🚨 Key Gotchas Found
Public-by-Default Segments Medium
Your activity segments and routes are public by default, potentially revealing your home location, workout patterns, and daily routines to anyone. Military and government personnel have been compromised through Strava heat maps.
Third-Party API Access Medium
Strava allows third-party apps broad access to your fitness data through their API. Once you connect an app, they can access your workout history, routes, and performance metrics.
Location Data Sharing Low
Your precise GPS location data is collected and may be used to create aggregated heat maps and metro activity data shared with cities and urban planners.
Indefinite Data Retention Medium
Strava retains your activity data even after account deletion for "legitimate business purposes." Your workout history may persist in their systems indefinitely.
📊 Score Breakdown
🤔 What This Means For You
Strava is the best option among fitness apps I reviewed, but that's a low bar. The platform's social features create significant privacy risks that most users don't understand until it's too late.
If you use Strava, you should:
- Immediately enable privacy zones around your home and workplace to hide start/end points
- Change default privacy settings to "Followers Only" or "Only You" for activities
- Regularly audit connected third-party apps and revoke access for ones you don't use
- Be aware that your activity patterns can reveal sensitive information about your health and routines
- Consider exporting your data regularly as backup