When you connect Strava to other apps like Garmin, Apple Health, or challenge sponsors, those third parties collect your data under their own rules and Strava takes no responsibility for what they do with it.
This analysis describes what Strava's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Fitness and location data shared with third-party integrations falls outside Strava's privacy protections, and you may not realize how broadly your data is flowing when you connect devices or apps.
Connecting Strava to third-party apps and devices means your fitness and location data is governed by those third parties' own terms, not Strava's, with no accountability from Strava for how that data is used or protected.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
Strava has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You may also choose to connect or share information with third-party apps, plugins, or websites that integrate with the Services, like Apple Health and Garmin Connect, as well as with third parties who work with Strava to offer an integrated feature, such as a challenge sponsor, media streaming, or tracking device. Information collected by these third parties is subject to their own terms and policies, and Strava is not responsible for the terms or policies of third parties.— Excerpt from Strava's Strava Terms of Service
(1) REGULATORY LANDSCAPE: The disclaimer of responsibility for third-party data practices engages GDPR controller and processor liability frameworks for EU/EEA users; depending on the nature of the integration, Strava may still bear joint controller responsibility in some data flows despite the contractual disclaimer. CCPA is relevant for California users where data is shared with third parties who may qualify as data brokers or buyers. (2) GOVERNANCE EXPOSURE: Medium. The breadth of third-party integrations, including challenge sponsors and tracking devices, means significant volumes of sensitive fitness and location data may flow outside Strava's data governance framework; the contractual disclaimer does not eliminate potential regulatory liability. (3) JURISDICTION FLAGS: EU/EEA users face the highest exposure, as GDPR joint controller principles may impose obligations on Strava regardless of contractual disclaimers; California users should assess whether third-party data flows constitute a 'sale' or 'sharing' under CCPA. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise or institutional users who deploy Strava alongside third-party integrations should conduct independent vendor assessments of each integration, as Strava's terms provide no assurance of third-party compliance. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should include all active third-party integrations to identify data flows and applicable legal bases; users and organizations should review the privacy policies of each connected app independently.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Fitness and location data shared with third-party integrations falls outside Strava's privacy protections, and you may not realize how broadly your data is flowing when you connect devices or apps.
Connecting Strava to third-party apps and devices means your fitness and location data is governed by those third parties' own terms, not Strava's, with no accountability from Strava for how that data is used or protected.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Strava.