Privacy Policy

What we do

Strava for Claude is an MCP (Model Context Protocol) server that connects your Strava data to Claude, Anthropic's AI assistant. It allows Claude to read your activity data and provide training insights.

Data we access

When you connect your Strava account, we request read-only access to:

• Your public profile information
• Your activity data (rides, runs, etc.)

We do not modify, delete, or create any data on your Strava account.

Data we store

We store the following data, encrypted at rest using AES-256-GCM:

• Strava OAuth tokens — used to access your Strava data on your behalf. These are automatically refreshed and can be revoked at any time.
• Strava API credentials— if you use the "bring your own app" setup, your Client ID and Client Secret are stored encrypted.

We do not store your activity data. Your Strava data is fetched in real-time when Claude requests it and is not cached on our servers.

How your data is used

Your data is used solely to provide training insights through Claude. We do not:

• Sell or share your data with third parties
• Use your data for advertising
• Use your data for any purpose other than providing this service

Third-party services

• Strava — your data is accessed via the Strava API under their API Agreement
• Vercel — the application is hosted on Vercel
• Upstash — encrypted tokens are stored in Upstash Redis

Revoking access

You can disconnect at any time by revoking access in your Strava app settings. This immediately invalidates all stored tokens.

Contact

For questions about this privacy policy, open an issue on GitHub.