Strava's services are not intended for children under 13 (or a higher age depending on local law), and the policy describes how it handles data for users aged 13-17.
Parents and guardians should be aware that teenagers aged 13-17 may use Strava, and their data — including location and health information — is collected and processed under this policy.
Age restriction provisions implicate COPPA (for under-13 users), as well as GDPR Article 8 (which sets age of digital consent at 13-16 depending on member state) and UK GDPR Age Appropriate Design Code obligations. Compliance teams should assess whether Strava's age verification mechanisms are adequate to prevent collection of data from users below the applicable consent age.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS location, health metrics, and fitness activity, which is used for AI model training, advertising, and publicly accessible features like the Global Heatmap. Consumers should be aware that even with default settings, their anonymized or aggregated activity data may contribute to public features visible to anyone. You can adjust your privacy controls in Strava account settings at https://www.strava.com/settings/privacy to limit data visibility and opt out of certain data uses.