Cryptographically verified health and fitness data from physical devices, delivered to your application via API. Like Plaid, but for health data.
HealthKit, Google Fit, and other aggregators contain data that can be manually entered, modified by third-party apps, or spoofed on compromised devices. There is no way to know if a reading came from a real sensor or was typed in by hand.
Users can type any value into Apple Health. A 95kg user can enter 70kg and your app has no way to tell.
Any third-party app can write to HealthKit. A jailbreak tool can inject arbitrary readings with fake source metadata.
HealthKit marks data sources but doesn't verify them. You can't prove a weight came from a real scale on a real person.
You can't build real products on unverified data. Fitness wagers, insurance policies, and clinical trials need readings they can trust.
How It Works
From physical measurement to verified JSON in your app.
Your app sends users to Proven Health via a deep link or QR code. They see your brand, review the requested data types, and consent to share.
For BLE devices like smart scales, we capture raw bytes directly over Bluetooth — no intermediary software. For Apple Watch and iPhone sensors, we pull from HealthKit with source validation and deduplication.
Every reading is signed by a private key locked inside the phone's Secure Enclave. The key is hardware-bound — it can never be extracted, backed up, or cloned. Apple App Attest proves the app is genuine.
Automated checks validate the signature, timestamp, biological plausibility, and device attestation. For Tier 2, video evidence is reviewed by a trained human reviewer within 24 hours.
Verified readings are delivered to your webhook endpoint in real-time, signed with HMAC-SHA256. Full verification metadata included.
Use Cases
When the accuracy of a reading matters — financially, legally, or clinically — Proven Health is the infrastructure layer you need.
Employer-sponsored programs that reward employees for hitting step or activity goals. High-volume automated verification keeps costs low while preventing abuse.
Drug trials measuring changes in weight, vitals, or activity over weeks need audit-quality data. Evidence bundles and human review provide a complete chain of custody.
Life and health insurers pricing policies based on biometrics need data that meets evidentiary standards. Close the fraud loophole on self-reported health metrics.
Apps where users bet real money on reaching weight or fitness goals. Every reading must be fraud-proof — you can't settle a wager on data a user typed in.
Verification
Choose the level of assurance your use case requires. Tiers are configured per data type and locked in when a user connects.
Cryptographic signature verification plus comprehensive automated checks. Ideal for high-volume data where speed matters.
The gold standard. All automated checks plus video evidence capture and human reviewer confirmation.
Supported Data
From smart scales over Bluetooth to Apple Watch via HealthKit — every reading cryptographically signed and verified.
Supported devices: Renpho, Xiaomi Mi, Yunmai, Soehnle, 1byone, and more. New devices added server-side — no app update required.
Source validation prioritizes hardware sensors. Automatic deduplication across overlapping sources.
For Developers
One REST API. No SDK to install — just standard HTTP with your API key. Create connections, configure webhooks, and start receiving verified health data. We handle device protocols, cryptographic signing, evidence capture, and human review.
# Create a connection for your user
curl -X POST https://api.provn.health/v1/connections \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"user_external_id": "user_abc123",
"data_types": ["weight", "steps"],
"callback_url": "https://your-app.com/callback"
}'// Receive verified readings via webhook
app.post('/webhooks/provn', (req, res) => {
const { type, data } = req.body;
// type → "reading.verified"
// data.data_type → "weight"
// data.value → 82.5
// data.unit → "kg"
// data.verification.tier → 1
// data.verification.status → "verified"
await processReading(data);
res.sendStatus(200);
});Security
Every reading carries a complete chain of cryptographic proof — from the physical device to your API. No link in the chain can be faked, replayed, or tampered with.
P-256 private keys generated and stored inside Apple's Secure Enclave hardware. Keys physically cannot be exported, backed up, or cloned. Every reading is signed at the hardware level.
Apple's App Attest proves the app is genuine, unmodified, and running on a real device. Per-request assertions bind each reading to a verified installation.
For supported devices, raw bytes are captured directly over Bluetooth Low Energy. No intermediary software can intercept or modify the reading before signing.
Video evidence is SHA-256 hashed and the hash is included in the signed payload. Changing a single frame invalidates the cryptographic chain.
Create a free account, configure your first app, and start receiving verified readings. No SDK required — just your API key and a webhook endpoint.