Privacy Policy

How we protect and handle your personal information

Last updated: October 2025

Our Commitment to Privacy

At Strava MCP Server, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our Model Context Protocol (MCP) server service.

Contact Information:
Email: help@stravamcp.com
Website: https://stravamcp.com

Information We Collect

Strava Account Information

When you connect your Strava account, we receive:

  • Basic profile information (name, username, profile picture)
  • Activity data (workouts, routes, performance metrics)
  • Athlete statistics and achievements
  • Starred segments and created routes

Note: We only access data that you have made available through your Strava privacy settings and the permissions you grant during OAuth authentication.

Authentication Data

  • OAuth access tokens and refresh tokens (encrypted)
  • Session identifiers and expiration dates
  • Device fingerprints for seamless authentication

Technical Information

  • Browser User-Agent strings (for device identification)
  • IP addresses (for security and rate limiting)
  • Request timestamps and API usage patterns

How We Use Your Information

✅ What We Do

  • Provide real-time access to your Strava data via MCP
  • Maintain secure authentication sessions
  • Automatically refresh expired tokens
  • Provide customer support and troubleshooting
  • Monitor service health and performance

❌ What We Never Do

  • Train AI models using your data
  • Sell your data to third parties
  • Store activity data permanently
  • Share data with advertisers
  • Access data beyond granted permissions

Data Storage and Security

Where Your Data is Stored

  • Authentication Tokens: Encrypted in Cloudflare KV (global edge storage)
  • Session Data: Temporarily stored with automatic 30-day expiration
  • Activity Data: Not stored - fetched in real-time from Strava API
  • Geographic Location: Stored globally across Cloudflare's edge network

Security Measures

  • 🔐 End-to-end HTTPS encryption
  • 🛡️ OAuth 2.0 secure authentication
  • 🔑 Encrypted token storage
  • ⏰ Automatic token refresh
  • 🔒 Per-user data isolation
  • 🚫 No permanent data retention
  • 📊 Rate limiting and monitoring
  • 🏢 Enterprise-grade infrastructure

Data Sharing and Third Parties

Authorized Sharing

We only share your data with services you explicitly authorize:

  • AI Assistants: Data is shared with your chosen AI assistant (Poke.com, Claude Desktop, etc.) only when you make specific requests
  • Cloudflare: Our hosting provider processes data to deliver the service (covered by their privacy policy)
  • Strava: We communicate with Strava's API to fetch your authorized data

No Unauthorized Sharing

We never share your data with advertisers, marketers, data brokers, or any unauthorized third parties. Your fitness data belongs to you and stays private.

Your Privacy Rights

🔓 Access Your Data

Request a copy of all personal data we have about you

✏️ Correct Your Data

Update any incorrect information in our systems

🗑️ Delete Your Data

Request immediate deletion of all your personal data

📦 Port Your Data

Export your data in a machine-readable format

🛑 Opt-Out

Disconnect your account and stop data processing

📞 Contact Support

Get help with any privacy-related concerns

To exercise your rights: Email us at help@stravamcp.com with your request. We'll respond within 30 days.

Data Retention

Automatic Deletion

Authentication Sessions: 30 days (automatically renewed when active)

OAuth Tokens: Until you disconnect your account

Activity Data: Not stored - fetched in real-time only

Technical Logs: 90 days for security and troubleshooting

Account Deletion

When you disconnect your Strava account or request deletion, we immediately remove all stored authentication data and personal information. This action is irreversible.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make changes:

  • We'll update the "Last updated" date at the top of this policy
  • For significant changes, we'll notify users via email or dashboard notification
  • Continued use of our service after changes constitutes acceptance of the updated policy

We recommend reviewing this policy periodically to stay informed about how we protect your information.

Contact Us

Privacy Questions

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: help@stravamcp.com

Subject: Privacy Policy Question

Response Time: Within 48 hours

Data Requests

To exercise your privacy rights or request data deletion:

Email: help@stravamcp.com

Subject: Data Request - [Your Request Type]

Response Time: Within 30 days