Strava · Strava Privacy Policy

Data Retention Policy

Medium severity
Share 𝕏 Share in Share

What it is

Strava retains your personal information for as long as your account is active and for a period after account deletion, with some data retained longer to comply with legal obligations or resolve disputes.

Why it matters

Data retained after account deletion means your location and health information may persist on Strava's systems even after you believe you have removed your data.

Institutional analysis (Compliance & legal intelligence)

Indefinite or extended post-deletion data retention raises GDPR Article 5(1)(e) storage limitation compliance risks and conflicts with CCPA deletion rights if not adequately scoped. Retention schedules should be reviewed for proportionality and documented in data processing records.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@strava.com requesting full account and data deletion. Specify that you want confirmation of what data is retained post-deletion and the legal basis and duration of that retention.

Applicable agencies

  • State AG
    State Attorneys General enforce state privacy laws including CCPA deletion rights and may have jurisdiction over inadequate post-deletion data retention practices.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00272005
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
4ef92779e6d9839465831c47710c889808b82051cfc8f0f17c7f86d14ef82c32
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-00272005
Captured: 2026-03-20 12:12:04 UTC | SHA-256: 4ef92779e6d98394…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/data-retention-policy/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Termination Liability

Other provisions in this document