SparkyFitness lets you connect your account with family members, friends, personal trainers, or coaches so that trusted people can log meals, record workouts, track check-ins, manage medications, or view progress reports on your behalf. The system is built on a least-privilege boundary isolation model enforced at the database layer with PostgreSQL Row-Level Security (RLS). Every share is explicitly scoped: no permission ever bleeds across boundaries, and your most sensitive credentials and health data remain strictly owner-only regardless of what you grant.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodeWithCJ/SparkyFitness/llms.txt
Use this file to discover all available pages before exploring further.
Setting Up a Connection
Add a New Connection
Click Add Connection. Enter the email address of the person you want to share with — they must already have a SparkyFitness account on the same server.
Choose Permissions
Select one or more permissions from the permission matrix (see below). You can mix and match permissions to match exactly what you want the delegate to be able to do.
Set an Optional Access End Date
If you want the access to expire automatically, set an Access End Date. The database revokes all access the moment that timestamp passes — no manual action is required.
The person you have shared with will see your name in their Profile Switcher, located in the top-right corner of the dashboard. They can select your profile to switch contexts and act on your behalf according to the permissions you granted.
Accessing a Shared Profile
Once a connection is active, the delegate can access the shared profile via the Profile Switcher in the top-right corner of the dashboard. Clicking the switcher reveals a dropdown listing all profiles that have been shared with that user. Selecting a name switches the active context: the diary, check-in pages, reports, and libraries all reflect the profile owner’s data and settings. The delegate’s own data is untouched and remains accessible by switching back to their own profile.Permission Matrix
SparkyFitness uses seven granular permissions to control exactly what a connected user can read or write within your profile. Permissions are additive — you can grant any combination.| Permission | Write Privileges | Read Privileges |
|---|---|---|
Manage Diarycan_manage_diary | Food entries, exercise entries, water logs, daily goal plans | Food/exercise/water logs, daily goal plans, custom food and exercise libraries, read-only profile, layout, and water-container settings. Wellness logs and medication logs are blocked. |
Manage Check-incan_manage_checkin | Weight, body measurements, progress photos, mood logs, fasting status, sleep logs, custom measurement categories and values (e.g. GLP-1 daily check-in) | Weight history, progress photos, wellness logs (mood, fasting, sleep), custom measurements, read-only profile and layout settings. Diary logs and medication logs are blocked. |
Manage Medicationscan_manage_medications | Medication schedules, pen/vial allocations, injection records, titration adjustments, daily symptom logs | Medication lists, schedules, logs, pens, injection sites, titration steps, and symptom entries. Diary and check-in logs are blocked. |
View Reportscan_view_reports | No write access | All wellness, check-in, diary, and medication logs for charts, graphs, and the dashboard. Also includes read-only access to profile, dashboard layout, and onboarding data. |
View Food Librarycan_view_food_library | No write access | Custom food list, recipes, and custom meals — including reusable sub-meals — when context is switched. Profile, dashboard layout, and onboarding data are not readable with this permission alone. |
View Exercise Librarycan_view_exercise_library | No write access | Custom exercise database and workout presets when context is switched. Profile, dashboard layout, and onboarding data are not readable with this permission alone. |
Share Integrationsshare_external_providers | No write access — provider configurations are owner-only | Allows the delegate to use the owner’s non-private search provider configurations (FatSecret, USDA, OpenFoodFacts, etc.) to search for food and exercise items. Health device integrations (Garmin, Fitbit, Withings, Google Health, Polar, Strava, Hevy) are strictly private and never shared. |
A delegate with only
can_view_food_library or can_view_exercise_library cannot read your profile, dashboard layout, or onboarding data. At least one of can_manage_diary, can_manage_checkin, can_manage_medications, or can_view_reports is required for that read access.Privacy & Security
Tier 1 — Strictly Private Data (Never Shared)
The following data is never accessible to any delegate, regardless of permission level. It is protected at the PostgreSQL RLS layer and cannot be exposed through any sharing configuration:API Keys
Your personal API keys (
api_key table) are owner-only and never delegated.OIDC SSO Connections
Your linked OIDC identity providers (
user_oidc_links table) are strictly private.AI Chat History
All Sparky personal AI assistant conversations (
sparky_chat_history table) are owner-only.Cycle & Pregnancy Data
All reproductive health data — cycle settings, daily entries, cycle records, pregnancy sessions, kick counters, contraction logs, bump photos, and health appointments — is strictly owner-only. This data is never shared or delegated, even with
can_view_reports.Tier 2 — Read-Only Profile & Settings Data
Delegates holding at least one ofcan_manage_diary, can_manage_checkin, can_manage_medications, or can_view_reports can read the following data, but only the account owner can modify it:
- Profile information — name, date of birth, height, avatar, and similar fields
- General preferences — theme, units, and other
user_preferencesvalues - Nutrient column display preferences — which nutrients appear in the diary and reports
- Dashboard widget layout — the arrangement of widgets on the dashboard
- Onboarding data and completion status — setup wizard answers and progress
can_view_food_library, can_view_exercise_library) cannot read or write any of the above.