Strava requires access to your device's precise GPS location for core features to work, and collects your live location data which can be shared with other users via features like Strava Beacon.
Precise, continuous GPS tracking creates a detailed record of where you go and when, which could be used to infer sensitive information about your home, workplace, religious attendance, or medical visits.
Continuous precise location tracking constitutes processing of sensitive data under GDPR and various US state privacy laws; compliance teams should assess purpose limitation, retention periods, and adequacy of consent for live location sharing features.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS location history, health metrics (heart rate, HRV, VO2max), and biometric data, which is used for AI training, advertising personalization, and aggregated into publicly visible features like the Global Heatmap. Your activity data may be shared with third-party advertising partners, though Strava commits not to use health data for advertising. You can adjust your data sharing and visibility settings by navigating to Privacy Controls in the Strava app settings, and can request data deletion by visiting strava.com/athlete/delete_your_account.