Strava · Strava Privacy Policy · View original document ↗

Precise GPS Location Collection as Core Feature Requirement

High severity Unique · 0 of 325 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Strava requires permission to track your device's precise GPS location for core features to function, including activity tracking, routes, and segments.

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause defines GPS location collection as a functional dependency rather than an optional feature, meaning the service architecture requires this data permission to operate core tracking and mapping capabilities. This establishes the operational baseline for service delivery.

Consumer impact (what this means for users)

Using Strava's core features requires granting continuous precise GPS location access, meaning Strava builds a long-term record of exactly where and when you exercise, which can reveal your home, workplace, and daily routines.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    On iOS or Android, go to your device Settings, navigate to Privacy or App Permissions, find Location Services, select Strava, and change location access to 'Never' or 'While Using' to limit continuous GPS tracking.

How other platforms handle this

Uber Medium

Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...

Airbnb Medium

We collect information about your precise or approximate location as determined through data such as your IP address, GPS, and other inputs from your device, with your permission where required. We may use this information to provide, personalize, and improve our services, and for safety purposes.

Anthropic Medium

Device and Connection Information. Consistent with your device or browser permissions, your device or browser automatically sends us information about when and how you install, access, or use our Services. This includes information such as your device type, operating system information, browser info...

See all platforms with this clause type →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
For our core features to function (e.g., GPS activity tracking, routes, segments), you must grant us permission through your device to track your device's precise location. You can stop sharing precise location at any time with your device settings.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: Precise location data is classified as sensitive personal information under CCPA/CPRA Cal. Civ. Code §1798.121(a), requiring the right to limit its use and disclosure. Under GDPR, precise location data processing requires a clear lawful basis under Art. 6 and must satisfy data minimization under Art. 5(1)(c). The Washington My Health MY Data Act covers location data that can identify health-related behaviors. Illinois users may have protections under the Illinois Location Data Privacy Act if enacted. FTC Act Section 5 applies to deceptive location data practices. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has active enforcement jurisdiction over companies that collect and misuse precise location data under FTC Act Section 5, with recent enforcement actions establishing precedent for fitness and health app location data practices.
    File a complaint →
  • State AG
    California, Washington, Colorado, Connecticut, and Virginia AGs have enforcement authority over sensitive location data under their respective state privacy statutes including CPRA and WMHMDA.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
ePrivacy Directive
European Union
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
May 5, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001431
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
Content hash (SHA-256)
e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342
Analysis generated
April 1, 2026 14:09 UTC
Methodology
summarize_document-v7
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-001431
Captured: 2026-04-01 14:09:14 UTC
SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/precise-gps-location-collection-as-core-feature-requirement/
Accessed: May 20, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories
Data collection

Other risks in this policy

Related Analysis

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's Precise GPS Location Collection as Core Feature Requirement clause do?

The clause defines GPS location collection as a functional dependency rather than an optional feature, meaning the service architecture requires this data permission to operate core tracking and mapping capabilities. This establishes the operational baseline for service delivery.

How does this clause affect you?

Using Strava's core features requires granting continuous precise GPS location access, meaning Strava builds a long-term record of exactly where and when you exercise, which can reveal your home, workplace, and daily routines.

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.