What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR for EEA/UK users, with Strava citing Standard Contractual Clauses as the transfer mechanism for international data flows; CCPA and analogous US state privacy laws are addressed through a dedicated state notice; Washington State's My Health MY Data Act is implicated by the separate Consumer Health Data Policy referenced in the document. The FTC Act is relevant given the breadth of data collection and advertising use. The policy's use of health and p…

How does Strava's Strava Privacy Policy affect users?

The policy establishes that precise GPS routes, health metrics, and activity history are collected and processed for multiple operational uses including AI model training, targeted advertising, and the Global Heatmap aggregation service. Users operate under default privacy configurations that determine the extent to which their activity data appears in public-facing features and informs ad targeting. The policy provides mechanisms for users to modify activity visibility settings, connected devi…

How often is Strava's Strava Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Strava updates this document?

Yes. Watcher subscribers ($9.99/month) can add Strava to their watchlist and receive same-day email alerts whenever this document or any other Strava document changes.

CA-D-000272

Strava Privacy Policy

Strava

Last change detected May 5, 2026 Privacy policy

SHA-256: 061c0838a765eb06866… 27 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Strava ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

8 Medium severity

0 Low severity

Summary

Strava's 2026 Privacy Policy establishes the terms under which the platform collects, uses, and discloses user data generated through fitness tracking activities, including GPS location data, heart rate metrics, workout history, and contact information. The policy authorizes Strava to incorporate activity data into the Global Heatmap feature, which aggregates and publicly displays user-generated route information, and to use collected data for model training and advertising purposes. Users may configure visibility settings for activities and manage data sharing permissions through the app's privacy controls.

Technical / Legal Breakdown

Strava's 2026 Privacy Policy governs the collection, use, and sharing of personal information across its platform, mobile applications, and services, with Strava acting as a data controller or 'business' under applicable frameworks including GDPR, CCPA, and analogous state laws. The policy states that Strava collects a broad range of data including precise GPS location, health metrics (heart rate, HRV, VO2max, sleep data), biometric performance data, device identifiers, payment information, and contacts, and the terms authorize use of this information for AI and machine learning model training, advertising through third-party partners, and contribution to a publicly visible Global Heatmap. Notably, the policy asserts that health data collected from connected device integrations will not be sold or used for advertising, representing a meaningful carve-out, but the terms separately authorize use of personal information including health and location data for AI Features depending on user privacy controls, creating operational ambiguity about the boundary between these commitments. The policy engages GDPR for EEA users (citing Standard Contractual Clauses for international transfers), CCPA and related US state privacy laws (with a dedicated state notice and a separate Consumer Health Data Policy), and Washington State's My Health MY Data Act based on the Consumer Health Data Policy reference. Compliance teams should note that the breadth of data collected, the use of location and health data for AI development, and the aggregation of activity data into publicly accessible features such as the Global Heatmap may require evaluation under sensitive data provisions in multiple jurisdictions.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 8 provisions

Health Data Collection and Non-Sale Commitment Compare →

Strava promises not to sell health data it receives from connected devices like Garmin or Apple Health, and says it will not use that data for advertising, but it can still use it for other purposes described in the policy including AI development.

Added May 9, 2026 Standard Seen across 251 platforms
AI and Machine Learning Model Training Using Personal Data Compare →

Strava uses your personal information including health data and GPS location to train its AI and machine learning systems, though the extent depends on your in-app privacy settings.

Added May 9, 2026 Common Seen across 104 platforms
Global Heatmap Aggregation of GPS Activity Data Compare →

Strava uses GPS data from user activities to build its publicly visible Global Heatmap, which shows aggregated movement patterns across all users.

Added May 9, 2026 Standard Seen across 251 platforms
Targeted Advertising Using Personal Information Compare →

Strava may show you personalized ads based on your personal information and may share your data with advertising partners for this purpose, though you can opt out.

Added May 9, 2026 Standard Seen across 189 platforms
Precise GPS Location Data Collection Compare →

Strava collects your precise GPS location as a core requirement of the service, and while you can turn off location sharing at the device level, doing so will disable key features like activity tracking and route mapping.

Added May 9, 2026 Standard Seen across 251 platforms
International Data Transfers via Standard Contractual Clauses Compare →

Strava transfers personal data from the EU, UK, and Switzerland to the United States and other countries, using Standard Contractual Clauses as the legal mechanism to authorize these transfers.

Added May 9, 2026 Standard Seen across 246 platforms
User Rights for US State Residents

US users in certain states have additional privacy rights, including rights related to accessing, deleting, or opting out of sale of their personal information, addressed in a separate state notice and Consumer Health Data Policy.

Added May 9, 2026 Rare
Contacts Data Collection and Regular Access Compare →

If you give Strava access to your phone or social media contacts, it will continuously access and store that contact list to suggest connections, not just a one-time sync.

Added May 9, 2026 Standard Seen across 251 platforms

Monitoring

Strava has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle AI Features Using Personal Health and Location Data and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 5, 2026 05:58 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000272

Version ID CA-V-001212

Source URL https://www.strava.com/legal/privacy

Wayback Machine View external archival references →

SHA-256 061c0838a765eb068664e1d5f6d2ebaa4253b3742408339eba0417c34f69238d

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Strava Privacy Policy

Monitor governance changes across the platforms you rely on.