Garmin, Strava, TP, TR…Oh My!

  1. Unless otherwise required by applicable law or agreement with the applicable user to retain such data, if a user revokes the authorization previously granted for your Developer Applications to access to their Strava account, you must ensure that all Personal Data pertaining to that user is deleted from your Developer Applications and related networks, systems and servers. If you stop using the Strava API Materials altogether or if your Strava API Materials access is revoked, you must delete all Personal Data in the same way.

Considering the text in bold. I read this as in either scenario where a user or Strava revokes access you may retain data where required by applicable law or via an agreement to retain the data with the applicable user.

In my opinion, you could require the right to retain Strava data in TOS. Your site already allows a user to delete the data or account. An alternative would be to create the agreement when a user connects Strava, with a check box for something like “retain Strava data if Strava access is revoked” - I find this preferable as it gives a user more choice. Persistent data seems like best practice and more predictable for the user, so the check box could default to checked to avoid mistakes where a user looses data.