Granting access to user data is typically performed programmatically. That is, an operating system or web service grants access to the data based on access rights of the user. This model is not very secure, particularly when the user grants access to many other entities. If the security of any entity having access to the data is compromised, the user's data may be accessed and maliciously changed or corrupted without the user's permission or knowledge. The more entities that are involved in handling a user's data, the less secure the data is.