If you allow Strava access to your phone contacts, Strava will regularly and continuously access and store your contacts' personal information — not just once — to suggest people you may know on the platform.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes a mechanism for contact data collection that operates on an ongoing basis rather than a one-time transfer. Regular access and storage enables the service to maintain updated contact lists for the purpose of identifying and suggesting connections between existing users.
Granting Strava access to your phone contacts means Strava stores information about all your contacts — people who have not agreed to Strava's terms — and regularly re-accesses that data, raising concerns about consent for third-party individuals.
Cross-platform context
See how other platforms handle Contacts Information Access and Storage and similar clauses.
Compare across platforms →Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You can choose to share contacts from your mobile device or social networking accounts. If you share this information, we will regularly access and store it to help you connect with Strava users you may know.— Excerpt from Strava's Strava Privacy Policy
REGULATORY FRAMEWORK: Under GDPR Art. 6, Strava must have a lawful basis for processing contacts' personal data — these individuals are third parties who have not consented. The GDPR's accountability principle (Art. 5(2)) and transparency requirements (Arts. 13-14) mean Strava must provide privacy information to contacts whose data is collected, which is practically difficult in a contacts-scraping scenario. CCPA/CPRA requires that if contacts' data is collected, those individuals (if California residents) retain rights under §1798.100. The FTC's 2021 enforcement action against Oath (now Yahoo) and its 2012 action against Path (which scraped contacts without adequate disclosure) establish precedent for this type of data collection. COPPA may be implicated if the contacts list includes data about minors.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes a mechanism for contact data collection that operates on an ongoing basis rather than a one-time transfer. Regular access and storage enables the service to maintain updated contact lists for the purpose of identifying and suggesting connections between existing users.
Granting Strava access to your phone contacts means Strava stores information about all your contacts — people who have not agreed to Strava's terms — and regularly re-accesses that data, raising concerns about consent for third-party individuals.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.