When you connect devices like Garmin or Apple Health, Strava collects sensitive health data including heart rate, HRV, sleep, and VO2max, but commits not to sell this data or use it for advertising, and not to share it with third parties without your consent.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision creates operational constraints on how Strava handles health-category data distinct from other activity data. By categorizing certain data streams (heart rate, HRV, sleep information) as health information subject to stricter protocols, the clause establishes a differentiated data handling framework that requires consent-gating and limits monetization pathways for that category of information.
Your heart rate, sleep, HRV, and VO2max data from connected devices like Garmin or Apple Health cannot be sold or used for advertising by Strava, which is a stronger protection than the default for other personal data on the platform.
How other platforms handle this
Don't use AI to generate content that could unduly influence elections, including targeted political messaging, voting misinformation, or political rhetoric at scale.
Restricted Content includes clear violations of our Content Policy or applicable laws, and is subject to immediate action. Content designed to disrupt, damage, or gain unauthorized access to systems or devices. Content that attempts to transmit or generate malicious code (e.g., malware, trojans, vir...
You agree not to post, upload, publish, submit, or transmit any Content or use the Services to create any Output that: (a) infringes, misappropriates, or violates a third party's patent, copyright, trademark, trade secret, moral rights, or other intellectual property rights, or rights of publicity o...
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information (including Activity Data) from devices and apps you choose to connect to Strava, such as your Garmin device, Peloton account, or Apple Health app. This could include, for example, step count, sleep information, heart rate, HRV, or VO2max. If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.— Excerpt from Strava's Strava Privacy Policy
REGULATORY FRAMEWORK: This provision directly responds to obligations under the Washington My Health MY Data Act (SB 1155, effective March 2024), Nevada Consumer Health Data Privacy Law (SB 370), and Connecticut Data Privacy Act health data provisions. Under GDPR Art. 9(1), heart rate, HRV, and sleep data constitute special category health data requiring explicit consent or another Art. 9(2) basis. CCPA/CPRA §1798.121 classifies health data and precise geolocation as sensitive personal information with heightened opt-in and limitation rights. The FTC's 2021 publication 'Protecting Consumer Privacy and Security' and 2023 health data enforcement actions (GoodRx, BetterHelp) establish the regulatory expectation that health data will not be monetised without explicit consent.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision creates operational constraints on how Strava handles health-category data distinct from other activity data. By categorizing certain data streams (heart rate, HRV, sleep information) as health information subject to stricter protocols, the clause establishes a differentiated data handling framework that requires consent-gating and limits monetization pathways for that category of information.
Your heart rate, sleep, HRV, and VO2max data from connected devices like Garmin or Apple Health cannot be sold or used for advertising by Strava, which is a stronger protection than the default for other personal data on the platform.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.