Strava may share your personal information with third-party service providers, corporate affiliates, and law enforcement agencies when required by law or in response to legal process.
Law enforcement disclosure provisions mean your detailed fitness and location data could be accessed by government authorities without your knowledge, particularly relevant given the sensitivity of location and health records.
Law enforcement disclosure practices must comply with applicable legal process requirements. GDPR requires transparency about such disclosures and restricts bulk transfers. US-based requests are governed by the Stored Communications Act. Compliance teams should review Strava's published Law Enforcement Guidelines for process details.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.