Strava · Strava Privacy Policy · View original document ↗

User Rights for US State Residents

Medium severity Medium confidence Explicitdocumentlanguage Unique · 0 of 325 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Strava Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

US users in certain states have additional privacy rights, including rights related to accessing, deleting, or opting out of sale of their personal information, addressed in a separate state notice and Consumer Health Data Policy.

This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Depending on your state of residence, you may have specific legal rights to access, delete, correct, or limit the use of your personal data, including health data, that go beyond what Strava's general policy describes.

Interpretive note: The full scope of rights and mechanisms is contained in a separate state notice and Consumer Health Data Policy not fully reproduced here, creating uncertainty about the completeness of rights disclosure in the main policy.

Consumer impact (what this means for users)

If you live in California, Washington, Colorado, Connecticut, or other states with privacy laws, you may have enforceable rights to access, delete, or restrict use of your personal information, including health data collected by Strava.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Navigate to the Privacy Choices or state-specific section of Strava's privacy policy at strava.com/legal/privacy. Follow the links for your state's privacy rights to submit a data access, deletion, correction, or opt-out request using Strava's privacy rights request form.

Cross-platform context

See how other platforms handle User Rights for US State Residents and similar clauses.

Compare across platforms →

Monitoring

Strava has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.

— Excerpt from Strava's Strava Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision engages CCPA and CPRA for California residents, the Washington State My Health MY Data Act for consumer health data, and analogous privacy laws in Colorado, Connecticut, Virginia, Texas, Oregon, and other states with comprehensive privacy frameworks. Enforcement authorities include the California Privacy Protection Agency, California AG, Washington AG, and other state attorneys general. GOVERNANCE EXPOSURE: Medium. The policy's reference to a separate state notice and Consumer Health Data Policy creates a multi-document compliance structure that requires users to navigate multiple documents to understand their full rights. Compliance teams must ensure the state notice and Consumer Health Data Policy are consistent with the main Privacy Policy and with each applicable state law, including ensuring opt-in consent mechanisms are in place where required (such as for sensitive data under MHMD). JURISDICTION FLAGS: California residents have the broadest set of rights under CPRA including the right to limit use of sensitive personal information and the right to correct. Washington State's MHMD creates opt-in consent requirements for health data collection that are stricter than CCPA. Colorado, Connecticut, and Virginia residents have opt-out rights for targeted advertising and profiling. The multi-state compliance landscape is rapidly evolving. CONTRACT AND VENDOR IMPLICATIONS: Vendor contracts must support data subject rights fulfillment including deletion and access requests that extend to data held by service providers. Data mapping must be sufficiently detailed to fulfill requests within statutory timeframes (typically 45 days under most state laws). COMPLIANCE CONSIDERATIONS: Data subject rights request workflows should be reviewed to ensure they cover all applicable state frameworks and can be fulfilled within required timeframes. The Consumer Health Data Policy should be reviewed for consistency with the main policy. Opt-in consent mechanisms for Washington State health data collection should be audited. The state notice should be reviewed for completeness against each applicable state law's required disclosures.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    State attorneys general in California, Washington, Colorado, and other states with comprehensive privacy laws have enforcement authority over violations of consumer data rights
    File a complaint →
  • FTC
    The FTC has authority over unfair or deceptive practices related to privacy rights disclosures and whether stated rights mechanisms function as described
    File a complaint →

Provision details

Document information
Document
Strava Privacy Policy
Entity
Strava
Document last updated
May 5, 2026
Tracking information
First tracked
May 9, 2026
Last verified
May 9, 2026
Record ID
CA-P-007789
Document ID
CA-D-00272
Evidence Provenance
Source URL
https://www.strava.com/legal/privacy
Wayback Machine
View archived versions →
Content hash (SHA-256)
1f04cde7030a965e9a65ea78be50fec4717b7bbf6a378112228c49d14a8f6010
Analysis generated
May 9, 2026 22:52 UTC
Methodology
summarize_document-v8
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Strava
Document: Strava Privacy Policy
Record ID: CA-P-007789
Captured: 2026-05-09 22:52:22 UTC
SHA-256: 1f04cde7030a965e…
URL: https://conductatlas.com/platform/strava/strava-privacy-policy/user-rights-for-us-state-residents/
Accessed: May 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories
Unknown

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Strava's User Rights for US State Residents clause do?

Depending on your state of residence, you may have specific legal rights to access, delete, correct, or limit the use of your personal data, including health data, that go beyond what Strava's general policy describes.

How does this clause affect you?

If you live in California, Washington, Colorado, Connecticut, or other states with privacy laws, you may have enforceable rights to access, delete, or restrict use of your personal information, including health data collected by Strava.

Is ConductAtlas affiliated with Strava?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.