Strava · Strava Privacy Policy · View original document ↗

Health Data Collection and AI Training Use

High severity Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Strava can use your health data — including heart rate, GPS routes, and fitness metrics — to train and improve its AI and machine learning systems, depending on your privacy settings.

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 3, 2026
First Seen
May 7, 2026
Last Seen
This clause type exists across 381 other provisions on other platforms.

Consumer impact (what this means for users)

Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Go to your Strava account settings, navigate to Privacy Controls, and review data sharing permissions. To request deletion of health data used for AI training, submit a data deletion request via Strava's privacy request portal at https://www.strava.com/athlete/delete_account or contact privacy@strava.com.

How other platforms handle this

Walmart Medium

We collect information about you when you shop in our stores, including through store cameras, loyalty programs, payment processing systems, and other in-store technologies. This information is used to improve store operations, loss prevention, and marketing.

LinkedIn Medium

We target (and measure the performance of) ads to Members, Visitors and others both on and off our Services directly or through a variety of partners, using the following data, whether separately or combined: Data from advertising technologies on and off our Services, like web beacons, pixels, ad ta...

Microsoft Azure Medium

Microsoft uses data we collect to provide you with rich, interactive experiences. In particular, we may use data to show you advertising or serve Microsoft-selected content within Microsoft products and services. Microsoft does not use what you say in email, chat, video calls, or voice mail to targe...

See all platforms with this clause type →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We use and develop machine learning ("ML") and artificial intelligence (including large language models) ("AI") to provide features designed to enhance your training and improve the Services ("AI Features"). AI Features include, for example, protecting the integrity and security of our Services (such as detecting anomalies on leaderboards), generating route recommendations, or providing personalized training guidance. Depending on your privacy controls and sharing permissions, we also may use personal information such as health and Location Information for AI Features, for example, to provide you with training analysis and recommendations.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: This provision directly implicates GDPR Art. 9(1) (prohibition on processing special category data including health data) and requires a lawful basis under Art. 9(2) — most likely explicit consent (Art. 9(2)(a)) or necessity for healthcare purposes (Art. 9(2)(h), which does not apply here). Additionally, GDPR Art. 22 may apply if AI processing produces significant decisions about individuals. CCPA/CPRA §1798.100 and §1798.121 (sensitive personal information) are engaged because health and precise geolocation data are classified as sensitive PI under CPRA; consumers have the right to limit use of sensitive PI. The Washington My Health MY Data Act requires separate consent for collection and sharing of consumer health data. The FTC Act Section 5 is engaged given FTC guidance on health data and AI (2021-2023 policy statements). The primary enforcement authorities are EU/EEA DPAs (likely Irish DPC), California Privacy Protection Agency (CPPA), Washington State AG, and the FTC.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over unfair or deceptive health data practices under FTC Act Section 5, including the secondary use of health data for AI training without adequate disclosure or consent.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
CAN-SPAM
United States Federal
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
May 5, 2026
Tracking information
First tracked
May 7, 2026
Last verified
May 7, 2026
Record ID
CA-P-001429
Document ID
CA-D-00272
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
a0dee42f2c4ab44ff62ed59163cb495a9cd4b5c0dc733b68d4ce9c4b4cd0a61f
Analysis generated
May 7, 2026 14:19 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-001429
Captured: 2026-05-07 14:19:58 UTC
SHA-256: a0dee42f2c4ab44f…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/health-data-collection-and-ai-training-use/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's Health Data Collection and AI Training Use clause do?

This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.

How does this clause affect you?

Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.