Strava · Strava Privacy Policy

User Privacy Controls and Default Visibility Settings

Medium severity
Share 𝕏 Share in Share

Why it matters

The existence of privacy controls is positive, but the complexity of multiple overlapping settings — including separate opt-outs for Heatmap, Flyby, and other features — means users may believe their data is private when it is still being used in ways they did not intend.

Consumer impact

Strava collects detailed GPS location, health metrics (heart rate, HRV, VO2max), and activity data that can reveal sensitive personal information such as home address, daily routines, and health conditions. This data is used for AI model training, shared in community features like the Global Heatmap, and may be accessible to other users depending on your privacy settings. You can reduce exposure by navigating to Settings > Privacy Controls in the Strava app to set default activity visibility to 'Only Me,' disable Flyby, and request exclusion from the Global Heatmap.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Open Strava, go to Settings > Privacy Controls, review each setting including activity visibility, Flyby, and Group Activities, and set each to your preferred level; note that Heatmap opt-out may require a separate support request.

Applicable agencies

  • FTC
    The FTC has enforcement authority over dark patterns and deceptive privacy control designs under FTC Act Section 5, including cases where complex layered opt-outs obscure the full scope of data use.
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
March 24, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001436
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
SHA-256
e06a34dfa42e1d94055f19b53ac2aaa4928a0edaacc3e46388b431c9a71ed342
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Strava | Document: Strava Privacy Policy | Record: CA-P-001436
Captured: 2026-04-01 14:09:14 UTC | SHA-256: e06a34dfa42e1d94…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/user-privacy-controls-and-default-visibility-settings/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy rights

Other provisions in this document