Strava · Strava Privacy Policy

Connected Devices and Third-Party Health Data Integration

Medium severity
Share 𝕏 Share in Share

What it is

Strava collects health data such as step count, sleep information, heart rate, HRV, and VO2max from connected devices and apps like Garmin, Peloton, and Apple Health that you link to your account.

Why it matters

Connecting fitness devices and apps to Strava expands the scope of health data Strava holds significantly, and users may not fully appreciate how much sensitive health data flows into Strava from these integrations.

Institutional analysis (Compliance & legal intelligence)

Collection of health data via third-party integrations triggers analysis under GDPR Article 9, HIPAA (if applicable), CCPA sensitive personal information rules, and the Washington My Health MY Data Act. The explicit commitment not to sell or use for advertising health data from integrations is a notable but contractually limited safeguard.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Go to strava.com/settings/apps to view and disconnect any third-party device or app integrations you no longer want sharing data with Strava. Then contact privacy@strava.com to request deletion of previously collected health data from those integrations.

Applicable agencies

  • FTC
    The FTC has authority over collection and misuse of health data, including from fitness tracking integrations, and has issued guidance on health data privacy practices.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00272004
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
4ef92779e6d9839465831c47710c889808b82051cfc8f0f17c7f86d14ef82c32
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-00272004
Captured: 2026-03-20 12:12:04 UTC | SHA-256: 4ef92779e6d98394…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/connected-devices-and-third-party-health-data-integration/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Data sharing Consent

Other provisions in this document