Effective Date: May 22, 2017
Your privacy is very important to us. Please read below to see how Strava handles information. Before you get to the details, here are a few of our fundamental privacy principles:
- Your privacy is critically important to us and we handle your information accordingly.
- We don’t share your personal information with anyone without your consent except to comply with the law, develop our products and services, or protect our rights.
- Information you upload or post to Strava may be seen by others depending on your privacy settings.
- We aggregate and de-identify information about our members to use for business purposes.
- We give you several ways to control the privacy of your personal information and are continuously working to enhance privacy options available to you.
500 3rd Street, Suite 110
San Francisco, CA 94107
Information Strava Collects
Strava collects information about you, including personally identifiable information, if you choose to share it with Strava, register an account, or if you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are several opportunities for you to share information about yourself and your activities with Strava, including your name, physical address, email address, gender, age, equipment usage, activities, routes (including date, time and geo-location information as well as your speed and pace), profile photo and other pictures. You may also submit comments, kudos and other content to be shared. In addition, Strava will collect your credit card or other payment information if you choose to become a member of Strava’s Premium service.
If you elect to use location-based features via the Services, then the physical location of your device will be collected. Strava may also collect and upload from your device data such as speed and direction. You are able to disallow our use of certain location data through your device or browser settings by disabling “Location Services”.
You may use the Services to access your contacts’ information to connect with your contacts on Strava or to send them your activity information while using Strava Beacon. If you choose to use these features, Strava will access and store your contacts’ information. You may delete your contacts’ information by updating your privacy settings at https://strava.com/settings/privacy or by updating your device’s permission settings.
Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook or Google (collectively, “Third-Party Accounts”). These Third-Party Accounts may ask your permission to share certain information from your Third-Party Account with Strava. We use this information to verify your identity as well as to provide you with features of our products and services. This information may include your first and last name, email address, profile information and preferences with the applicable Third-Party Account. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy settings in your Third-Party Account. You can deactivate your account at any time by visiting https://strava.com/settings/privacy.
When you make a payment through our payment page, we may collect information from you to properly process your payment. This personal information may include your name, address, phone, email address, your credit card information and payment amount. We use Payment Card Industry certified third-party payment services and do not store your credit card information.
How Information is Collected and Stored
Strava collects information you provide to us. When you register, and agree to our Terms of Service, you must provide personal information such as your name and email address. You may also upload location-based activities, such as a run or a ride, to the Services. You may join challenges, contests, post photos and communicate with other members. You may also provide additional personal information or payment information to complete your member profile or make purchases.
Strava also automatically collects a variety of technical information, including location, device and network information, cookies, log files and analytics services.
The Services uses log files. Stored information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc., may be linked to session IDs, athlete IDs and device identifiers.
Strava uses third party analytics providers to understand how the Services are used and to help us improve the Services.
Collection from Children
Strava is not intended for use by children under the age of 13. Strava does not knowingly collect such information. If you believe we may have accidentally received such information, please contact us immediately via https://support.strava.com.
Strava may collect personally identifiable information about your activities over time and across third-party websites or online services when you use the Services. We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from you with information obtained from such third parties and information derived from any other subscription, product, or service we provide.
Strava is committed to providing you choices to manage your privacy and sharing. However, Strava does not recognize or respond to browser-initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com.
How Strava Uses Information
Strava primarily uses the information we collect to administer and operate the Services. We also use your information to analyze, develop and improve the Services. We may also use your information to market the services, credit or accept payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and communicate with you. Additionally, your information may be shared with third parties, as set forth below.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we collect. These steps depend on the sensitivity of the data that we collect, process, and store. Although we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we do not guarantee or warrant the security of the information you share with us and we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content. No system is 100% secure. The Services uses industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages a company that is an industry leader in online security and Services verification to strengthen the security of Strava’s Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personally identifiable information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.
To help ensure that these measures are effective in preventing unauthorized access to your private information, you should be aware of the security features available to you through your browser. You should use a security-enabled browser to submit your credit card information and other personal information at the Services. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted.
Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid Services identification information for the Services you are communicating with, or send information over an unsecured connection. Strava recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the Services you are visiting (secure URLs begin with https:// rather than http://), along with the security symbol of your browser to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the Services to which you are connected. Please check the validity of any Services you connect to using secure communications.
How to Modify Privacy Settings
Strava offers several features and settings to help you manage your privacy and how you share your activities. Most privacy settings are located in your privacy settings page, but some are specific to individual activities or athletes. Strava provides you the option to make your activities private. To manage your privacy settings, please visit https://strava.com/settings/privacy.
How to Opt Out or Adjust Notification and Email Preferences
Updating Account Information
You may correct, amend or delete submitted account information that is inaccurate at any time by adjusting that information in your account settings. If you need further assistance, please contact Strava at https://support.strava.com. Strava will generally respond to your request within 7-10 business days.
Deleting Information and Deactivation of Accounts
You may request deletion of your personally identifiable information by contacting us at https://support.strava.com or visiting https://www.strava.com/settings/privacy to request account deletion. Once deactivated, your account, activities and place on leaderboards cannot be reinstated.
Note that content you have shared with others (for example, through Clubs) or that others have copied may also remain visible after you have closed your account or deleted the information from your own profile. In addition, you may not be able to access, correct, or eliminate any information about you that other members or third parties copied or exported out of our Services. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
Other Strava Sites
Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you agree that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personally identifiable information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personally identifiable information you choose to submit via the Other Sites.
United States Operation
The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, your information will be transferred, processed and stored in the United States. United States privacy laws may not be as protective as those in your jurisdiction. You acknowledge and consent to this practice.
While Strava continues to work hard to protect your personal information, no data transmission over the Internet can be guaranteed to be absolutely secure, and Strava cannot ensure or warrant the security of any information you transmit to Strava. Transmitting personal information is done at your own risk.
Retention of Information
When you delete your user account, certain personal information will be immediately de-associated with the account and deleted, such as your e-mail, name, address, and profile photo, if you had chosen to provide this information. Additionally, your Third-Party Account information will be immediately de-associated with your account. All of your activities and kudos will be de-identified, made private and no longer associated with your personal information. Your comments will be deleted and your account will not be associated with any clubs you had previously joined. We may, however, keep a record of your deletion for up to 30 days following your deletion of an account. Additionally, we may keep system logs, which may be associated with your account for up to 30 days following your deletion of an account.
When you delete your account, we may retain geolocation information to continue to improve the Services. Upon deletion of your account, however, this information cannot be viewed by other users and will be de-associated with your name and other identifiers.