Strava provides privacy controls allowing you to set who can see your activities, adjust map visibility, create privacy zones, and manage what data is shared with other users and third parties.
The existence of granular privacy controls means users have meaningful ability to limit data exposure, but these controls must be actively configured — the defaults may expose more data than users expect.
Provision of privacy controls supports GDPR data subject rights compliance and CCPA opt-out obligations. However, compliance teams should assess whether default settings align with data minimisation and privacy-by-default requirements under GDPR Article 25.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Strava collects highly sensitive personal data including precise GPS routes, heart rate, sleep data, and other health metrics, which may be used to train AI/ML models and contribute to publicly accessible features like the Global Heatmap. Health data from connected devices will not be sold or used for advertising, but activity data can be shared in aggregated or de-identified form and used for AI development. You can adjust your privacy and visibility controls in the Strava app under Settings > Privacy Controls to limit how your data is shared and used.