When you connect Strava to other apps or devices (like Garmin, Apple Health, or Peloton), Strava collects additional health data including sleep data, HRV, and VO2max, but states it will not sell this health data or use it for advertising.
Connecting third-party health devices expands the scope of sensitive data Strava holds about you, though the policy includes specific protections limiting how this health data can be used.
The health data collected via third-party integrations (HRV, VO2max, sleep data) constitutes special category data under GDPR Article 9 and may be subject to state consumer health data laws. The commitment not to sell or use for advertising is a positive compliance indicator, but the carve-outs for AI training and service improvement should be assessed for adequacy.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS location, health metrics, and fitness activity, which is used for AI model training, advertising, and publicly accessible features like the Global Heatmap. Consumers should be aware that even with default settings, their anonymized or aggregated activity data may contribute to public features visible to anyone. You can adjust your privacy controls in Strava account settings at https://www.strava.com/settings/privacy to limit data visibility and opt out of certain data uses.