Strava · Strava Privacy Policy · View original document ↗

Connected Device Health Data — No-Sale Commitment

Medium severity Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Strava commits that health data collected from connected devices like Garmin or Apple Health will not be sold, used for advertising, or disclosed to third parties without your prior consent.

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This clause restricts the permissible uses of a specific category of health data collected through third-party integrations, creating a narrower data practice framework for health information than may apply to other types of user data collected by the service.

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 3, 2026
First Seen
Apr 17, 2026
Last Seen
This clause type exists across 1153 other provisions on other platforms.

Consumer impact (what this means for users)

Strava promises not to sell or use your heart rate, sleep, or HRV data from connected devices for advertising, but this data can still be used to train Strava's AI models and improve its services, which is a meaningful secondary use.

How other platforms handle this

MetaMask Medium

We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Target Medium

RedCard. We share information with our financial partners to operate the Target RedCard program.

See all platforms with this clause type →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: This provision directly engages CCPA/CPRA §1798.121 (sensitive personal information opt-out and limitation rights), Washington My Health MY Data Act RCW 70.370.060 (prohibition on selling consumer health data without authorization), and GDPR Art. 9(2)(a) (explicit consent for health data processing). The FTC's Health Breach Notification Rule (16 CFR Part 318) applies to health data breaches at non-HIPAA-covered health apps. The no-sale commitment, if breached, would constitute an unfair or deceptive practice under FTC Act Section 5. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over violations of health data commitments under FTC Act Section 5 and the Health Breach Notification Rule, with the GoodRx enforcement action establishing precedent for health app data misuse.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
May 5, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001432
Document ID
CA-D-00272
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342
Analysis generated
April 1, 2026 14:09 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-001432
Captured: 2026-04-01 14:09:14 UTC
SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/connected-device-health-data-no-sale-commitment/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's Connected Device Health Data — No-Sale Commitment clause do?

This clause restricts the permissible uses of a specific category of health data collected through third-party integrations, creating a narrower data practice framework for health information than may apply to other types of user data collected by the service.

How does this clause affect you?

Strava promises not to sell or use your heart rate, sleep, or HRV data from connected devices for advertising, but this data can still be used to train Strava's AI models and improve its services, which is a meaningful secondary use.

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.