Strava’s new privacy policy says goodbye to some of your favourite fitness apps
Major changes are coming to the world’s biggest fitness-tracking app, Strava, as the company updates its application programming interface (API) to enhance user privacy and control. While Strava says the changes are aimed at safeguarding user data, a significant number of users will be impacted as the app moves away from third-party applications that rely on Strava’s API for data sharing, coaching and analytics.
So what’s changing?
Hundreds of apps use Strava’s API. Some of these are tiny, and some are massive. Virtually every company in the space, including Garmin, Wahoo, TrainerRoad, TrainingPeaks and Xert, uses Strava’s API. It has become the central data hub for millions of athletes. The updated API agreement focuses on three main components:
- Stronger privacy – Ensuring user data is only visible in scenarios where sharing is transparent and central to Strava functionality, e.g., you opting to share your workout or race on social media.
- Data limitations – Prohibiting third-party apps from using artificial intelligence (AI) or conducting analytics on user data, e.g., Xert, TrainingPeaks, Final Surge and CityStrides.
- Protecting Strava’s own data – By restricting third-party apps from displaying user data beyond the individual, Strava will maintain sole control of the data uploaded to your profile.
A spokesperson from the company told Canadian Running these changes were designed to address scenarios where users might be unaware their data is being shared publicly, such as in public feeds or heatmaps. The company believes the updated agreement will ensure a more consistent framework for users to understand where data is going and being displayed.
Impact on third-party apps
The impact of the new agreement is on coaching and analytics platforms like Final Surge, Xert and TrainingPeaks. These apps rely on Strava data to provide detailed performance insights and athlete-coaching feedback. Under the updated API terms, data cannot be shared with coaches or other third-party users, and the apps are prohibited from running analytics or AI to process user data.
The API policy became effective on Nov. 11, and third-party apps will no longer function with Strava as of Dec. 11.
For many users, Strava serves as the hub connecting various devices and platforms, streamlining their data into a single location. While larger device manufacturers like Garmin, Coros and Wahoo have direct integrations with apps, smaller apps often rely on Strava’s API for their programs to function.
What does this mean for my Strava profile?
While the API changes aim to enhance privacy and control, users who rely on third-party apps for coaching or analytics may need to explore alternative solutions. Apps directly integrated with larger device manufacturers like Wahoo, Garmin or Coros will continue to function the same way as before. However, those using smaller or less-established devices requiring API software for uploads to Strava, like GPS devices from Fitbit, Samsung or the Google Pixel Watch series, could face challenges accessing similar services.
Strava assures users this agreement will only affect a small fraction—”less than 0.1 per cent”—of its connected applications. However, critics like tech journalist Ray Maker (DC Rainmaker) argue this statistic is misleading, as it downplays the impact on high-profile, widely used apps while focusing on smaller, niche applications with minimal users.