Strava can use your health data — including heart rate, GPS routes, and fitness metrics — to train and improve its AI and machine learning systems, depending on your privacy settings.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.
Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.
How other platforms handle this
We collect information about you when you shop in our stores, including through store cameras, loyalty programs, payment processing systems, and other in-store technologies. This information is used to improve store operations, loss prevention, and marketing.
We target (and measure the performance of) ads to Members, Visitors and others both on and off our Services directly or through a variety of partners, using the following data, whether separately or combined: Data from advertising technologies on and off our Services, like web beacons, pixels, ad ta...
Microsoft uses data we collect to provide you with rich, interactive experiences. In particular, we may use data to show you advertising or serve Microsoft-selected content within Microsoft products and services. Microsoft does not use what you say in email, chat, video calls, or voice mail to targe...
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We use and develop machine learning ("ML") and artificial intelligence (including large language models) ("AI") to provide features designed to enhance your training and improve the Services ("AI Features"). AI Features include, for example, protecting the integrity and security of our Services (such as detecting anomalies on leaderboards), generating route recommendations, or providing personalized training guidance. Depending on your privacy controls and sharing permissions, we also may use personal information such as health and Location Information for AI Features, for example, to provide you with training analysis and recommendations.— Excerpt from Strava's Strava Privacy Policy
REGULATORY FRAMEWORK: This provision directly implicates GDPR Art. 9(1) (prohibition on processing special category data including health data) and requires a lawful basis under Art. 9(2) — most likely explicit consent (Art. 9(2)(a)) or necessity for healthcare purposes (Art. 9(2)(h), which does not apply here). Additionally, GDPR Art. 22 may apply if AI processing produces significant decisions about individuals. CCPA/CPRA §1798.100 and §1798.121 (sensitive personal information) are engaged because health and precise geolocation data are classified as sensitive PI under CPRA; consumers have the right to limit use of sensitive PI. The Washington My Health MY Data Act requires separate consent for collection and sharing of consumer health data. The FTC Act Section 5 is engaged given FTC guidance on health data and AI (2021-2023 policy statements). The primary enforcement authorities are EU/EEA DPAs (likely Irish DPC), California Privacy Protection Agency (CPPA), Washington State AG, and the FTC.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.
Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.