Strava's services are not directed at children under 13, and users between 13 and 17 may have additional privacy protections applied including restricted default visibility settings.
Age-based protections are legally required under COPPA in the US and similar laws globally, but parents should be aware that teen users may still share significant location and health data on the platform.
Age restriction provisions implicate COPPA compliance for US users under 13, GDPR Article 8 age of consent requirements for EEA users (varying by member state, typically 16), and UK Age Appropriate Design Code obligations. Compliance teams should assess age verification adequacy and whether minor-specific data handling meets regulatory expectations.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.