My friend just asked me: Does CityStrides collect my Strava friend list?
Just a thought!
Yeah, for the exact reason you mention - the effort of maintaining a list of things I don’t collect - I’m not likely to begin that effort. I suppose I can add a paragraph just below the “Data Collection, Usage, and Sharing” title which explicitly states that if it isn’t mentioned in the page then it isn’t collected.
Or perhaps a more technical mention of the scopes used? Link to Strava scopes? I guess I could check this out by … I think re-authenticating in incognito?
Ah, for Strava-specific “level of access” info … The connection requires read all access to activities, but that’s clearly and only requested during the login flow.
There are only two scopes presented during login (the screen allowing access to the Strava account):
- View data about your public profile (required)
- View data about your private activities
If both aren’t checked, I kick you back out through the login page.
This is also in the same land of it not making sense to list everything not being asked for - at least, that’s what Strava has also decided … They could have gone the UI route of displaying all possible options with the non-requested options greyed out and un-selectable. Instead they opted to show the checkboxes for the access the apps (CityStrides in this case) do request access to.
Adding to all of this, I need to write a generically accessible privacy page - readers could be using one/some of a various number of different services that may or may not provide similar levels of access.