Last Update: MAY 8, 2018


Q: What is Consent Access (CA)?

A: Consent Access (CA) is an API and SDK from digi.me that allows you to request access to a variety of user data from the user. It sits on top of a very powerful, private and secure sync engine which allows users to connect to, retrieve a copy and normalise their data from various service providers (social, financial, health, music, etc) and store it in a library using a cloud storage service under their control (Dropbox, Google One Drive, etc).

CA allows you to ask for access to user data according to a contract that describes what type of data you are requesting, what you will and will not do with it, for what purpose, how long you will retain it and if you will implement the right to forget the user data.

For more info on how users share data with 3rd parties follow this link.

Q: Which platforms are supported by the digi.me app and CA?

A: The digi.me app is available on iOS, Android, Windows and Mac, while CA is available for development on Android and iOS platforms.

The preferred way to develop your apps is using Java for Android and Swift for iOS. In addition, you can use Objective-C, React Native (Beta) or Onymos Fabric (Beta) to build a hybrid app using HTML, JavaScript and CSS.

If you would like to try Onymos, please get in touch with us [at: dev-support [at] digi.me] and we’ll point you in the right direction.

Q: Which sources of data/data types are available?

A: Digi.me can connect to a variety of sources such as: Facebook, Twitter and other social networks, thousands of financial institutions, US and Icelandic health data, Fitbit, Garmin and other fitness apps as well as Spotify music.

We are constantly adding new sources, so for a current list, please follow this link.

Q: Is CA available for web apps?

A: At the moment, CA can only be used from an iOS or Android mobile application. This is due to the high level of security that digi.me implements to keep user data safe.

Q: What is a CA Contract?

A: A CA Contract is a digital contract between you and individuals consenting to your app accessing their data via digi.me. It contains basic identifying information about you as the developer, specifies the type(s) of data being requested and over what time period as well as your terms of service for this transaction.

The CA Contract lays this information out very neatly and legibly for the user so they can understand it. If they wish to do so, the user then swipes to accept the contract which would then allow your app to fetch all the data that matches the contract and decrypt it on the user’s device.

Q: Can I send user data off-device? To a server for example…

A: Yes. Your CA Contract MUST make clear to a user if their data will be leaving the device or not. You must always respect the CA contract you put in place.

Q: How do I get a CA Contract for my app?

A: Please contact us at: dev-support [at] digi.me.

Q: Can I use more than one CA Contract in a single app?

A: Yes! In fact, good UX practice (and GDPR) require you ask for the minimum amount of data you need in order to deliver your service. You should start with a contract that asks for only what you need. Later on, in the life of your app or service, you may need more or different information to enable more functionality or provide a better or additional service.

You can use additional CA contracts to request the data you need at each step of the application lifecycle and user journey in order to provide a good and safe experience.

Q: What kinds of apps can I build?

A: Your imagination is your only limitation. Digi.me allows users to provide a wide variety of their data to your application and some of the most interesting use-cases can be found when combining these data sets.

For some inspiration, please feel free to check out this page from our hackathon in Iceland showing what some innovative teams built and be on the lookout for more examples from other hackathons and events.

Q: Can I connect to my own data while developing?

A: Yes! You can install digi.me on your device and add as many connectors as you wish. Once you start requesting access to data using CA, you will see your own data delivered to your app.

Q: I don’t have enough data in my own account to develop with. Do you have test data I can use?

A: Yes! Please send us an email at: dev-support [at] digi.me and we can provide you with a sample account that has all sorts of data in it to aid you in developing your application.

Q: I have approved a Consent Access Request, but I don’t see any data in my app - why?

A: The most likely reason for this to happen is if the CA Contract specifies a type of data and a date range for data you do not have.

For example: the CA Contract is coded to request the last 7 days of Facebook posts, but your last post was 8 days ago. This will result in an empty dataset.


Q: How much does CA cost? What is the pricing model?

A: We at digi.me understand the cognitive load some pricing models can create and that you need to be able to easily model your cost as you develop your apps and services. We also understand how hard it is to start a company or an app with just an idea and build it into something incredible. This is why we have adopted a super simple pricing model.

Every time you ask users for data via a Consent Access Contract, we charge a small data delivery fee ($0.10). This applies up to a maximum of $3 per user, per app, per year. We also provide free credits that can make it easy and free to get your app off the ground.

We may be running special promotions as well (hint hint) so please be sure to check the pricing page for the most up-to-date information, or to contact us about pricing.


Q: How is user data encrypted?

A: User data is encrypted in transit from the source using SSL, then at rest using unique AES-256 keys which are themselves encrypted in part with a user password which never leaves the user’s device. This is in addition to whatever encryption the 3rd party storage service provides itself.

When user data is shared with a 3rd party app using CA, in addition to SSL, that payload is encrypted with a public key for the 3rd party such that only they can decrypt it with their corresponding private key.

As a developer, you just need to provide your decryption password and key to the digi.me SDK and the SDK will take care of decrypting incoming information for you.

Q: Where is user data stored?

A: User data is stored encrypted in a destination of the user’s choosing such as their Dropbox account. There is no central repository of all user data. Digi.me does not see, hold or touch user’s data.

Q: Where can I get more info on your security?

A: For more info on security, please see this link

Q: As a developer, I am not very skilled in security and privacy. Can I still use CA?

A: Yes! Digi.me has invested a lot of time and resources to build CA in the most secure way possible. If you are unsure about how to secure your app or are worried about storing user data (which is a real concern), you can request data from the user via CA, process it to provide your functionality, and then throw it away (discard it from memory).

For example, if you are providing a credit rating service, you might ask to see the user’s financial transaction history to create a credit score. Once you’ve calculated the user’s score, you no longer need the detailed financial data and would do well to discard it immediately.


Q: How do I get more questions answered?

A: You can reach us at: dev-support [at] digi.me