Strava, the fitness platform and community that tracks user workouts through GPS technology, has announced that it’s working with government officials to review its privacy policies and address potentially sensitive data exposed in its activity heat maps.
In a statement from Strava CEO James Quarles, who was a vice president at Instagram until he was poached by the fitness app last spring, said the company is reviewing features that were originally designed for athlete motivation to ensure they can’t be compromised by bad actors.
The policy review follows news reports, including in the Washington Post, that Strava’s Global Heat Map, which highlights areas of activity among its community through GPS captured via satellites, were inadvertently revealing sensitive information and activity on U.S. military bases, at humanitarian sites, and at other potentially secret locations.
Strava, which says it has 27 million users globally, recorded the data from a period between 2015 and September 2017 and then published the heat map in November. Following the Washington Post report last week, Congressional Democrats called for an investigation into why Strava published the map, what privacy protections it offers users, and how it secures data.
In a letter to its community, Quarles said Strava publishes the heat map for users seeking inspiration to workout. Strava, he said, built the maps with respect to users’ profile privacy selections, including the ability to opt out of heat maps altogether.
“Our heatmap provides a visualization of activities around the world, and many of you use it to find places to be active in your hometown or when you travel,” Quarles said.
Some users who had agreed to share their information, however, were in sensitive locations with little other activity density.
In response, Strava said it will work with military and government officials to review the feature and address potentially exposed sensitive data, increase awareness about its privacy and safety tools and simplify policies to make it easier for users to control their data.
“Many team members at Strava and in our community, including me, have family members in the armed forces,” said Quarles. “Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us.”