready with end-to-end encryption and user consent management. MIT licensed. Self-hosted means no vendor lock-in.

Difficulty rating: ⭐⭐⭐ (3/5) — Docker deployment, developer-oriented but accessible.

Source: GitHub - the-momentum/open-wearables

The "I Just Want Simple" Recommendations

If the preceding sections feel overwhelming, here is a decision tree:

Do you have an Amazfit, Xiaomi, or Garmin watch?
  → YES: Install Gadgetbridge (⭐⭐)
  → NO: Continue...

Do you run, cycle, or hike outdoors?
  → YES: Install FitoTrack (⭐)
  → NO: Continue...

Do you need medication reminders?
  → YES: Install MedTimer (⭐)
  → NO: Continue...

Do you do strength training?
  → YES: Try Flexify (⭐) or wger (⭐⭐⭐)
  → NO: Continue...

Do you want medical-grade biometrics?
  → YES: Order HealthyPi Move (⭐⭐⭐)
  → NO: Start with any ⭐ app above

The minimum viable setup:

FitoTrack for exercise tracking
MedTimer for medication reminders
Export data periodically to local backup

Total cost: $0. Total data shared with third parties: zero.

What You Give Up

An honest assessment requires acknowledging tradeoffs.

Features you might miss:

Social sharing (Strava leaderboards, workout communities)
AI coaching suggestions
Seamless cloud sync across devices
Automatic firmware updates
Polished onboarding experiences

The learning curve:

Gadgetbridge auth key extraction is not intuitive
Self-hosting requires basic Docker knowledge
Less hand-holding than commercial apps

Ecosystem fragmentation:

No single app does everything
Data portability between tools varies
You become your own IT department

The question to ask yourself: is the convenience of commercial apps worth sharing your health data with unknown third parties?

For an increasing number of people in 2025, the answer is no.

Conclusion

The healthcare data landscape is shifting. HIPRA legislation signals regulatory recognition of the gap between consumer expectations and actual protections. Open source projects have reached production quality. The tools exist.

Seventy-nine percent of health apps share your data with third parties. Subscription models lock your own body's data behind monthly paywalls. Data breaches have affected hundreds of millions of patients. The status quo assumes you will trade intimate health information for convenience.

Your heart rate, sleep patterns, medication schedules, menstrual cycles, and workout history tell an intimate story about who you are. This data reveals more about you than your browsing history, more than your location data, more than your purchase patterns.

The question is not whether you can trust corporations with this data. The question is: why would you, when you no longer have to?