Strava collects your precise GPS location as a core requirement of the service, and while you can turn off location sharing at the device level, doing so will disable key features like activity tracking and route mapping.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Precise location data is among the most sensitive personal data categories because it can reveal your home address, workplace, daily patterns, and movements over time.
Strava requires access to your device's precise GPS location for core features, and this location history is stored and used for AI features, advertising personalization, and community maps; you can revoke location access at the device level but this will prevent GPS tracking from functioning.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect or infer location information when you sign up for and use the Services. For our core features to function (e.g., GPS activity tracking, routes, segments), you must grant us permission through your device to track your device's precise location. You can stop sharing precise location at any time with your device settings.— Excerpt from Strava's Strava Privacy Policy
REGULATORY LANDSCAPE: Precise geolocation data is classified as sensitive personal information under CCPA and CPRA, requiring opt-out rights and, in some state frameworks, opt-in consent. GDPR does not classify location data as a special category per se but treats it as personal data requiring a valid legal basis; where location data reveals sensitive patterns it may engage higher-risk processing standards. The FTC has issued guidance treating persistent precise location collection as a significant privacy risk. State laws in California, Colorado, Connecticut, and Virginia impose specific obligations around sensitive location data. GOVERNANCE EXPOSURE: Medium. The policy is transparent that precise location is required for core features, which is consistent with industry practice for fitness tracking apps. However, the downstream uses of location data including AI training, advertising, and Global Heatmap aggregation extend beyond what is strictly necessary for GPS activity recording, which may create tension with data minimization principles under GDPR and proportionality requirements under state laws. JURISDICTION FLAGS: California CPRA treats precise geolocation as sensitive personal information, requiring the right to limit its use and disclosure. Colorado and Connecticut privacy laws impose similar sensitive data requirements. EEA users are protected by GDPR data minimization requirements. Washington State's My Health MY Data Act may apply if location data is used in conjunction with health data to infer health conditions. CONTRACT AND VENDOR IMPLICATIONS: Service providers receiving precise location data for analytics, AI, or mapping purposes must be covered by data processing agreements specifying permitted uses and retention limits. Vendor assessments should verify that location data is not used for purposes beyond those disclosed in this policy. COMPLIANCE CONSIDERATIONS: Data minimization assessments should evaluate whether location data uses beyond GPS tracking (advertising, AI training, heatmap aggregation) are proportionate and appropriately consented under each applicable framework. Retention periods for precise location data should be documented and reviewed against regulatory expectations. Consent mechanisms for secondary location data uses should be assessed for adequacy in each jurisdiction.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Precise location data is among the most sensitive personal data categories because it can reveal your home address, workplace, daily patterns, and movements over time.
Strava requires access to your device's precise GPS location for core features, and this location history is stored and used for AI features, advertising personalization, and community maps; you can revoke location access at the device level but this will prevent GPS tracking from functioning.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.