Strava · Strava Privacy Policy

Global Heatmap Built from Individual GPS Data

High severity
Share 𝕏 Share in Share

Why it matters

Even though the Heatmap is described as aggregated, individual users' frequent routes can be inferred from it — potentially revealing home addresses, workplaces, and daily routines — as demonstrated by real-world security incidents in 2018.

Consumer impact

Strava collects detailed GPS location, health metrics (heart rate, HRV, VO2max), and activity data that can reveal sensitive personal information such as home address, daily routines, and health conditions. This data is used for AI model training, shared in community features like the Global Heatmap, and may be accessible to other users depending on your privacy settings. You can reduce exposure by navigating to Settings > Privacy Controls in the Strava app to set default activity visibility to 'Only Me,' disable Flyby, and request exclusion from the Global Heatmap.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    To opt out of the Global Heatmap, set your activities to 'Everyone' visibility exclusion or submit a data deletion request via Strava's support portal; review Strava's Heatmap opt-out support article for the current mechanism.

Applicable agencies

  • FTC
    The FTC has authority over deceptive data practices if Strava's description of Heatmap data as 'aggregated or deidentified' does not meet the standard of genuine anonymization under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001430
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-001430
Captured: 2026-04-01 14:09:14 UTC | SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/global-heatmap-built-from-individual-gps-data/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Data usage

Other provisions in this document