If you grant Strava permission, it will regularly access and store contacts from your phone or social media accounts to help you find other Strava users.
Strava can collect and store the personal information of people in your contacts who have never signed up for Strava or agreed to its privacy policy.
Collection of third-party contact data raises GDPR Article 6 lawful basis and Article 14 (indirect collection) transparency obligations; compliance teams should confirm that Strava's notice to data subjects whose information is collected via contact sync is adequate.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS location history, health metrics (heart rate, HRV, VO2max), and biometric data, which is used for AI training, advertising personalization, and aggregated into publicly visible features like the Global Heatmap. Your activity data may be shared with third-party advertising partners, though Strava commits not to use health data for advertising. You can adjust your data sharing and visibility settings by navigating to Privacy Controls in the Strava app settings, and can request data deletion by visiting strava.com/athlete/delete_your_account.