When you create an app, at the bottom of the screen, it asks if this is for a research project. Our application was designed for a research project however the principal investogator and  healthcare organization will get the Fitbit data directly from Fitbit not our application. The terms of the Web API state that the token can be revoked for violating the terms. I am looking for confirmation that we are not violating the terms. Who can answer this question?  I can’t afford to have our taken revoked in the middle of the clinical study because of a misunderstanding. 

Which form are you looking at?   Our form when registering the application does not ask if your application is a research project.

At the very bottom of the Register an App screen, you have to check the "read and agree" check box but right below, you can see it asks if this is a health research app!

Just to be clear, I am not creating an app that goes on the Fitbit, I am creating a survey website that uses the Fitbit OAuth 2 authentication so that the healthcare institution can link the questions to the account using the physical Fitbit.  This will allow them to tie the data from the Fitbit (acquired directly from Fitbit by the healthcare organization) to the questionnaire that we are providing to the research study participants.    

Thanks for clarifying.   Do you know if this project requires IRB approval?

It has IRB approval but we are not a non-profit and we are not a healthcare institution as requested by the Research app form.  We are a consultant outsourced by an organization to build a web application for their study.  There is no Fitbit data in our program that we built but we need to use the OAuth 2 Web API to authenticate the users so we can link the data from the questionnaire to the Fitbit account holders.  The IRB will be submitted by the Healthcare Institution to Fitbit as the Fitbit biometric data will be obtained by the Healthcare organization directly from Fitbit.  Our application is an external application (not a Fitbit app) using Fitbit authentication as a single sign on framework and that is all. 

Do you know the answer or are you going to find out an answer to my question from a qualified Fitbit representative dealing with use of the Web API for Research studies or are you just asking for your own purpose?

Hi @fsuoj 

I am trying to better understand your application and the research study it is associated with so I can give you the correct answer.

We will need the research team to complete the research application as specified in the portal, but you do not need to complete it prior to using the Web API.

@Gordon,

Thank you for the information.  I guess the question boils down to, what is the delineation for what is required for consideration of a "Research" application.  We are using only the OAuth 2 Web API for the users to login to our survey but that is the extent of the API usage.  Does the "Research" language require that we interface with the biometric data and thus we are exempt since we do not access this data?

99.9% of the Web API developers use OAuth2 along with querying the user data.  It appears your scenario is unique.

Can I get a Fitbit legal response or a contact person so that we can verify before going live?

I'm going to send you an email to set up a meeting with you to clear up any confusion.   

I am available anytime on Friday during regular business hours Eastern Standard Time.

I clearly stated that I am available anytime on Friday August 9th anytime during regular business hours.  Please let me know if this does not work for you.

Hi @fsuoj 

Just to close the loop on this topic, we discussed that the researcher who you are working with will need to submit the research application.

Let me know if you need anything else.