How to Protect Your Privacy on Strava

Strava has become the go-to platform for runners, cyclists, and athletes to track workouts and compete on segments. But the app's social features and default settings have repeatedly turned routine exercise data into serious security and privacy incidents — exposing military bases, revealing the locations of world leaders, and broadcasting the daily routines of millions of ordinary users. Here is how to lock down your Strava account so your fitness data stays private.

Why Strava Privacy Matters More Than You Think

Strava's privacy risks are not theoretical. A string of real-world incidents has demonstrated exactly how dangerous unprotected fitness data can be:

• April 2026: An investigation revealed that 519 UK military personnel were publicly sharing Strava activities that exposed the locations of sensitive military installations, including nuclear submarine bases and SAS headquarters.
• March 2026: A French naval officer inadvertently revealed the real-time location of the aircraft carrier Charles de Gaulle by recording a run on Strava while on board.
• 2025: Researchers discovered that bodyguards of the Swedish Prime Minister had uploaded over 1,400 workouts to Strava, exposing the private residences and daily movement patterns of one of Europe's heads of state.

These high-profile cases illustrate a fundamental problem: Strava turns location data into a shareable social activity, and its default settings favor openness over security.

Essential Strava Privacy Settings to Change Now

1. Set Your Profile to Private

The most impactful single change you can make is switching your profile visibility:

• Open the Strava app and tap your profile icon.
• Go to Settings > Privacy Controls.
• Under Profile Page, set your visibility to Followers instead of "Everyone."
• Under Activities, change "Who Can See" to Followers or Only You.

This prevents strangers from browsing your activity history, but remember that followers you have already approved will still have access.

2. Hide Start and End Points

Even with a private profile, your activities reveal exactly where you begin and end each workout — which usually means your home, your office, or both. Strava offers a feature to obscure these locations:

• Go to Settings > Privacy Controls > Map Visibility.
• Enable Hide Start and End Points.
• Set a privacy zone of up to 1 mile (1.6 km) around your home address and any other sensitive locations.

Strava will clip the first and last portion of your activity from the map, preventing viewers from pinpointing your exact starting location. Add privacy zones for your workplace, gym, or any other location you visit regularly.

3. Manage the Flyby Feature

Strava's Flyby feature lets other users replay activities and see exactly where your path crossed theirs, complete with timestamps. This can reveal your location to complete strangers:

• Go to Settings > Privacy Controls.
• Find Flyby and set it to No One.

With Flyby disabled, other athletes cannot reconstruct your route by cross-referencing their own activities with yours.

4. Control Group Activity Visibility

When you participate in group activities, Strava may display your data to all participants, even if they are not your followers:

• Under Privacy Controls, review the Group Activities setting.
• Set this to Followers to prevent non-followers in group rides or runs from accessing your full activity details.

5. Enable Enhanced Privacy Mode

Strava offers an Enhanced Privacy Mode that applies several protections at once:

• Your activities are excluded from segment leaderboards, making it harder for strangers to discover your routes.
• Your profile does not appear in suggested athlete lists.
• Your activities are hidden from Flyby and local legends features.

To enable it, go to Settings > Privacy Controls > Enhanced Privacy Mode and toggle it on. This is the strongest privacy setting Strava offers and is recommended for anyone who takes location privacy seriously.

Audit Your Third-Party App Connections

Strava integrates with dozens of third-party apps and services — fitness watches, health platforms, training tools, and social networks. Each connected app is a potential data leak:

• Go to Settings > Connected Apps (or visit strava.com/settings/apps).
• Review every connected application and revoke access for any service you no longer use or do not recognize.
• For apps you keep connected, check their individual privacy policies to understand how they handle your location and activity data.

Strava's Updated Privacy Policy (January 2026)

On January 1, 2026, Strava updated its privacy policy with several notable changes:

• AI and machine learning: The updated policy clarifies that Strava may use aggregated and de-identified activity data to train AI models for route recommendations and safety features. While Strava states this data is anonymized, privacy researchers have demonstrated that fitness data can often be re-identified through pattern analysis.
• Location data sharing: The new policy includes more explicit warnings about how location data is shared with third-party partners, including city planning organizations and transportation agencies that use aggregated Strava Metro data.
• Data retention: Strava now specifies that it retains certain activity data even after account deletion for up to 90 days for operational purposes.

These changes reinforce the importance of actively managing your settings rather than relying on Strava's defaults.

Location Data Risks Beyond Strava

Your Strava data does not exist in isolation. When combined with personal information available on data broker sites — your full name, home address, employer, and family details — your fitness data becomes significantly more dangerous. An attacker who knows your name from a Strava leaderboard can search data broker databases to find your home address, then cross-reference that with your running routes to confirm your daily schedule and patterns.

PrivacyOn helps close this gap by continuously removing your personal information from over 100 data broker sites. When your name, address, and personal details are not readily available online, the location data from fitness apps like Strava becomes much harder to connect to your real identity. This layered approach — tight app-level privacy settings combined with data broker removal — provides far stronger protection than either measure alone.

Quick Privacy Checklist for Strava Users

1. Set your profile and activities to Followers only.
2. Add privacy zones around your home, workplace, and other sensitive locations.
3. Disable Flyby entirely.
4. Enable Enhanced Privacy Mode.
5. Audit and remove unnecessary third-party app connections.
6. Review and restrict visibility of past activities.
7. Avoid including your full name or photo on your profile if maximum privacy is a priority.
8. Use PrivacyOn to remove personal data from broker sites so your fitness activities cannot be easily linked to your real-world identity.

Strava is a powerful training tool, and you do not have to stop using it to stay safe. But the default settings are designed for social sharing, not for privacy. Taking 15 minutes to adjust these settings can prevent your workout data from becoming a roadmap to your daily life.