What Data Does Strava Actually Collect?

Strava has 180 million registered users. That’s a lot of GPS data, heart rate logs, photos, and social connections sitting on one company’s servers. After the StravaLeaks investigations revealed how fitness data exposed the movements of military personnel (including tracking a French aircraft carrier in real time), you might be wondering what Strava actually knows about you.

Here’s the full picture, pulled directly from Strava’s privacy policy and translated into plain English.

The Basics: Account and Profile Data

When you sign up, Strava collects your name, email address, phone number, date of birth, gender, username, and password. Standard stuff for any app.

But your profile goes deeper. Strava stores your photo, weight, preferred sport types, fitness goals, and experience level. If you connect a Google or Apple account to sign in, Strava pulls your name, email, and profile preferences from there too.

GPS Routes and Location Data

This is the big one.

Every activity you record sends precise GPS coordinates to Strava’s servers. Not just start and end points. The entire route, every twist and turn, timestamped down to the second. Strava uses this to map your runs, match you to segments, and rank you on leaderboards.

Strava also collects your location when you’re not actively recording. Their policy states they “collect or infer location information when you sign up for and use the Services.” That includes using your location to determine country pricing for subscriptions.

If you use Strava Beacon, your live location is shared with selected contacts in real time.

Heart Rate and Health Data

Connect a Garmin, Apple Watch, or Peloton account, and Strava pulls health data directly: heart rate, HRV, VO2max, step count, even sleep information.

Strava says they won’t sell health data or use it for advertising, and they won’t share it with third parties without your consent. That’s a stronger commitment than some competitors offer. But the data still lives on their servers once you sync it.

Photos, Videos, and Content

Every photo you upload to an activity, every comment you leave, every message you send through Strava, every route or segment you create? Collected and stored. Strava owns the infrastructure, and your content lives there.

Photos are particularly interesting from a privacy perspective. They often contain metadata (EXIF data) that can reveal the exact location where the photo was taken, the device used, and the timestamp.

Strava tracks who you follow, who follows you, which clubs you’ve joined, and which challenges you’ve entered. If you give Strava access to your phone contacts, they’ll “regularly access and store” that information to suggest connections. That means Strava holds data about people who aren’t even on the platform.

Your kudos, comments, and interactions are all logged. Strava uses this data to build your social graph and personalize your feed.

Segment and Leaderboard Data

Every time you ride or run through a segment, Strava matches your GPS data against that segment’s boundaries. Your effort gets ranked, timestamped, and compared against every other user who’s ever done that segment.

This creates an incredibly detailed picture of where you go and when. A dedicated observer could piece together your daily routine, your favorite routes, and your regular schedule just from segment appearances.

The Heatmap Problem

Here’s where individual data becomes collective data.

Strava’s Global Heatmap aggregates activity data from millions of users to show popular routes. Strava says this data is “de-identified.” But in 2018, researchers discovered that the heatmap revealed the locations and layouts of secret military bases in Afghanistan, Iraq, and Syria, because soldiers were the only people exercising in those areas.

Your individual activities feed this heatmap by default. You can opt out (more on that below), but most users don’t.

Strava Metro, a separate program, shares aggregated movement data with city planning departments. Strava frames this as improving infrastructure for cyclists and pedestrians. The data is anonymized, but you’re contributing to it unless you actively opt out.

Third-Party API Access

Strava has an API that lets third-party apps access your data (with your permission). Hundreds of apps connect to Strava: training platforms, race prediction tools, social features.

In November 2024, Strava tightened its API terms to restrict how third-party apps can display your data, and explicitly banned using data for AI model training. That’s progress. But any app you’ve previously authorized may still have historical access to your activities, routes, and performance data. It’s worth auditing your connected apps regularly.

Device and Tracking Data

Beyond fitness data, Strava collects standard tech telemetry: your device type, browser, operating system, IP address, and analytics data. They use cookies and similar tracking technologies. They also use third-party analytics tools, which means your usage patterns may flow to companies like Google.

Your Strava Privacy Settings Checklist

You can’t stop Strava from collecting data (that’s how the service works), but you can limit who sees it and how it’s used.

1. Set your default activity visibility. Go to Settings > Privacy Controls > Default Activity Privacy. Choose “Followers” or “Only You” instead of “Everyone.”

2. Enable Map Visibility controls. Under Privacy Controls > Map Visibility, you can hide the start and end of your activities. This prevents your home address from appearing on shared routes.

3. Opt out of the heatmap and Strava Metro. Under Privacy Controls > Aggregated Data Usage, toggle off your contribution to the Global Heatmap, Strava Metro, and related features.

4. Disable Flyby. Flyby lets other users see if they were near you during an activity. Turn it off under Privacy Controls.

5. Audit connected apps. Go to Settings > My Apps and review every third-party app with access to your data. Revoke anything you don’t actively use.

6. Review contact permissions. If you’ve given Strava access to your phone contacts, consider revoking that permission through your phone’s settings.

7. Check group activity and club visibility. Club activities and group workouts may be visible to all club members regardless of your default privacy settings.

The Bigger Question

Strava offers real value. The social features, segment tracking, and training analysis are genuinely useful. But the tradeoff is significant: you’re handing over a detailed map of your life, your health data, your social connections, and your daily patterns to a company that aggregates all of it.

If you want the social features, lock down your settings using the checklist above. If privacy is your top priority and you just want to track your runs without any of your data leaving your phone, apps like Vima Run store everything locally with no account required.

For more on how fitness apps handle your data, check out our deep dive: Does Your Running App Know Too Much? And if you’re comparing options, here’s our Best Running Apps 2026 roundup.

FAQ

Does Strava sell my data?

Strava says they don’t sell personal data or health data. However, they share aggregated (anonymized) activity data through Strava Metro and the Global Heatmap, and they use cookies and third-party analytics tools that may share usage data with advertising partners.

Can I download all the data Strava has on me?

Yes. Under GDPR and similar privacy laws, you can request a full data export. Go to Settings > My Account > Download or Delete Your Account. Strava will compile a file with all your activities, profile information, and associated data.

Does Strava track my location when I’m not recording an activity?

Strava collects or infers location information when you “use the Services,” according to their privacy policy. For precise GPS tracking, you need to grant device permission, which you can revoke in your phone’s settings when you’re not recording.

What happens to my data if I delete my Strava account?

Strava states they will delete your personal data upon account deletion, though some anonymized or aggregated data (like heatmap contributions) may persist. The deletion process can take up to 30 days.

Are Strava’s privacy zones actually secure?

Research from KU Leuven found that privacy zones could be reverse-engineered with up to 85% accuracy by analyzing the distances reported within the hidden zone. Strava has since updated the feature, but no privacy zone system is foolproof. For more on this, read our guide on how to hide your home address on Strava.