If you give Strava access to your phone or social media contacts, it will continuously access and store that contact list to suggest connections, not just a one-time sync.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Ongoing access to your contact list means Strava collects and stores information about people who have never signed up for Strava and who have not consented to having their data processed by the service.
Granting Strava access to your contacts means your friends' and colleagues' names and contact details are stored by Strava even if those individuals are not Strava users, and this access is ongoing rather than a single import.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You can choose to share contacts from your mobile device or social networking accounts. If you share this information, we will regularly access and store it to help you connect with Strava users you may know.— Excerpt from Strava's Strava Privacy Policy
REGULATORY LANDSCAPE: The collection and storage of contact data belonging to individuals who have not consented to Strava's data processing raises questions under GDPR, specifically regarding the lawful basis for processing non-user personal data and whether such individuals' rights can be honored. CCPA may apply if contacts include California residents. The FTC Act applies to the adequacy of disclosure about ongoing contact access. GOVERNANCE EXPOSURE: Medium. The phrase 'regularly access and store' indicates persistent rather than one-time data collection, which expands the scope of data held by Strava beyond its own user base. GDPR's accountability principle requires that Strava identify a lawful basis and respond to rights requests from non-user contacts whose data is held, which creates operational complexity. JURISDICTION FLAGS: EEA users whose contacts include non-consenting individuals present GDPR exposure. Illinois users may face considerations under BIPA if contact data includes biometric identifiers, though this is unlikely in typical contact sync scenarios. California users granting contact access implicate CCPA for California-resident contacts who are not Strava users. CONTRACT AND VENDOR IMPLICATIONS: Contact data should be treated with the same data protection standards as directly collected user data. Service providers accessing contact data for matching or suggestion features must be covered by appropriate data processing agreements. COMPLIANCE CONSIDERATIONS: The legal basis for processing contact data of non-users should be documented and reviewed, particularly for EEA users. Retention periods for contact data should be clearly defined. Users should be informed of how to revoke contact access and whether previously stored contacts are deleted upon revocation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Ongoing access to your contact list means Strava collects and stores information about people who have never signed up for Strava and who have not consented to having their data processed by the service.
Granting Strava access to your contacts means your friends' and colleagues' names and contact details are stored by Strava even if those individuals are not Strava users, and this access is ongoing rather than a single import.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.