Fitness data privacy and security are messier than most of us think.
Suvi Loponen, Unsplash
It starts in the same way as every other day: a familiar loop ending at the local cafe, stats scrolling while you sip the limited-edition filter brew: cadence, power output, heart rate, maybe even sleep quality from the night before. You post it with a clever name, tag a friend, and share a photo of your dog. Because, why not?
For many, this is a post-ride ritual. For the app and the company behind it, it’s a bundle of personal data: location history, your fitness status, device metadata collected, stored, analysed, and perhaps sold onwards. Once recorded and then shared, it’s not just your data anymore, and it might not stay private, either.
Apps are everywhere in cycling today. You likely post ride data to Strava, Garmin Connect, Trailforks or Ride With GPS. Training data goes to still other platforms. You monitor battery life and update firmware on your electronic shifting with SRAM AXS or Shimano E-Tube. If you use a head unit from Wahoo, Hammerhead or others, there’s an app for that. For indoor riding there’s Zwift, Rouvy and a half dozen more.
The data that we share through these multiple services and apps can easily map our daily routines, tell others where we live, and even share private health information like our sleep patterns – information which then ends up being used by companies that you might have never even heard of.
It’d be easy to say that you don’t have to worry about all this, or shrug it off as “It’s all out there anyway.” But the reality is that apps such as Strava, Zwift, and Coros hide a privacy minefield that most users never even think about. Many of these platforms have been subject to data breaches, as well as exposed to serious security vulnerabilities that could compromise the users’ data. Apart from malicious acts, the privacy policies that govern how companies can use your data mean that most things you share are at the very least being used for commercial purposes.
And in essence, all of that can erode our control over our privacy. The question is, does that really matter?
Should I care about privacy?Photo by appshunter.io on Unsplash
Some argue we’ve already lost the battle on privacy because so much of our lives exists online, scattered across different platforms. It’s a fact that much of our data is now digital, and companies have access to incomprehensible amounts of information about every single one of us – even those whom you might have assumed had a better sense of their privacy than an ordinary citizen.
That’s what happened in July 2025, when uploads to Strava were found to reveal the whereabouts of Swedish prime minister Ulf Kristersson. This wasn’t Strava’s fault; rather, the prime minister’s bodyguards had uploaded their activities closely following the head of state, without changing their privacy settings on the popular app.
While Kristersson didn’t face any safety threat because of his staff’s mistake, nor are the majority of us responsible for the safety of a state head, this incident is an example of how, sometimes, unintentionally, we share more than we intend.
Dr. Ali Farooq, lecturer in computer information and sciences at the University of Strathclyde in Scotland and expert in digital security, admitted that big organisations are now likely to “know much more about us than we do,” but he emphasises that it’s important for everyone to pay attention to what that means.
This post is for paying subscribers only
Subscribe now
Already have an account? Sign in
Did we do a good job with this story?
👍Yep
👎Nope