Habit & Fitness Trackers — Category Research Report

Your heart rate, sleep cycles, menstrual data, GPS routes — collected continuously, stored indefinitely.

Habit & Fitness Trackers

Category Research Report

Your heart rate, sleep cycles, menstrual data, GPS routes, calorie counts, and daily habits -- collected continuously, stored indefinitely, and governed by privacy policies you never read. This is the landscape, the data, and the opportunity.

The Landscape

The global fitness app market is valued at approximately $10.7-12.1B in 2025 (sources: Grand View Research, Straits Research, Business Research Insights, Towards Healthcare), projected to reach $12.4-13.9B in 2026, growing at a CAGR of 13-15%. The wearable device market is substantially larger at $72-93B in 2025 (Fortune Business Insights, Precedence Research), with 590+ million devices shipped globally in 2025.

Major Players

Platform	Owner	Users / Subscribers	Pricing	Revenue / Revenue Model
Apple Health / Fitness+	Apple	~100M Fitness app users (est.); Fitness+ subscribers undisclosed	Fitness+: $9.99/mo or $79.99/yr	Subscription; hardware sales
Fitbit	Google/Alphabet	30M+ active users (pre-acquisition); exact current undisclosed	Free with device; Premium $9.99/mo or $79.99/yr	Hardware sales, subscriptions, data integration with Google
Garmin Connect	Garmin	"Tens of millions" (Garmin does not disclose exact count)	Free with device; Connect+ launched 2025	Hardware sales ($7.25B total revenue FY2025); fitness segment $2.3B+
Strava	Private (valued at $2.2B)	135M+ registered users	Free tier + subscription $6.67-$11.99/mo ($80/yr)	Subscriptions; $163.4M revenue in 2024
Whoop	Private (valued at $3.7B)	Undisclosed (est. hundreds of thousands)	$199-$359/yr ($25-40/mo)	Subscription-only; est. $260-500M+ revenue 2025
MyFitnessPal	Francisco Partners (PE)	220M+ registered users	Free tier; Premium $19.99/mo ($79.99/yr); Premium+ $24.99/mo ($99.99/yr)	Subscriptions + advertising
Samsung Health	Samsung	Undisclosed (pre-installed on Samsung devices)	Free	Hardware ecosystem; data practices
Peloton	Peloton Interactive (public)	6.4M total members; 2.73M connected fitness subs; 542K app subs	All-Access $49.99/mo; App+ $28.99/mo; App One $15.99/mo	$2.71B revenue FY2024 (declining)

Habit Tracking Apps

App	Users	Pricing	Positioning
Habitica	15M+ downloads	Free; Premium $4.99/mo	Gamified RPG habit tracker
Streaks	Undisclosed (iOS only)	$4.99 one-time purchase	Minimalist, deep Apple ecosystem integration
Habitify	3M+ users	Freemium with premium tiers	Cross-platform analytics-focused

The habit tracking apps market alone is valued at $1.7-1.9B in 2025, projected to reach $5.5B by 2033 at 14.2% CAGR (Straits Research).

North America accounts for 38-47% of global market share depending on the segment measured.

The Enshittification Timeline

Fitbit: From Independence to Google Absorption

2007-2020: Fitbit operates as an independent company, builds loyal user base with community features (Challenges, Adventures, social groups), affordable trackers, and a straightforward app.
January 2021: Google completes $2.1B acquisition of Fitbit. EU regulators approve with conditions: Google must keep Fitbit health data separate from advertising data for 10 years. Google promises health data will "not be used for Google ads."
2023: Google begins mandatory migration of Fitbit accounts to Google accounts. New devices require Google accounts to activate. Community forum posts show widespread user resistance.
March 2024: Google removes community features from the Fitbit app -- Challenges, Adventures, and open groups discontinued. Features that defined the social fitness experience are gone.
August 2024: Google discontinues Fitbit smartwatch line entirely. The Fitbit brand is retained only for basic trackers. Pixel Watch replaces it. Fitbit Pay begins phase-out in favor of Google Wallet.
2024-2025: App redesign draws complaints for cluttered dashboard, lost functionality, and removal of features like the battery percentage indicator. Users report barcode scanner degradation, food-tracking regressions, and a general sense that "the fun has been removed." Google Assistant removed from Fitbit Sense and Versa devices. Wi-Fi and local audio playback stripped from Sense 2 and Versa 4.
2025: Reports of firmware updates bricking Fitbit Charge 5 devices. Multiple users report losing all historical data during Google account migration. Message histories with friends disappear without warning.
January 2026: Google extends final migration deadline (again) to May 19, 2026. If users do not migrate, all Fitbit health data will be deleted after July 15, 2026. No standalone Fitbit experience will exist.
August 2023: Privacy group noyb files three GDPR data transfer complaints against Fitbit in the EU, alleging illegal export of user data to the US.

Strava: The Creeping Paywall

2009-2019: Strava grows as a beloved social fitness platform with generous free features.
May 2020: Strava moves previously free features (route planning, segment leaderboards, training analysis) behind the paywall -- during global COVID lockdowns when millions were losing jobs. Widely criticized for timing.
January 2023: Strava raises subscription prices from ~$5/month to $6.67/month, with some international users seeing 50%+ increases. Communication described as "very confusing" by Strava's own subsequent apology.
July 2025: Strava announces standardized per-country pricing, triggering further price increases for many subscribers.
December 2025: Strava puts its annual "Year in Sport" personal recap behind the $80/year paywall for the first time. Previously free since 2016, this move generates significant user backlash. KoM (King of the Mountain) results also increasingly paywalled.

MyFitnessPal: Breach, Fire Sale, and Paywalling

2015: Under Armour acquires MyFitnessPal for $475M when the app has 80M users.
February 2018: Massive data breach compromises approximately 150 million accounts -- usernames, email addresses, and hashed passwords (many using weak SHA-1 hashing). Disclosed in late March 2018.
2019: Stolen data appears on Dream Market dark web marketplace, bundled with 16 other breached sites, listed for $20,000 in Bitcoin.
December 2020: Under Armour sells MyFitnessPal to private equity firm Francisco Partners for $345M -- a $130M loss on the acquisition. Under Armour decides it is no longer a technology company.
Late 2022: Under new PE ownership, MyFitnessPal paywalls the barcode scanner, a core feature used by millions of free users for food logging. Users must now manually enter food data or pay.
2023-2025: Aggressive tiering -- Premium ($79.99/yr) and Premium+ ($99.99/yr) introduced. Free tier increasingly limited. Revenue optimization by PE firm follows the standard playbook: cut costs, paywall features, maximize extraction before exit.

Apple: Privacy as Product, but Still Closed

2020: Apple Fitness+ launches at $9.99/month.
2022-2025: Apple Fitness+ described as Apple's "weakest-performing paid service." No subscriber counts disclosed. Apple expands to 28 new markets in December 2025 but does not release user numbers.
October 2025: Fitness+ moved from COO oversight to the Health division. Reports emerge of a planned "Health+" subscription for 2026 with AI-powered coaching, nutrition tracking, and a health chatbot -- potentially raising the price ceiling.
2025-2026: Apple announces Health data integration with ChatGPT in iOS 27, raising new questions about where on-device processing ends and cloud-based AI begins.

Whoop: Subscription-Only, and Sued for It

2015-2024: Whoop establishes subscription-only model where users never own the hardware. Original pricing ~$30/month.
May 2025: Whoop launches 5.0 and MG devices with three-tier pricing: Whoop One ($199/yr), Peak ($239/yr), Life ($359/yr). Hardware included but never owned.
2025: Class-action lawsuit filed alleging Whoop secretly shared sensitive health data (names, emails, heights, weights, birthdays, vitals, video viewing history) with third-party tracker "Segment" without user consent. A peer-reviewed academic study places Whoop in the highest privacy-risk cluster among 17 leading wearable manufacturers.

Peloton: Pandemic Darling to Price Hiker

2020-2021: Pandemic boom pushes Peloton to peak valuations. Subscriber count surges.
2022-2024: Three consecutive years of revenue decline. Multiple restructuring rounds. Workforce cuts. CEO changes.
October 2025: Peloton raises prices for the first time in three years: All-Access from $44 to $49.99/month, App+ from $24 to $28.99/month, App One from $12.99 to $15.99/month. Morgan Stanley estimates this generates ~$150M in additional revenue.
Q2 FY2026: Connected fitness subscribers decline to 2.661M (down 7% YoY). App subscribers fall to 542K. Revenue continues declining. Company returns to profitability only through cost-cutting, not growth.

The Data Audit

The HIPAA Gap

The most important thing to understand about fitness and health app data: HIPAA almost certainly does not apply. HIPAA regulates covered entities (health plans, healthcare providers, clearinghouses) and their business associates. Consumer wearable companies -- Apple, Google/Fitbit, Garmin, Strava, Whoop, Peloton -- do not qualify as covered entities when operating consumer fitness products.

This means there is no federal prohibition on the use, sharing, or selling of health data collected by fitness trackers, wearable devices, and health apps. Non-covered entities can do whatever they want with user data as long as those actions are buried somewhere in the terms and conditions.

When wearable data flows to a doctor's EHR or a hospital system, HIPAA protections activate. When the same data sits in Garmin Connect or the Fitbit app, it does not.

Proposed legislation like the Smartwatch Data Act and Senator Cassidy's Health Information Privacy Reform Act attempt to close this gap. Neither has passed. State laws -- notably California's CMIA and Washington's My Health My Data Act -- provide partial coverage. But for most users in most states, their fitness data has fewer legal protections than their medical records at a doctor's office.

Under GDPR Article 9, health data is classified as "special category data" requiring enhanced protection. Fitness app data (heart rate, sleep, GPS tracking) qualifies when it reveals health information -- which it almost always does. Processing requires explicit, informed consent that can be withdrawn at any time.

As of March 2025, the European Health Data Space (EHDS) regulation entered into force, explicitly including wellness and lifestyle app data. Full implementation phases in through 2035.

FTC Enforcement: The Only Cop on the Beat

The FTC has become the primary US enforcer for health data privacy, using the FTC Act and the Health Breach Notification Rule:

Flo Health (2021): Period and fertility tracker shared sensitive health data of 100M+ users with Facebook and Google despite promising privacy. FTC settlement required consent mechanisms and third-party data deletion. No monetary fine from FTC, but a subsequent class action yielded $56M ($48M from Google, $8M from Flo). This was the first FTC order requiring a company to notify consumers about a privacy action.
GoodRx (February 2023): First-ever enforcement under the Health Breach Notification Rule. GoodRx shared prescription and health condition data with Facebook, Google, and other ad platforms. $1.5M penalty plus 20-year compliance requirements. A separate settlement added $25M.
BetterHelp (March 2023): Mental health platform shared email addresses, IP addresses, and health questionnaire data with Facebook, Snapchat, Criteo, and Pinterest for advertising -- despite promising privacy and displaying a fake HIPAA compliance seal. $7.8M settlement. ~800,000 consumers received refund notices. The FTC distributed $5.2M in refunds in June 2024, followed by a second round of $2.6M.

What Companies Actually Collect

Biometric data: Heart rate, HRV, respiratory rate, blood oxygen, skin temperature, sleep stages, menstrual cycles, stress levels, workout intensity, calorie burn, VO2max.

Behavioral data: Exercise patterns, step counts, GPS routes (where you run, where you live, where you work), food logs, weight history, hydration, app usage patterns.

Device and identity data: Device identifiers, IP addresses, browsing behavior, contact lists, third-party account data, payment information.

Whoop's privacy policy is 12,125 words. Apple's is 4,408. The length correlates with complexity of data sharing, not transparency.

How Health Data Is Monetized

A 2021 Duke University study found 79% of popular health and fitness apps share user data with third parties. Only 28% of users knew this was happening. Up to 25% of health and fitness app industry revenue ($4B+ total in 2023) comes from advertising and data monetization.

The data pipeline: Users --> Fitness apps --> Data aggregators --> Data brokers --> End buyers.

End buyers include:

Insurance companies: Analyzing fitness data to assess risk profiles. Regular workouts may lower premiums; irregular heart rate or low activity could raise them. Some insurers offer "free" fitness trackers as wellness incentives -- exchanging a $50 device for continuous health surveillance.
Advertisers: Targeting weight-loss products, supplements, workout gear based on fitness behavior. Mental health platforms monetize emotional trend data to corporations.
Data brokers: Packaging data into products like "Active Lifestyle Segments" and "Health Risk Indicators." Individual health records sell for as little as $0.06 per person in bulk. Detailed health profiles command hundreds of dollars.
Pharmaceutical companies: Receiving aggregated health trend data for market research and targeting.

Company-Specific Data Practices

Apple stands apart: on-device processing, end-to-end encryption for iCloud-synced health data (with two-factor authentication), no advertising business model for health data. Over 150 data types stored locally. Third-party apps require explicit permission. However, the upcoming Health+/ChatGPT integration raises questions about whether the on-device model holds.

Garmin received relatively high marks from Mozilla's Privacy Not Included project. However, Garmin's privacy policy permits sharing data with "others" given consent (which is required to use devices), and data flows between 70+ Garmin subsidiaries including five in China. Device-level encryption is weaker than competitors -- a misplaced Garmin watch can be connected to a computer and data accessed without authentication.

Samsung Health updated its US Privacy Notice in February 2026. It may use personal information to "develop and train artificial intelligence algorithms and models." Data sharing with third-party partners and service providers is permitted. Samsung participates in the EU-US Data Privacy Framework as of July 2025.

Strava overhauled its privacy policy effective January 1, 2026. It states health information from integrations (heart rate) will not be sold or used for advertising. Third-party developers are explicitly prohibited from using Strava data for AI model training. However, Strava shares data with service providers, corporate affiliates, and law enforcement. GPS/location data -- which reveals where you live, work, and travel -- is the most sensitive data Strava holds.

Peloton profiles are public by default. Peloton IQ AI system uses camera tracking for real-time workout feedback. Peloton states video analysis occurs on-device, but "telemetry data" is collected. Privacy policy permits sharing with vendors, business partners, and third-party marketers. Peloton collects data on pregnancy-specific workouts, raising concerns about surveillance given post-Roe legal landscape.

Vulnerability Score

Criterion	Rating	Explanation
User resentment	High	Fitbit users furious about forced Google migration and feature stripping. Strava users angry about progressive paywalling. MyFitnessPal users burned by the 150M-account breach. Whoop users suing over secret data sharing. Peloton subscribers watching prices rise as features stagnate.
Switching cost	Medium	Historical data (years of workouts, sleep, weight trends) is hard to leave behind, but fitness tracking is inherently device-agnostic. Most platforms offer data export. The real lock-in is habit, not technical barriers. Social features (Strava follows, Peloton leaderboards) create moderate network effects.
Technical feasibility	High	Fitness tracking fundamentals (step counting, workout logging, habit streaks) are well-understood engineering problems. A small team can build a competitive tracker. The hard part is hardware integration -- but open standards like Apple HealthKit, Google Health Connect, and Bluetooth LE make device-agnostic apps feasible.
Monetization clarity	High	Users already pay for fitness apps. Strava charges $80/year. Whoop charges $199-359/year. Peloton charges $192-600/year. MyFitnessPal Premium is $80-100/year. There is proven willingness to pay $5-10/month for fitness and habit tracking.
Data sensitivity	Very High	Biometric data, GPS location history, menstrual cycles, sleep patterns, mental health indicators, body weight, calorie intake, heart conditions. This is among the most intimate data any technology product collects -- and it is largely unprotected by HIPAA.
Network effects	Low-Medium	Fitness tracking is primarily a personal activity. Social features exist (Strava kudos, Peloton leaderboards) but are secondary to core value. Users choose fitness apps for personal tracking quality, not because their friends are on them. This is the key vulnerability of incumbents: the moat is shallow.

Overall vulnerability: High.

User resentment is broad and multi-layered across the entire category. Switching costs are real but manageable. Technical feasibility is high. Monetization is proven. Data sensitivity is extreme but legal protections are weak -- creating both a risk (for users) and an opportunity (for a privacy-first alternative). Network effects are the weakest of any major software category, because fitness tracking is fundamentally personal.

The category is ripe. Users are paying $5-30/month for products that collect their most sensitive biometric data and share it in ways that would be illegal if done by a hospital.

The Your 99 Blueprint

Revenue model: Subscription at $4.99/month ($49.99/year). No free tier with ads. No data monetization. The product is funded by users, full stop. Users who pay own the product.

Draft Contribution Map:

Contribution	Stake per month
Active tracking (15+ days/month)	15 base units
Workout logging (consistent use)	10 units
Habit streak maintenance (30+ day streaks)	10 bonus units
Community challenge participation	5 units
Premium subscription	30 base units
Data import from incumbent (switching)	20 one-time bonus
Bug reports / feature feedback (verified)	5 bonus units
Referral (becomes 30+ day active user)	15 bonus units

Economics at scale:

Scale	Users	Monthly Revenue	Distributable (after 11% ops)	Per User (avg)
Small	10,000	$50,000	$35,500	$3.55
Medium	100,000	$500,000	$355,000	$3.55
Large	500,000	$2,500,000	$1,775,000	$3.55

(Assumes $4.99/month average, 10% operating costs, 1% builder / 10% investor / 89% community split on the 99% distributable portion)

Key differentiator beyond ownership: Data sovereignty. All health data encrypted end-to-end, stored on-device by default, with optional encrypted cloud sync that the user controls. No third-party data sharing. No advertising. No data broker pipeline. Full data export at any time in open formats. When a hospital or insurer wants your data, YOU decide -- and you see exactly what is shared.

A privacy-first fitness tracker is not a niche product. It is the product that 79% of fitness app users would choose if they knew their current app was sharing their data without meaningful consent.

Minimum viable feature set:

Workout logging (manual + device sync via Apple HealthKit / Google Health Connect)
Habit tracking with streaks and reminders
Basic analytics (trends, progress charts)
Calorie / food logging with barcode scanner
Sleep and step tracking (via connected devices)
Full data export (JSON, CSV)
End-to-end encrypted sync
No social features at launch -- personal tracking first, community second

Open Questions

Should this be a standalone app or a hardware + software play? Hardware creates lock-in but also massive capital requirements. Starting software-only and syncing with existing devices (Apple Watch, Garmin, etc.) is capital-efficient but means depending on incumbents' APIs.
How do you handle the data import problem? Users have years of Fitbit, Strava, or MyFitnessPal data. Can we build import tools that bring historical data into the Your 99 platform? This dramatically lowers switching cost.
Is $4.99/month the right price point? Strava charges $6.67+/month and users complain. Whoop charges $17-30/month and users accept it. The sweet spot needs community input.
Should food / nutrition tracking be included at launch or split into a separate product? MyFitnessPal's food database is a massive competitive advantage built over 20 years. Open-source food databases (Open Food Facts) exist but are less comprehensive.
How do you build trust on data privacy when every incumbent also claims to be privacy-first? Transparency reports, open-source components, third-party audits, and publishing exactly what data is collected and where it goes may be necessary.
The regulatory landscape is shifting fast (EHDS in Europe, state laws in the US, proposed federal legislation). Should Your 99 proactively comply with the strictest global standard (GDPR Article 9 for health data) as a competitive advantage?
Is this the right first or second Your 99 product? The category has high vulnerability, proven monetization, low network effects, and extreme data sensitivity. It aligns with the mission. But it also requires device integration engineering that is more complex than pure software categories.