Strava collects your precise GPS location as a core requirement of the service, and while you can turn off location sharing at the device level, doing so will disable key features like activity tracking and route mapping.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision conditions access to core service functionality on the collection and processing of precise location data. This defines a material operational requirement for service delivery rather than an optional data practice.
Strava requires access to your device's precise GPS location for core features, and this location history is stored and used for AI features, advertising personalization, and community maps; you can revoke location access at the device level but this will prevent GPS tracking from functioning.
How other platforms handle this
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
We collect information about your precise or approximate location as determined through data such as your IP address, GPS, and other inputs from your device, with your permission where required. We may use this information to provide, personalize, and improve our services, and for safety purposes.
Device and Connection Information. Consistent with your device or browser permissions, your device or browser automatically sends us information about when and how you install, access, or use our Services. This includes information such as your device type, operating system information, browser info...
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect or infer location information when you sign up for and use the Services. For our core features to function (e.g., GPS activity tracking, routes, segments), you must grant us permission through your device to track your device's precise location. You can stop sharing precise location at any time with your device settings.— Excerpt from Strava's Strava Privacy Policy
REGULATORY LANDSCAPE: Precise geolocation data is classified as sensitive personal information under CCPA and CPRA, requiring opt-out rights and, in some state frameworks, opt-in consent. GDPR does not classify location data as a special category per se but treats it as personal data requiring a valid legal basis; where location data reveals sensitive patterns it may engage higher-risk processing standards. The FTC has issued guidance treating persistent precise location collection as a significant privacy risk. State laws in California, Colorado, Connecticut, and Virginia impose specific obligations around sensitive location data. GOVERNANCE EXPOSURE: Medium. The policy is transparent that precise location is required for core features, which is consistent with industry practice for fitness tracking apps. However, the downstream uses of location data including AI training, advertising, and Global Heatmap aggregation extend beyond what is strictly necessary for GPS activity recording, which may create tension with data minimization principles under GDPR and proportionality requirements under state laws. JURISDICTION FLAGS: California CPRA treats precise geolocation as sensitive personal information, requiring the right to limit its use and disclosure. Colorado and Connecticut privacy laws impose similar sensitive data requirements. EEA users are protected by GDPR data minimization requirements. Washington State's My Health MY Data Act may apply if location data is used in conjunction with health data to infer health conditions. CONTRACT AND VENDOR IMPLICATIONS: Service providers receiving precise location data for analytics, AI, or mapping purposes must be covered by data processing agreements specifying permitted uses and retention limits. Vendor assessments should verify that location data is not used for purposes beyond those disclosed in this policy. COMPLIANCE CONSIDERATIONS: Data minimization assessments should evaluate whether location data uses beyond GPS tracking (advertising, AI training, heatmap aggregation) are proportionate and appropriately consented under each applicable framework. Retention periods for precise location data should be documented and reviewed against regulatory expectations. Consent mechanisms for secondary location data uses should be assessed for adequacy in each jurisdiction.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision conditions access to core service functionality on the collection and processing of precise location data. This defines a material operational requirement for service delivery rather than an optional data practice.
Strava requires access to your device's precise GPS location for core features, and this location history is stored and used for AI features, advertising personalization, and community maps; you can revoke location access at the device level but this will prevent GPS tracking from functioning.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.