Strava requires access to your device's precise GPS location to enable its core features, and collects and stores your location data including real-time location when using features like Beacon.
Precise and persistent GPS data creates a detailed record of your physical movements that could be sensitive from a safety, security, or personal privacy standpoint.
Persistent precise location data collection implicates GDPR Article 6 lawful basis requirements and qualifies as sensitive data under several US state privacy laws. The requirement to grant precise location access for core functionality may limit meaningful consent under GDPR proportionality principles.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.