Strava · Strava Privacy Policy

Health Data AI Training Use

High severity
Share 𝕏 Share in Share

What it is

Strava may use your health data — including heart rate, sleep data, and other fitness metrics — to train its AI and machine learning models, subject to your privacy controls and sharing permissions.

Why it matters

Health data is among the most sensitive personal information and using it for AI training raises significant privacy concerns, particularly regarding what future uses those models may be applied to.

Institutional analysis (Compliance & legal intelligence)

Use of health data for AI/ML training implicates GDPR Article 9 (special category data), CCPA/CPRA sensitive personal information provisions, and Washington My Health MY Data Act. Legal teams should verify lawful basis, consent adequacy, and whether AI training constitutes a compatible purpose under applicable law.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@strava.com to request deletion of your health data or to object to its use in AI training. Specify the categories of data and the processing activity you wish to restrict.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive data practices including the use of sensitive health data for AI training without adequate disclosure or consent.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00272000
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
4ef92779e6d9839465831c47710c889808b82051cfc8f0f17c7f86d14ef82c32
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-00272000
Captured: 2026-03-20 12:12:04 UTC | SHA-256: 4ef92779e6d98394…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/health-data-ai-training-use/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Privacy Consent Surveillance

Other provisions in this document