Am i doing everything by the rules?


Here is how much application works:

Get user to connect via API.
Store users data
Get user to agree to tick a checkbox saying "Allow Application XXX to publish results on my behalf"
Update user’s timeline (if they allowed it).
Offer option on the homepage to remove user from the service.

Is there anything I should be adding to make this application legal?