What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.strava.com/athlete/delete_your_account', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Log into Strava, navigate to Settings > My Account > Delete Account, and follow the account deletion steps; after deletion, submit a separate data deletion request via Strava's privacy request form at https://www.strava.com/athlete/privacy to confirm all personal data has been removed.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over failures to honor data deletion commitments under FTC Act Section 5, including cases where data claimed to be deleted is retained by service providers.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'California, Washington, and other state AGs have enforcement authority over violations of statutory data deletion rights under CCPA §1798.105 and WMHMDA.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention and Account Deletion clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Retention and Account Deletion clauses across approximately 3 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Retention and Account Deletion — Strava

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

When you delete your Strava account, the policy states that your data will be deleted, but some data may be retained for legal, safety, or business purposes, and aggregated or deidentified data derived from your activities may be retained indefinitely.

ⓘ

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The provision defines the operational parameters for data removal, establishing both a processing delay and a permanent deletion standard. This creates an irreversible endpoint for account recovery and historical activity data.

Consumer impact (what this means for users)

Deleting your Strava account removes your personal profile and activities, but data derived from your GPS routes — such as your contributions to the Global Heatmap — may continue to be used by Strava in aggregated form even after deletion.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Log into Strava, navigate to Settings > My Account > Delete Account, and follow the account deletion steps; after deletion, submit a separate data deletion request via Strava's privacy request form at https://www.strava.com/athlete/privacy to confirm all personal data has been removed.

How other platforms handle this

WhatsApp Medium

We store information until it is no longer necessary to provide our services and WhatsApp Products, or until your account is deleted or becomes inactive, whichever comes first. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and pro...

State Farm Medium

Some operating system developers, such as Apple, allow mobile application users to request deletion of accounts created within an application. If you request deletion of your account, State Farm may still retain your information for legal, auditing, regulatory and business purposes. Retention period...

X Medium

If you follow the instructions here, your account will be deactivated and your data will be queued for deletion. When deactivated, your X account, including your display name, username, and public profile, will no longer be viewable on X.com, X for iOS, and X for Android. For up to 30 days after dea...

See all platforms with this clause type →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Following deletion of your account, it may take up to 45 days to delete your personal information and system logs from our systems. Once deleted, we cannot reinstate your data, including your account, activities, and place on leaderboards.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: Data retention and erasure implicates GDPR Art. 17 (right to erasure — 'right to be forgotten'), GDPR Art. 5(1)(e) (storage limitation — data retained no longer than necessary), CCPA/CPRA §1798.105 (right to delete), and Washington My Health MY Data Act RCW 70.370.060 (right to deletion of consumer health data). GDPR Art. 17(3) permits retention exceptions for legal obligations, public interest, or establishment/exercise/defence of legal claims. The scope of 'deidentified data' exemptions under CCPA §1798.145(a)(5) is contested. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has enforcement authority over failures to honor data deletion commitments under FTC Act Section 5, including cases where data claimed to be deleted is retained by service providers.
File a complaint →
State AG

California, Washington, and other state AGs have enforcement authority over violations of statutory data deletion rights under CCPA §1798.105 and WMHMDA.
File a complaint →

Applicable regulations

United States Federal

Indiana Consumer Data Protection Act

US-IN

UK GDPR

United Kingdom

Provision details

Document information

Document

Strava Privacy Policy

Entity

Strava

Document last updated

May 5, 2026

Tracking information

First tracked

April 1, 2026

Last verified

April 1, 2026

Record ID

CA-P-001437

Document ID

CA-D-00272

Evidence Provenance

Source URL

https://www.strava.com/legal/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342

Analysis generated

April 1, 2026 14:09 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-001437
Captured: 2026-04-01 14:09:14 UTC
SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/data-retention-and-account-deletion/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's Data Retention and Account Deletion clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.