Strava · Strava Privacy Policy

Global Heatmap and Aggregated Activity Data

High severity
Share 𝕏 Share in Share

What it is

Strava uses your recorded activities to contribute to the publicly accessible Global Heatmap, which shows aggregated movement patterns of all users on a public map.

Why it matters

Even aggregated or de-identified data contributed to the Global Heatmap has previously been shown to reveal sensitive locations such as military bases and private residences, creating real-world safety risks.

Institutional analysis (Compliance & legal intelligence)

Aggregation and public publication of GPS activity data raises GDPR re-identification risk concerns and may conflict with data minimisation principles. Prior incidents (e.g. 2018 military base exposure) demonstrate residual privacy and safety risks even in de-identified datasets.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    In the Strava app, go to Settings > Privacy Controls and enable Privacy Zones around your home and work addresses to exclude those areas from public heatmap contributions. You can also set activity visibility to 'Only You' to prevent specific activities from being included.

Applicable agencies

  • FTC
    The FTC has jurisdiction over privacy practices that may cause consumer harm, including public disclosure of location patterns that could compromise personal safety.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00272001
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
4ef92779e6d9839465831c47710c889808b82051cfc8f0f17c7f86d14ef82c32
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-00272001
Captured: 2026-03-20 12:12:04 UTC | SHA-256: 4ef92779e6d98394…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/global-heatmap-and-aggregated-activity-data/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Privacy Data sharing Surveillance

Other provisions in this document