What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://support.strava.com/hc/en-us/articles/216918647', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "To opt out of the Global Heatmap, set your activities to 'Everyone' visibility exclusion or submit a data deletion request via Strava's support portal; review Strava's Heatmap opt-out support article for the current mechanism.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': "The FTC has authority over deceptive data practices if Strava's description of Heatmap data as 'aggregated or deidentified' does not meet the standard of genuine anonymization under FTC Act Section 5.", 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Global Heatmap Built from Individual GPS Data clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Global Heatmap Built from Individual GPS Data — Strava

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Strava uses your GPS activity data to contribute to its Global Heatmap, a publicly accessible map showing aggregated movement patterns of all Strava users around the world.

ⓘ

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes the operational basis for Strava's aggregation and sharing of user-generated location data at scale. This authorization applies to all users whose activities contribute to these features unless explicitly opted out through available settings.

Consumer impact (what this means for users)

Your GPS routes contribute to Strava's publicly viewable Global Heatmap, which can reveal where you regularly run or cycle — including your home neighborhood — even if your individual activities are set to private.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

To opt out of the Global Heatmap, set your activities to 'Everyone' visibility exclusion or submit a data deletion request via Strava's support portal; review Strava's Heatmap opt-out support article for the current mechanism.

How other platforms handle this

Max Medium

Our Privacy Policy explains what information we process when you use our products and describes how that information is collected and used. It also includes details about your rights and how to contact us. The Supplement provides additional information for residents of certain states and countries.

LinkedIn Medium

If you are in the 'Designated Countries', LinkedIn Ireland Unlimited Company ('LinkedIn Ireland') will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services. If you are outside of the Designated Countries, LinkedIn Corporation will ...

Windsurf Medium

Crusoe (Sees code data for inference): We manage Crusoe's compute for training some of our custom models, as well as hosting some of our custom models. Modal (Sees code data for inference): We manage Modal's compute for training some of our custom models, as well as hosting some of our custom models...

See all platforms with this clause type →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
We may also use your activities to generate our Global Heatmap and other community-powered features such as Points of Interest and Start Points. We may also share aggregated or deidentified information, such as usage or demographics.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1)(f) (legitimate interests as legal basis for aggregated data), GDPR Art. 89 (safeguards for processing for statistical purposes, including deidentification requirements), GDPR Art. 5(1)(b) (purpose limitation — GPS collected for activity tracking repurposed for public mapping), and CCPA/CPRA §1798.100 (right to know how data is used). The question of whether Heatmap data is genuinely deidentified under GDPR standards (Recital 26) is a live compliance issue. Enforcement authority: Irish DPC, CPPA, and EU supervisory authorities. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has authority over deceptive data practices if Strava's description of Heatmap data as 'aggregated or deidentified' does not meet the standard of genuine anonymization under FTC Act Section 5.
File a complaint →

Applicable regulations

United States Federal

ePrivacy Directive

European Union

FTC Act Section 5

United States Federal

GDPR

European Union

HIPAA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Strava Privacy Policy

Entity

Strava

Document last updated

May 5, 2026

Tracking information

First tracked

April 1, 2026

Last verified

April 1, 2026

Record ID

CA-P-001430

Document ID

CA-D-00272

Evidence Provenance

Source URL

https://www.strava.com/legal/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342

Analysis generated

April 1, 2026 14:09 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-001430
Captured: 2026-04-01 14:09:14 UTC
SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/global-heatmap-built-from-individual-gps-data/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

High

Other risks in this policy

Related Analysis

What 38 AI Companies Actually Say About Your Data (2026)
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's Global Heatmap Built from Individual GPS Data clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.