Strava Privacy Policy

Effective Date: May 25, 2018

Your privacy is very important to us. Please read below to see how Strava handles information. Before you get to the details, here are a few of our fundamental privacy principles:

Information you upload or post to Strava may be seen by others depending on your privacy settings.
We aggregate and de-identify certain information about our members to use for business purposes.
We give you several ways to control the privacy of your personal information and are continuously working to enhance privacy options available to you.

Strava respects your privacy and shares your concern about the security of information you may submit to Strava’s websites and the related mobile applications and services (collectively, the “Services”). Our privacy policy (the “Privacy Policy”) explains the information we collect, how we use and share it, how to manage your privacy settings and your rights in connection with the Services. Please also read the Terms of Service which sets out the terms governing the Services.

Strava is headquartered in San Francisco and our Services are provided to you by Strava, Inc. If you are a resident of the European Union (“EU”), Strava, Inc. is the controller of your personal data for the purposes of EU data protection law.

This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls. Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Services.

Questions or comments about this Privacy Policy may be submitted by mail to the address below or via https://support.strava.com.

Strava, Inc.
500 3rd Street, Suite 110
San Francisco, CA 94107
Attn: Legal
[email protected]

Our Legitimate Interests

We process your information in furtherance of our legitimate interests, including:

providing and improving the Services, including any personalized Services. We do so as it is necessary to pursue our legitimate interests of providing and developing innovative and tailored offerings to our members on a sustained basis; and
keeping the Services safe and secure. We do so as it is necessary to pursue the legitimate interests of Strava and its members in ensuring the Services are secure, and to protect against fraud, spam and abuse, etc.

Information Strava Collects

Strava collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with Strava. We receive information in a few different ways, including when you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are also several opportunities for you to share information about yourself and your activities with Strava. For example:

We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our Services.
Profile and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.
You can choose to add your contacts’ information to connect with your contacts on Strava and to send them your activity information while using Strava Beacon. If you choose to use these features, Strava will access and store your contacts’ information in accordance with your instructions. By submitting such contact information, you confirm that you have the authority to use and share such information.
Strava collects information from devices and apps you connect to Strava. For example, you may connect your Garmin watch or Flywheel account to Strava and information from these devices and apps will be passed along to Strava.
Strava may collect or infer health information which may include information such as heart rate or other biometric information, such as power, cadence, height and weight or other indicators. Before you can upload health information to Strava or information from which Strava can infer health information, you must give your explicit consent to the processing of that health information by Strava. You can withdraw your consent to Strava processing your health information at any time.
We gather information from the photos, posts, comments, kudos and other content you share on the Services, including when you participate in partner events or create segments or routes.
When you make a payment on Strava, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
We collect and process location information when you sign up for and use the Services. To record your run or ride and to provide you with your training statistics and inclusion in the Service’s features (for example, the leaderboard for a route), it is necessary to collect and record the physical location of your device including, data such as speed and direction. You can tell us about important locations, such as your home or work address, by enabling a Privacy Zone in your settings. We will make private any portion of your activity that starts or ends in your Privacy Zone. Processing of your location data is essential to the Services which we provide and a necessary part of our performance of the agreement we have with you.
Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook or Google (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences with the applicable Third-Party Account. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy settings in your Third-Party Account.
To help us to provide you with the best possible service, you can choose to provide us with your contact information so we can better respond to your support requests and comments.
We also obtain additional third party information about members from marketers, partners, researchers, and others. We may combine information that we collect from you with information obtained from other members, third parties and information derived from any other subscription, product, or service we provide. We may also collect information about you from other members such as when they give you kudos or comment about you.
We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.

Cookies and Similar Technologies

When you visit the Services, a cookie will be stored on your computer. Generally, cookies and similar technologies work by assigning to your browser or device a unique number that has no meaning outside of Strava. Strava uses these technologies to personalize your experience and to assist in delivering content specific to your interests. Additionally, after you’ve entered your member ID and password during a session on the Services, Strava saves that information so you don’t have to re-enter it repeatedly during that session.

Most browsers automatically accept cookies. To manage the collection of information through cookies or other equivalent technology you can use the settings on your browser or mobile device. Strava is committed to providing you choices to manage your privacy and sharing. However, Strava does not recognize or respond to browser-initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com. Not accepting cookies may make certain features of the Services unavailable to you. Strava may also use your IP address to identify you, to administer the Services and to assist in diagnosing problems with Strava’s servers.

Log Files

The Services use log files. Stored information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc., may be linked to session IDs, athlete IDs and device identifiers.

How Strava Uses Information

Strava uses the information we collect and receive to administer and operate the Services and as otherwise described in this Privacy Policy. For example, we use your health information to provide you with statistics and visualizations representing key data points like heart rate. Subject to your privacy settings, your information, including your profile, username, photos, members you follow and who follow you, clubs you belong to, your activities, and kudos and comments you give and receive will be shared on Strava to participate in the Services, for example to show your place on a leaderboard. Location information, such as a route or segment may also be shared on Strava (in accordance with your settings).

We also use your information to analyze, develop and improve the Services. To do this, Strava may use third party analytics providers to gain insights into how our Services are used and to help us improve the Services. We may also use your information to market the Services, credit or accept payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and communicate with you. Additionally, your information may be shared with third parties, as set forth below.

Strava may de-identify or aggregate the content you make available in connection with the Services, in ways that do not personally identify you. Examples of such aggregated information or statistical data include information about equipment, usage, demographics, routes and performance. Strava may use, sell, license, and share this information with third parties for research, business or other purposes such as to improve walking, running or riding in cites via Strava Metro. Strava also uses aggregated data to generate our global heatmap. Please visit your privacy settings if you object to Strava using your information for these purposes.

We use your information to communicate with you about the Services, send you marketing communications (where you have agreed to receive such messages), or let you know about new features or updates to our Terms of Service. We also use your information to respond to you when you contact us. Strava will use your information to communicate with you, for example by sending you notifications.

How Information is Shared

Service Providers

We may share your information with third parties who provide services to Strava such as supporting and improving the Services, promoting the Services, processing payments, or fulfilling orders. These service providers will only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. We may also engage service providers to collect information about your use of the Services over time on our behalf so that we or they may promote Strava or display information that may be relevant to your interests on the Services or other websites or services.

Publicly Available Information

Subject to your privacy settings, your information and content may be publicly accessible.

Third Party Business via API or Other Integrations

When you choose to use third party apps, plug-ins, or websites that integrate with the Services, they may receive your information and content, including your personal information, photos, and your activity data (including private activities). Information collected by these third parties is subject to their terms and policies. Strava is not responsible for the terms or policies of third parties.

Affiliates and Acquirors of our Business or Assets

We may share your information with affiliates under common control with us, who are required to comply with the terms of this Privacy Policy with regard to your information. If Strava becomes involved in a business combination, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such transaction.

Legal Requirements

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that such disclosure is reasonably necessary to comply with the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory process. We may also retain, preserve or disclose your information if we determine that disclosure is reasonably necessary or appropriate to prevent any person from death or serious bodily injury, to address issues of national security or other issues of public importance, to prevent or detect violations of our Terms of Service or fraud or abuse of Strava or its members, or to protect our operations or our property or other legal rights, including by disclosure to our legal counsel and other consultants and third parties in connection with actual or potential litigation.

DMCA Notices

We may share your information with third parties when we forward Digital Millennium Copyright Act (DMCA) notifications, which will be forwarded as submitted to us without any deletions.

How We Protect Information

We take several measures to safeguard the collection, transmission and storage of the data we collect. Although we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we do not guarantee or warrant the security of the information you share with us and we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content. No system is 100% secure. The Services uses industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages a company that is an industry leader in online security and Services verification to strengthen the security of Strava’s Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personally identifiable information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.

To help ensure that these measures are effective in preventing unauthorized access to your private information, you should be aware of the security features available to you through your browser. You should use a security-enabled browser to submit your credit card information and other personal information at the Services. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted.

Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid services identification information for the Services you are communicating with, or send information over an unsecured connection. Strava recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the services you are visiting (secure URLs begin with https:// rather than http://), along with the security symbol of your browser to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the services to which you are connected. Please check the validity of any Services you connect to using secure communications.

Disclaimer

While Strava continues to work hard to protect your personal information, no data transmission over the Internet can be guaranteed to be absolutely secure, and Strava cannot ensure or warrant the security of any information you transmit to Strava. Transmitting personal information is done at your own risk.

Managing Your Settings

Privacy Settings

Strava offers several features and settings to help you manage your privacy and how you share your activities. Most privacy settings are located in your privacy settings page, but some are specific to individual activities or athletes. Strava provides you the option to make your activities private. To manage your privacy settings, please visit https://strava.com/settings/privacy.

Adjust Notification and Email Preferences

Strava offers various ways to manage the notifications you receive. You can choose to stop receiving certain emails and notifications by indicating your preference at https://strava.com/settings. You may also unsubscribe by following the instructions contained at the bottom of each type of email. Any administrative or service-related emails (to confirm a purchase, or an update to this Privacy Policy or the Terms of Service, etc.) generally do not offer an option to unsubscribe as they are necessary to provide the Services you requested.

Updating Account Information

You may correct, amend or update profile or account information that is inaccurate at any time by adjusting that information in your account settings. If you need further assistance, please contact Strava at https://support.strava.com. Strava will generally respond to your request within 7-10 business days.

Deleting Information and Accounts

You may request that your account is deleted by visiting https://strava.com/account. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated.

Note that content you have shared with others (for example, through Clubs) or that others have copied may also remain visible after you have deleted your account or deleted the information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.

EU Members’ Rights

If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:

Access and Porting

You can access much of your information by logging into your account. If you require additional access or if you are not a Strava member, contact us at https://support.strava.com. To download a copy of your data, visit https://www.strava.com/settings/privacy.
Rectify, Restrict, Limit, Delete

You can also rectify, restrict, limit or delete much of your information by logging into your account. If you are unable to do this, please contact us at https://support.strava.com. Strava will generally respond to your request within 10-14 business days.
Object

Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Revoke consent

Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Complain

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Transfers

The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.

Retention of Information

We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until you ask us to delete it or your account is deleted whichever comes first. For example, where you withdraw your consent to Strava processing your health-related information, Strava will delete all health-related information you uploaded. Following your deletion of your account, it may take up to 30 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information from deleted accounts to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Information about you that is no longer necessary and relevant to provide our Services may be de-identified and aggregated with other non-personal data to provide insights which are commercially valuable to Strava, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and to use in Strava Metro and our global heatmap. This information will be de-associated with your name and other identifiers.

Other Strava Sites

Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personal information you choose to submit via the Other Sites.

Privacy Policy Information

Strava reserves the right to modify this Privacy Policy at any time. Please review it occasionally. If Strava makes changes to this Privacy Policy, the updated Privacy Policy will be posted on the Services in a timely manner and, if we make material changes, we will provide a prominent notice. If you object to any of the changes to this Privacy Policy, you should stop using the Services and delete your account.