Strava can use your health data — including heart rate, GPS routes, and fitness metrics — to train and improve its AI and machine learning systems, depending on your privacy settings.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.
Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.
How other platforms handle this
We collect information about transactions made with Visa cards and other Visa payment products or services. This includes information about the transaction such as the date, time, amount, currency, merchant name and location, and the type of payment method used.
We may use aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for any purpose, including sharing it with partners, advertisers, and other third parties. This information is not subject to the restrictions in this Privacy Policy.
We use the information we collect to send you ads and other commercial and sponsored content. We use the information we have to deliver our products, including to personalize features and content and make suggestions for you on and off our products. We share information across the Meta Companies.
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We use and develop machine learning ("ML") and artificial intelligence (including large language models) ("AI") to provide features designed to enhance your training and improve the Services ("AI Features"). AI Features include, for example, protecting the integrity and security of our Services (such as detecting anomalies on leaderboards), generating route recommendations, or providing personalized training guidance. Depending on your privacy controls and sharing permissions, we also may use personal information such as health and Location Information for AI Features, for example, to provide you with training analysis and recommendations.— Excerpt from Strava's Strava Privacy Policy
REGULATORY FRAMEWORK: This provision directly implicates GDPR Art. 9(1) (prohibition on processing special category data including health data) and requires a lawful basis under Art. 9(2) — most likely explicit consent (Art. 9(2)(a)) or necessity for healthcare purposes (Art. 9(2)(h), which does not apply here). Additionally, GDPR Art. 22 may apply if AI processing produces significant decisions about individuals. CCPA/CPRA §1798.100 and §1798.121 (sensitive personal information) are engaged because health and precise geolocation data are classified as sensitive PI under CPRA; consumers have the right to limit use of sensitive PI. The Washington My Health MY Data Act requires separate consent for collection and sharing of consumer health data. The FTC Act Section 5 is engaged given FTC guidance on health data and AI (2021-2023 policy statements). The primary enforcement authorities are EU/EEA DPAs (likely Irish DPC), California Privacy Protection Agency (CPPA), Washington State AG, and the FTC.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework through which Strava processes user health data and location information for machine learning model development and feature generation. The authorization is contingent on user-configured privacy controls and sharing permissions, establishing a conditional consent mechanism for AI training uses.
Your heart rate, GPS routes, and performance data may be used to train Strava's AI systems, meaning sensitive health information collected during your workouts has a secondary use beyond personal performance tracking.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.