Strava Privacy Policy
Effective Date: 7 July 2021
Your privacy is very important to us. Before we get to the details, check out our Privacy Label to see a summary of our privacy practices. Click on the links to learn more and read the full policy below.
Jump to full privacy policyPrivacy Label
Collection and Sale of Data
- Do we sell your personal information? No
- Do we share or sell aggregate information? Yes
- Do we share your data with third party API partners? Yes, with your consent
- Do we use sensitive categories of data, like health information? Yes, with your consent
- Do we use your contact list if you allow us access? Yes
- Do we delete your data when you request account deletion? Yes
- Do we retain your data for as long as we need it unless you request deletion? Yes
Privacy Tools and Controls
- Can you control who sees your activity and content? Yes
- Can you control who sees your location-based activity? Yes
- Are your activity and profile privacy controls set to “Everyone” by default? Yes
- Can you download and delete your data? Yes
- Do all members worldwide have the same suite of tools and controls? Yes
Tracking
Communication
Privacy Policy
Introduction
Our privacy policy (the “Privacy Policy”) explains the information we collect, how we use and share it, how to manage your privacy controls and your rights in connection with our websites and the related mobile applications and services (collectively, the “Services”). Please also read our Terms of Service which sets out the terms governing the Services.
Strava is headquartered in San Francisco and our Services are provided to you by Strava, Inc. If you are a resident of the European Economic Area (“EEA”), Strava, Inc. is the controller of your personal data for the purposes of EEA data protection law.
This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls. Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Services.
Questions or comments about this Privacy Policy may be submitted by mail to the address below or via https://support.strava.com.
Strava, Inc.208 Utah Street
San Francisco, CA 94103
USA
Attn: Legal
DPO@strava.com
Information Strava Collects
Strava collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with Strava. We receive information in a few different ways, including when you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are also several opportunities for you to share information about yourself, your friends, and your activities with Strava. For example:
Account, Profile, Activity, and Use Information
We collect basic account information such as your name, email address, date of birth, gender, weight, username and password that helps secure and provide you with access to our Services.
Profile, activity and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace and perceived exertion) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.
We use your contact information so we can respond to your support requests and comments.
Location Information
We collect and process location information when you sign up for and use the Services. We do not track your device location while you are not using Strava, but in order to provide Strava’s core Services, it is necessary for us to track your device location while you use Strava. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.
Contacts Information
You can choose to add your contacts’ information by connecting your contacts from your mobile device or social networking accounts to Strava. If you choose to share your contacts with Strava, Strava will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.
Connected Devices and Apps
Strava collects information from devices and apps you connect to Strava. For example, you may connect your Garmin watch or Flywheel account to Strava and information from these devices and apps will be passed along to Strava.
Health Information
Strava may collect or infer health information. Certain health information may be inferred from sources such as heart rate or other measurements, including power, cadence, and weight or other indicators. Before you can upload health information to Strava, you must give your explicit consent to the processing of that health information by Strava. You can withdraw your consent to Strava processing your health information at any time.
Payment Information
When you make a payment on Strava, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
Third-Party Accounts
Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook, Google, or Apple (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy controls in your Third-Party Account.
Technical Information and Log Files
We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information. Learn more about how we use cookies and manage your preferences by visiting our Cookies Policy.
The Services use log files. The information stored in those files includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses may be linked to session IDs, athlete IDs and device identifiers.
Other Information
We may collect information from you through third parties, such as when we collect your feedback through surveys.
We may also collect information about you from other members such as when they give you kudos or comment on your activities.
How Strava Uses Information
Strava uses the information we collect and receive as described below.
To provide the Services
We use the information we collect and receive to provide the Services, including providing you with the ability to:
- Record your activities and analyze your performance. For example, to compare your past efforts, analyze your training, and (with your consent) use your heart rate information to provide you with interesting and useful performance analysis.
- Interact with other athletes. For example, to compete on segments, participate in clubs, challenges, or events, follow other athletes, and use features that help athletes interact with one another, such as group activities or flyby.
- Manage your training. For example, to set goals and use your training dashboard.
- Explore new places to go. For example, to discover routes or segments where you can run or ride.
- To visualize your activities in new ways. For example, by creating personal heatmaps or using your training log.
Subject to your privacy controls, your information, including parts of your profile, username, photos, members you follow and who follow you, clubs you belong to, your activities, the devices you use, and kudos and comments you give and receive will be shared on Strava so that you may be able to participate in the Services, for example to show your place on a leaderboard. Certain information (e.g., your name, and some profile information) is also available to non-members on the web. Your precise location information, such as where you run or ride, may also be shared on Strava or to non-members, in accordance with your privacy controls.
To customize your experience
We use the information we collect about you, your followers, and your activities to customize your experience. For example, we may suggest segments, routes, challenges, or clubs that may interest you, athletes that you may want to follow, or new features that you may want to try. If we know that you like to run, we may tell you about new running activities or show you sponsored content related to running. If we see that you run in a certain area, we may suggest a race in that area.
To protect you and the Services
We use the information we collect to protect members, enforce our Terms of Service and Community Standards, and promote safety. For example, we find and remove content that violates our terms, such as hate speech or spam, as well as suspend or terminate accounts that share such content.
To improve our Services
We also use the information we collect to analyze, develop and improve the Services. To do this, Strava may use third-party analytics providers to gain insights into how our Services are used and to help us improve the Services.
To communicate with you
We use the information we collect to provide support in response to your requests and comments.
We may also use the information we collect to market and promote the Services, activities and events on Strava, and other commercial products or services. This includes marketing and push communications, where you have not opted out of receiving such messages and notifications.
To process your subscription
We use the information we collect to process your subscription.
Aggregate Information
We do not sell your personal information. Strava may aggregate the information you and others make available in connection with the Services and post it publicly or share it with third parties. Examples of the type of information we may aggregate include information about equipment, usage, demographics, routes and performance. Strava may use, sell, license, and share this aggregated information with third parties for research, business or other purposes such as to improve walking, running or riding in cities via Strava Metro or to help our partners understand more about athletes, including the people who use their products and services. Strava also uses aggregated data to generate our Global Heatmap. Please visit your privacy controls if you object to Strava using your information for these purposes.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we collect. We employ reasonable protections for your information that are appropriate to its sensitivity. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages providers that are industry leaders in online security, including Services verification, to strengthen the security of our Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personal information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.
Managing Your Settings
Privacy Controls
Strava offers several features and settings to help you manage your privacy and share your activities. Most privacy controls are located in your privacy controls page, but some are specific to individual activities, athletes, or routes. Strava provides you the option to make your activities private. Click here to manage your privacy controls.
Adjust Notification and Email Preferences
Strava offers various ways to manage the notifications you receive. You can choose to stop receiving certain emails and notifications by indicating your preference here. You may also unsubscribe by following the instructions contained at the bottom of marketing or promotional emails. Any administrative or service-related emails (to confirm a purchase, or an update to this Privacy Policy or our Terms of Service, etc.) generally do not offer an option to unsubscribe as they are necessary to provide the Services you requested.
Updating Account Information
You may correct, amend or update profile or account information at any time by adjusting that information in your account settings. If you need further assistance correcting inaccurate information, please contact Strava at https://support.strava.com.
Deleting Information and Accounts and Downloading Your Data
You can delete your account or download your data using our self-service tools. Click here to download your data, including your activity files. To request that your account is deleted, click here.
After you make a deletion request, we permanently and irreversibly delete your personal data from our systems, including backups. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated. Following your deletion of your account, it may take up to 90 days to delete your personal information and system logs from our systems. Additionally, we may retain information where deletion requests are made to comply with the law and take other actions permitted by law.
Note that content you have shared with others, such as photos, or that others have copied may also remain visible after you have deleted your account or deleted specific information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
Strava also provides you the option to remove individual activities you have posted without deleting your account. Once removed,the activities may remain on Strava’s systems until you delete your account.
Your Rights and Our Legal Bases
We provide the same suite of privacy tools and controls to all of our members worldwide. Particular rights may be available to you if you reside in certain locations, such as the EEA, Brazil or California. Learn more about your rights and how to exercise them.
Your Legal Rights in the EEA
If you are habitually located in the EEA, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. Strava’s lead supervisory authority in the EEA is the Data Protection Commission of Ireland. Learn more.
Our Legal Bases
Strava relies on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:
- as necessary to provide the Services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide the Services unless we collect and use your location information;
- where you have consented to the processing;
- where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;
- to protect your vital interests, or those of others, such as in the case of emergencies; and
- where necessary for the purposes of Strava’s or a third party’s legitimate interests, such as our interests in protecting our members, our partners’ interests in collaborating with our members, and our commercial interests in ensuring the sustainability of the Services.
Transfers
The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.
Retention of Information
We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until your account is deleted. In addition, you can delete some items of information (e.g., profile information) and you can remove individual activities from view on the Services without deleting your account. For example, after you withdraw your consent to Strava processing your health-related information, Strava will delete all health-related information you upload. Following your deletion of your account, it may take up to 90 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.
Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Strava, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and we use aggregated information in Strava Metro and our Global Heatmap. This information will be de-associated with your name and other identifiers.
Other Strava Sites
Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personal information you choose to submit via the Other Sites.
Privacy Policy Information
Strava reserves the right to modify this Privacy Policy at any time. Please review it occasionally. If Strava makes changes to this Privacy Policy, the updated Privacy Policy will be posted on the Services in a timely manner and, if we make material changes, we will provide a prominent notice. If you object to any of the changes to this Privacy Policy, you should stop using the Services and delete your account.
© 2024 Strava