Part III: How Do I Build With This Thing?

Your Data Is Already Yours

The law agrees with you. GDPR in Europe and CCPA in California both say you have the right to download your personal data from any service that holds it. Google, Apple, Amazon, Slack, your AI chat platforms — they're all required to hand it over. Most of them make it easy. The problem isn't access. The problem is that almost nobody asks.

Google is the biggest unlock. One OAuth consent screen and you've got Calendar, Gmail, YouTube history, Drive, Contacts, and Search history flowing into your own application. The setup looks intimidating — client ID, client secret, refresh token, redirect URI, scope selection — but once it's wired, a single refresh token gives you persistent access to your own life. Calendar events become queryable data. Emails become searchable context. YouTube watch history becomes a map of what you've been curious about for the past decade. Drive becomes programmatic. The data was always yours. OAuth just gives your code permission to read it.

The implementation pattern is the same for every Google API. Get a refresh token once through the browser consent flow. Store it. Use it to mint short-lived access tokens whenever your code needs to call an API. The refresh token doesn't expire unless you revoke it. That means you authenticate once and your system reads your calendar, your inbox, and your watch history forever. No repeated logins. No session timeouts. Just a token in an environment variable and a function that knows how to trade it for access.

But Google is just the starting point. The iMessage database on your Mac is a SQLite file sitting in your Library folder. Home Assistant logs every sensor event, every automation trigger, every state change in your house. Amazon lets you request a full export of your purchase history, search history, and browsing data. Every AI chat platform — ChatGPT, Claude, Gemini — lets you download your conversation history. Slack workspace admins can export every message. Your iPhone knows your steps, heart rate, sleep stages, screen time, and location history, and HealthKit will hand all of it to any app you write.

That last part is the one most people don't realize. You can write iPhone apps.

Not "you can learn to write iPhone apps someday after a boot camp." You can write one now, with AI helping you through the parts you don't know. The Apple Developer Program is ninety-nine dollars a year. Xcode is free. TestFlight lets you deploy to your own phone without going through App Store review. As a developer building for yourself, there are no content guidelines, no review delays, no rejection letters. You build it, you sign it, you run it.

The hard part is Apple's infrastructure, not the code. Code signing certificates, provisioning profiles, team IDs, the archive-upload-review pipeline — this is bureaucracy, not engineering. It's confusing the first time through and boring the second time. The code itself is surprisingly clean. HealthKit gives you fifty-plus health metrics through a single permission prompt. CoreMotion tracks your activity type, step count, altitude, and device orientation. SwiftUI handles the interface. You're not building health tracking from scratch. You're calling Apple's APIs and deciding where the data goes.

Steward took seven days. Seven days from "I want my health data in my own database" to a working iOS and watchOS app that syncs heart rate, sleep, workouts, steps, and motion data to a personal time-series database every minute. The first day was fighting Xcode's signing UI. The second day was HealthKit queries. By day three, data was flowing. By day seven, a collaborator had added Merkle tree sync that cut API calls by ninety-one percent. The app has been running in the background ever since, feeding health data into the same event database that logs home automation and calendar entries.

The pattern generalizes. Every data source you care about has an API, an export, or a database file you can read. The work is integration — writing the code that pulls from five sources and pushes to one place where an AI can query it. Google Calendar events land next to HealthKit heart rate data next to Home Assistant motion sensor triggers next to iMessage conversations. Same database. Same timeline. Same query language.

And if the data source you want doesn't exist, you build the sensor. That's what a personal iPhone app is — a sensor platform you control. Want to track which rooms you spend time in? Write a beacon detector. Want to log your mood three times a day with a single tap? Build a three-button app. Want to know how many times you open the fridge? A Home Assistant contact sensor costs four dollars and reports to your event database without you ever touching your phone. The tooling for personal data collection is absurdly good. The bottleneck is deciding what to track.

The laws help more than you might expect. GDPR's "right to data portability" means services must provide your data in a structured, machine-readable format. CCPA gives California residents the right to know, download, and delete. In practice, this means Google Takeout covers dozens of services in one export. Apple's privacy portal delivers your data within seven days. Amazon hands over purchase and search history on request. These aren't obscure legal maneuvers. They're settings pages. The platforms built the export tools because the law said they had to, and now the tools sit there unused by almost everyone.

The missing piece is currency. Exports go stale the moment you download them. Your ChatGPT conversations from last month don't include this month. Your Google Calendar export from January doesn't know about February. The ideal system pulls fresh data continuously — the OAuth integration that reads your calendar every five minutes, the HealthKit sync that pushes every sixty seconds, the Home Assistant recorder that never stops logging. Nobody has a perfect version of this. The infrastructure is always slightly behind the ambition. But even a partial pipeline — even a quarterly export dumped into a folder — is better than the default, which is leaving all of your own data locked inside other people's products and never looking at it.

The real shift is realizing that "my data" isn't an abstract legal concept. It's files. JSON, CSV, SQLite, JSONB in a Postgres column. It's queryable. It's yours. And once you've got it collected in one place — a database, a folder, even a pile of exports — you can point AI at the whole thing and ask questions that no single platform could ever answer. What was I doing the week my sleep got worse? What topics was I researching right before I started that project? How does my heart rate correlate with the days I skip exercise? The answers are in the data. The data is already yours.

Start tonight. Google Takeout takes ten minutes to request and covers dozens of services in one export. Your iMessage database is already a SQLite file on your laptop. The Netflix and Amazon exports take a few days to arrive. The Apple Developer Program is ninety-nine dollars and a weekend. By next Wednesday you'll have a folder that contains more of your own thinking, watching, buying, and moving than you remember producing. That folder is the beginning of everything else in this book.

← The Steering File