Data ownership¶
The short version: users own their data, your app owns the app metadata it generates, SweatStack is the custodian of both.
This page describes how that ownership model works in practice: who can see what, what happens when a user revokes your app, and how export works for users and developers.
Who owns what¶
SweatStack distinguishes between two kinds of data:
| User data | App metadata | |
|---|---|---|
| Source | The user's wearable, manual entry, imports | Your app, via the app-metadata feature |
| Examples | Activity timeseries, dailies, profile fields, tests | Custom training scores, in-app annotations, computed indices |
| Owned by | The user | Your app |
| Visible to | The user, and apps they've granted access to | Only the app that wrote it |
| After revoke | Stays with the user; the app loses access | Stays on the platform |
SweatStack is the custodian of both, not the owner of either. We store the data, run the platform, and enforce the access rules. We don't sell it, repackage it, or use it for purposes the user or developer hasn't consented to.
What we handle, what you handle¶
SweatStack handles platform-level compliance for the user data we store: GDPR portability, deletion, consent flows, audit trails. Users can exercise their data subject rights through SweatStack directly, without your app having to implement anything.
You're still responsible for your own side:
- Any data your app stores outside SweatStack (your own database, analytics, marketing tools).
- Your privacy policy and your relationship with your users. Your app is an independent controller of the user data it receives; see Part B of the terms.
- Deletion of user data you hold within 30 days of revocation.
What happens when a user revokes your app¶
When a user revokes your app's access, three things happen in this order:
- Your API access stops immediately. Requests scoped to that user return
401or403. Tokens issued for that user no longer work. - The user keeps all their data. Everything the user owns stays on SweatStack and remains exportable by them in open formats.
- App metadata your app wrote becomes inaccessible. It is no longer returned by the API and is not transferred to the user.
The metadata case is the exception to "users take their data with them." Because the user neither created the metadata nor had visibility into it, it isn't part of what they get back. It stays on the platform in a sealed state.
For data you've stored outside SweatStack (your own database, exports, derived analytics), the terms require you to delete it within 30 days of revocation. SweatStack does not control that data, so we can't delete it for you.
Designing for revoke¶
Treat revoke as a normal product state, not an error condition. A few guidelines:
- Don't build core flows that catastrophically break when a single user disconnects. Detect
401and403on user-scoped calls and route the user into a re-consent flow. - Don't assume re-consent restores the prior session. Treat it as a new connection.
- Don't store derived state in your own database that you can't reconstruct from a fresh consent.
Export¶
Users can export their full data history at any time from their SweatStack account, in open formats. This applies regardless of which apps they've connected.
Apps pull a user's data through the standard endpoints in the API reference, within the scopes the user has granted. The same API serves both ongoing reads and final exports; there is no separate export endpoint and no proprietary export format.
What we don't do¶
We never sell user data. We never share it with brokers or advertisers. Every app on the platform is held to the same standard through the developer terms.