Strava · Strava Privacy Policy

Health Data Excluded from Advertising

Medium severity
Share š• Share in Share

What it is

Strava promises it will not sell or use your health data (such as heart rate, HRV, or VO2max) for advertising, and will not share it with third parties without your consent.

Why it matters

Health and biometric data is among the most sensitive personal information you can share, and this provision limits how it can be monetized.

Institutional analysis (Compliance & legal intelligence)

This provision engages GDPR Article 9 special category data obligations and Washington's My Health MY Data Act; compliance teams should verify that consent mechanisms and data flow controls operationalize this commitment across all third-party integrations.

šŸ”’

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Strava collects highly sensitive personal data including precise GPS location history, health metrics (heart rate, HRV, VO2max), and biometric data, which is used for AI training, advertising personalization, and aggregated into publicly visible features like the Global Heatmap. Your activity data may be shared with third-party advertising partners, though Strava commits not to use health data for advertising. You can adjust your data sharing and visibility settings by navigating to Privacy Controls in the Strava app settings, and can request data deletion by visiting strava.com/athlete/delete_your_account.

Applicable agencies

  • FTC
    The FTC enforces against unfair or deceptive data practices, including failures to honour stated health data protections.
    File a complaint →
  • State AG
    State attorneys general can enforce health data privacy laws such as Washington's My Health MY Data Act.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
March 24, 2026
Last verified
March 24, 2026
Record ID
CA-P-00272000
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
99a34943ad64442e7d68f3f6bffd5e9bfc5690540511c7def4720cfd5baead62
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-00272000
Captured: 2026-03-24 07:45:21 UTC | SHA-256: 99a34943ad64442eā€¦
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/health-data-excluded-from-advertising/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Data sharing Consent

Other provisions in this document