Effective Date: December 11, 2019
Collection and Sale of Data
- Do we sell your personal information? No
- Do we share or sell aggregate information? Yes
- Do we share your data with third party API partners? Yes, with your consent
- Do we use sensitive categories of data, like health information? Yes, with your consent
- Do we use your contact list if you allow us access? Yes
- Do we delete your data when you request account deletion? Yes
- Do we retain your data for as long as we need it unless you request deletion? Yes
Privacy Tools and Controls
Strava is headquartered in San Francisco and our Services are provided to you by Strava, Inc. If you are a resident of the European Economic Area (“EEA”), Strava, Inc. is the controller of your personal data for the purposes of EEA data protection law.
208 Utah Street
San Francisco, CA 94103
Information Strava Collects
Strava collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with Strava. We receive information in a few different ways, including when you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are also several opportunities for you to share information about yourself, your friends, and your activities with Strava. For example:
Account, Profile, Activity, and Use Information
We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our Services.
Profile, activity and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace and perceived exertion) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.
We use your contact information so we can respond to your support requests and comments.
We collect and process location information when you sign up for and use the Services. We do not track your device location while you are not using Strava, but in order to provide Strava’s core Services, it is necessary for us to track your device location while you use Strava. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.
You can choose to add your contacts’ information by connecting your contacts from your mobile device or social networking accounts to Strava. If you choose to share your contacts with Strava, Strava will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.
Connected Devices and Apps
Strava collects information from devices and apps you connect to Strava. For example, you may connect your Garmin watch or Flywheel account to Strava and information from these devices and apps will be passed along to Strava.
Strava may collect or infer health information. Certain health information may be inferred from sources such as heart rate or other measurements, including power, cadence, and weight or other indicators. Before you can upload health information to Strava, you must give your explicit consent to the processing of that health information by Strava. You can withdraw your consent to Strava processing your health information at any time.
When you make a payment on Strava, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook, Google, or Apple (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy controls in your Third-Party Account.
Technical Information and Log Files
The Services use log files. The information stored in those files includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses may be linked to session IDs, athlete IDs and device identifiers.
We may collect information from you through third parties, such as when we collect your feedback through surveys.
We may also collect information about you from other members such as when they give you kudos or comment on your activities.
How Strava Uses Information
Strava uses the information we collect and receive to operate the Services and to customize them for you. For example, with your consent we use your heart rate information to provide you with interesting and useful performance analysis. Subject to your privacy controls, your information, including parts of your profile, username, photos, members you follow and who follow you, clubs you belong to, your activities, the devices you use, and kudos and comments you give and receive will be shared on Strava so that you may be able to participate in the Services, for example to show your place on a leaderboard. Certain information (e.g., your name, and some profile information) is also available to non-members on the web. Your precise location information, such as a route or segment, may also be shared on Strava or to non-members, in accordance with your privacy controls.
We use the information we collect about you, your followers, and your activities to customize your experience. For example, we may suggest segments, routes, challenges, or clubs that may interest you, or athletes that you may want to follow. We also use the information we collect to process payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and to communicate with you (including to send marketing and push communications) where you have not opted out of receiving such messages and notifications.
We also use the information we collect to analyze, develop and improve the Services. To do this, Strava may use third-party analytics providers to gain insights into how our Services are used and to help us improve the Services.
We may also use the information we collect to market and promote the Services, activities on Strava, and other commercial products or services. This includes customizing your Strava experience. For example, if we know that you like to run, we may tell you about new running activities or show you sponsored content related to running. If we see that you run in a certain area, we may suggest a race in that area. Subject to your settings, we may also mention that you have used our partners’ products or services as part of your activities, which we refer to as Sponsored Integrations.
We do not sell your personal information. Strava may aggregate the information you and others make available in connection with the Services and post it publicly or share it with third parties. Examples of the type of information we may aggregate include information about equipment, usage, demographics, routes and performance. Strava may use, sell, license, and share this aggregated information with third parties for research, business or other purposes such as to improve walking, running or riding in cities via Strava Metro or to help our partners understand more about athletes, including the people who use their products and services. Strava also uses aggregated data to generate our Global Heatmap. Please visit your privacy controls if you object to Strava using your information for these purposes.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we collect. We employ reasonable protections for your information that are appropriate to its sensitivity. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages providers that are industry leaders in online security, including Services verification, to strengthen the security of our Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personal information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.
Managing Your Settings
Strava offers several features and settings to help you manage your privacy and share your activities. Most privacy controls are located in your privacy controls page, but some are specific to individual activities, athletes, or routes. Strava provides you the option to make your activities private. Click here to manage your privacy controls.
Adjust Notification and Email Preferences
Updating Account Information
You may correct, amend or update profile or account information at any time by adjusting that information in your account settings. If you need further assistance correcting inaccurate information, please contact Strava at https://support.strava.com. Strava will generally respond to your request within 10-14 business days.
Deleting Information and Accounts and Downloading Your Data
After you make a deletion request, we permanently and irreversibly delete your personal data from our systems, including backups. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated. Following your deletion of your account, it may take up to 90 days to delete your personal information and system logs from our systems. Additionally, we may retain information where deletion requests are made to comply with the law and take other actions permitted by law.
Note that content you have shared with others, such as photos, or that others have copied may also remain visible after you have deleted your account or deleted specific information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
Strava also provides you the option to remove individual activities you have posted from view on the Services without deleting your account. The activities will typically remain on Strava’s systems.
Your Rights and Our Legal Bases
We provide the same suite of privacy tools and controls to all of our members worldwide. Particular rights may be available to you if you reside in certain locations, such as the EEA or California. Learn more about your rights and how to exercise them.
Your Legal Rights in the EEA
If you are habitually located in the EEA, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. Learn more.
Our Legal Bases
- as necessary to provide the Services and fulfill our obligations pursuant to the Terms of Service. For example, we cannot provide the Services unless we collect and use your location information;
- where you have consented to the processing;
- where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims;
- to protect your vital interests, or those of others, such as in the case of emergencies; and
- where necessary for the purposes of Strava’s or a third party’s legitimate interests, such as our interests in protecting our members, our partners’ interests in collaborating with our members, and our commercial interests in ensuring the sustainability of the Services.
The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.
Retention of Information
Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Strava, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and we use aggregated information in Strava Metro and our Global Heatmap. This information will be de-associated with your name and other identifiers.
Other Strava Sites
Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personal information you choose to submit via the Other Sites.
© 2019 Strava