If you need to access the data via API, the user will face two potential limits - app token rate limit (Read and writes are limited to 5M complexity points per minute each.) or personal token rate limit (Reads and writes have a combined budget of 10M points per minute or 1M for trial and free accounts.)
Yet we would love to see personal API token limits as personal (per user) and not per account as it is implemented now. It makes a big difference for enterprise clients working with big amounts of data.