Strava collects data from connected third-party accounts (e.g., Google, Apple) and devices (e.g., Garmin, Peloton, Apple Health), including health data like sleep and step counts.
Connecting third-party apps and devices significantly expands the scope of data Strava receives about you, including sensitive health data you may not have intended to share directly.
Third-party data integrations create complex data provenance issues under GDPR and CCPA, requiring clear disclosure of data flows, appropriate data processing agreements with integration partners, and verification that upstream consent is valid for downstream use by Strava.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS location history, health metrics (heart rate, HRV, VO2max), and biometric data, which is used for AI training, advertising personalization, and aggregated into publicly visible features like the Global Heatmap. Your activity data may be shared with third-party advertising partners, though Strava commits not to use health data for advertising. You can adjust your data sharing and visibility settings by navigating to Privacy Controls in the Strava app settings, and can request data deletion by visiting strava.com/athlete/delete_your_account.