Strava can take your workout data, strip out your name, and sell or license it to cities, researchers, or other commercial partners through its Metro program, and this right continues even after you delete your account.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The commercial use of de-identified fitness and location data is disclosed and acknowledged as continuing even after account deletion, which means data derived from your activities may remain in commercial use after you leave the platform.
Interpretive note: Whether aggregated workout and location data meets the legal standard of anonymization under GDPR or de-identification under CCPA is not addressed in the document and depends on the technical methodology applied, which is not disclosed in these terms.
Your aggregated and de-identified workout data, including location and activity patterns, can be commercialized by Strava through Metro and research programs without paying you, and this right persists after account closure.
How other platforms handle this
We may link or combine information that we collect about you (such as linking your travel booking to your AAdvantage® account, or adding saved AAdvantage® account information to your booking). This may include information that we collect offline (such as in-person airport interactions), information ...
Perplexity may collect and use aggregated and de-identified data derived from Customer's and Authorized Users' use of the Service for purposes of improving, developing, and enhancing the Service and Perplexity's AI models, provided that such data does not identify Customer or any individual user.
If you access or use any of Oura's location-based services, such as by enabling GPS-based activity tracking through our Services, Oura may process the approximate or precise location of your device while the service is active. This data may be obtained via your device's service provider network ID, ...
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You agree that Strava may use, without compensation to you, any de-identified data created from your use of the Services, including in Strava's Metro and other research or commercial activities, and you agree that this right is not limited by the deletion or termination of your account.— Excerpt from Strava's Strava Terms of Service
(1) REGULATORY LANDSCAPE: The de-identification and commercialization of fitness and location data engages GDPR for EU/EEA users, particularly regarding whether de-identification meets the standard of anonymization under GDPR guidance; if data is not truly anonymous, GDPR consent and purpose limitation obligations may apply. CCPA is relevant for California users, who have rights to know about and opt out of the sale or sharing of personal information, depending on whether aggregated data constitutes personal information under that statute. (2) GOVERNANCE EXPOSURE: Medium. The provision is disclosed and framed as de-identified, but the persistence of commercialization rights post-account-deletion is operationally significant and may create tension with GDPR right to erasure principles if de-identification is not robust. (3) JURISDICTION FLAGS: EU/EEA users face the highest regulatory exposure; if Metro data could be re-identified, GDPR Article 17 right to erasure and Article 9 special category data protections may be engaged. California users should assess CCPA sale and sharing opt-out rights. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations purchasing Metro data or entering research partnerships with Strava should assess the provenance and de-identification standard of the underlying data to manage downstream privacy liability. (5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the de-identification methodology applied to Metro data meets GDPR anonymization standards; if not, the post-deletion commercialization right may require amendment to align with erasure obligations; privacy impact assessments may be warranted for EU/EEA data flows.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The commercial use of de-identified fitness and location data is disclosed and acknowledged as continuing even after account deletion, which means data derived from your activities may remain in commercial use after you leave the platform.
Your aggregated and de-identified workout data, including location and activity patterns, can be commercialized by Strava through Metro and research programs without paying you, and this right persists after account closure.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.