Strava may use your recorded activity data — including your GPS routes — to contribute to its publicly visible Global Heatmap, which shows aggregate movement patterns of all users globally.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the operational scope of data use for product features and community engagement. It defines which user-generated content and activity metrics the service processes to create aggregated or anonymized outputs, and specifies that some personal data (public photos) may be shared within the platform's community features.
Your GPS workout routes may be incorporated into Strava's publicly accessible Global Heatmap, and researchers and journalists have previously demonstrated that this data can reveal sensitive location patterns even for users who believe their activities are anonymous.
Cross-platform context
See how other platforms handle Global Heatmap and Aggregated Activity Data and similar clauses.
Compare across platforms →Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We help users find new ways and places to be active, and understand how others are engaging in activities. For example, we may share your public photos along routes or segments. We may also use your activities to generate our Global Heatmap and other community-powered features such as Points of Interest and Start Points. We may also share aggregated or deidentified information, such as usage or demographics.— Excerpt from Strava's Strava Privacy Policy
REGULATORY FRAMEWORK: This provision engages GDPR Recital 26 and the standard for genuine anonymisation — data is only outside the GDPR's scope if re-identification is not 'reasonably likely.' The ICO and Article 29 Working Party (WP216) have both issued guidance that aggregated GPS data frequently fails true anonymisation standards. CCPA/CPRA §1798.140(m) defines deidentified data with specific technical and administrative safeguards that must be met. The FTC's 2012 Privacy Report and subsequent guidance on deidentification establish a three-part test (reasonable safeguards, no re-identification, contractual restrictions on downstream recipients) that this provision may not satisfy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the operational scope of data use for product features and community engagement. It defines which user-generated content and activity metrics the service processes to create aggregated or anonymized outputs, and specifies that some personal data (public photos) may be shared within the platform's community features.
Your GPS workout routes may be incorporated into Strava's publicly accessible Global Heatmap, and researchers and journalists have previously demonstrated that this data can reveal sensitive location patterns even for users who believe their activities are anonymous.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.