Effective Date: May 25, 2018
Your privacy is very important to us. Please read below to see how Strava handles information. Before you get to the details, here are a few of our fundamental privacy principles:
- Information you upload or post to Strava may be seen by others depending on your privacy settings.
- We aggregate and de-identify certain information about our members to use for business purposes.
- We give you several ways to control the privacy of your personal information and are continuously working to enhance privacy options available to you.
Strava is headquartered in San Francisco and our Services are provided to you by Strava, Inc. If you are a resident of the European Union (“EU”), Strava, Inc. is the controller of your personal data for the purposes of EU data protection law.
201 Potrero Avenue
San Francisco, CA 94103
Our Legitimate Interests
We process your information in furtherance of our legitimate interests, including:
- providing and improving the Services, including any personalized Services. We do so as it is necessary to pursue our legitimate interests of providing and developing innovative and tailored offerings to our members on a sustained basis; and
- keeping the Services safe and secure. We do so as it is necessary to pursue the legitimate interests of Strava and its members in ensuring the Services are secure, and to protect against fraud, spam and abuse, etc.
Information Strava Collects
Strava collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with Strava. We receive information in a few different ways, including when you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are also several opportunities for you to share information about yourself and your activities with Strava. For example:
- We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our Services.
- Profile and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.
- You can choose to add your contacts’ information to connect with your contacts on Strava and to send them your activity information while using Strava Beacon. If you choose to use these features, Strava will access and store your contacts’ information in accordance with your instructions. By submitting such contact information, you confirm that you have the authority to use and share such information.
- Strava collects information from devices and apps you connect to Strava. For example, you may connect your Garmin watch or Flywheel account to Strava and information from these devices and apps will be passed along to Strava.
- Strava may collect or infer health information which may include information such as heart rate or other biometric information, such as power, cadence, height and weight or other indicators. Before you can upload health information to Strava or information from which Strava can infer health information, you must give your explicit consent to the processing of that health information by Strava. You can withdraw your consent to Strava processing your health information at any time.
- We gather information from the photos, posts, comments, kudos and other content you share on the Services, including when you participate in partner events or create segments or routes.
- When you make a payment on Strava, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
- We collect and process location information when you sign up for and use the Services. To record your run or ride and to provide you with your training statistics and inclusion in the Service’s features (for example, the leaderboard for a route), it is necessary to collect and record the physical location of your device including, data such as speed and direction. You can tell us about important locations, such as your home or work address, by enabling a Privacy Zone in your settings. We will make private any portion of your activity that starts or ends in your Privacy Zone. Processing of your location data is essential to the Services which we provide and a necessary part of our performance of the agreement we have with you.
- Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook or Google (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences with the applicable Third-Party Account. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy settings in your Third-Party Account.
- To help us to provide you with the best possible service, you can choose to provide us with your contact information so we can better respond to your support requests and comments.
- We also obtain additional third party information about members from marketers, partners, researchers, and others. We may combine information that we collect from you with information obtained from other members, third parties and information derived from any other subscription, product, or service we provide. We may also collect information about you from other members such as when they give you kudos or comment about you.
- We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.
The Services use log files. Stored information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc., may be linked to session IDs, athlete IDs and device identifiers.
How Strava Uses Information
We also use your information to analyze, develop and improve the Services. To do this, Strava may use third party analytics providers to gain insights into how our Services are used and to help us improve the Services. We may also use your information to market the Services, credit or accept payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and communicate with you. Additionally, your information may be shared with third parties, as set forth below.
Strava may de-identify or aggregate the content you make available in connection with the Services, in ways that do not personally identify you. Examples of such aggregated information or statistical data include information about equipment, usage, demographics, routes and performance. Strava may use, sell, license, and share this information with third parties for research, business or other purposes such as to improve walking, running or riding in cites via Strava Metro. Strava also uses aggregated data to generate our global heatmap. Please visit your privacy settings if you object to Strava using your information for these purposes.
We use your information to communicate with you about the Services, send you marketing communications (where you have agreed to receive such messages), or let you know about new features or updates to our Terms of Service. We also use your information to respond to you when you contact us. Strava will use your information to communicate with you, for example by sending you notifications.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we collect. Although we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we do not guarantee or warrant the security of the information you share with us and we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content. No system is 100% secure. The Services uses industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages a company that is an industry leader in online security and Services verification to strengthen the security of Strava’s Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personally identifiable information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.
To help ensure that these measures are effective in preventing unauthorized access to your private information, you should be aware of the security features available to you through your browser. You should use a security-enabled browser to submit your credit card information and other personal information at the Services. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted.
Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid services identification information for the Services you are communicating with, or send information over an unsecured connection. Strava recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the services you are visiting (secure URLs begin with https:// rather than http://), along with the security symbol of your browser to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the services to which you are connected. Please check the validity of any Services you connect to using secure communications.
While Strava continues to work hard to protect your personal information, no data transmission over the Internet can be guaranteed to be absolutely secure, and Strava cannot ensure or warrant the security of any information you transmit to Strava. Transmitting personal information is done at your own risk.
Managing Your Settings
Strava offers several features and settings to help you manage your privacy and how you share your activities. Most privacy settings are located in your privacy settings page, but some are specific to individual activities or athletes. Strava provides you the option to make your activities private. To manage your privacy settings, please visit https://strava.com/settings/privacy.
Adjust Notification and Email Preferences
Updating Account Information
You may correct, amend or update profile or account information that is inaccurate at any time by adjusting that information in your account settings. If you need further assistance, please contact Strava at https://support.strava.com. Strava will generally respond to your request within 7-10 business days.
Deleting Information and Accounts
You may request that your account is deleted by visiting https://strava.com/account. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated.
Note that content you have shared with others (for example, through Clubs) or that others have copied may also remain visible after you have deleted your account or deleted the information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
EU Members’ Rights
If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
Access and Porting
You can access much of your information by logging into your account. If you require additional access or if you are not a Strava member, contact us at https://support.strava.com. To download a copy of your data, visit https://www.strava.com/settings/privacy.
Rectify, Restrict, Limit, Delete
You can also rectify, restrict, limit or delete much of your information by logging into your account. If you are unable to do this, please contact us at https://support.strava.com. Strava will generally respond to your request within 10-14 business days.
Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.
Retention of Information
Information about you that is no longer necessary and relevant to provide our Services may be de-identified and aggregated with other non-personal data to provide insights which are commercially valuable to Strava, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and to use in Strava Metro and our global heatmap. This information will be de-associated with your name and other identifiers.
Other Strava Sites
Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personal information you choose to submit via the Other Sites.