How lope handles your Strava data

Authorizing Strava access means giving lope read permission to your training history. Here's exactly what we read, what we don't, where it lives, and how to delete it if you change your mind.

What lope reads

The Strava OAuth scope lope requests is activity:read_all and profile:read_all. In plain language, that gives us:

  • Your activity history — every run you've logged on Strava, including private and follower-only activities
  • Per-activity streams — heart rate samples, GPS coordinates (encoded as polylines), pace, cadence, and altitude over time
  • Lap data — the splits Strava captures from your watch
  • Activity metadata — name, description, type, race tags, workout types you've assigned, perceived exertion if you've logged it, and segment PR counts
  • Profile info — your name, profile photo, athlete ID, weight (if set), and unit-of-measure preference. We use weight only when present and use the unit preference to seed your default in-app units (overridable in your lope profile).

What lope doesn't read

The OAuth scope above doesn't grant us social-graph data, and we don't request it. lope cannot see:

  • Your social feed
  • Comments, kudos, or reactions on your activities
  • Your followers or who you follow
  • Other athletes' activities
  • Direct messages

We also don't pull data we'd theoretically have permission to. We don't use your photos. We don't mine your activity descriptions for marketing copy. We don't look at non-running activities (rides, swims, hikes) beyond enough to ignore them in run-specific analysis.

Where your data lives

lope runs on Fly.io. Your synced activities and derived metrics sit in a SQLite database on a single persistent volume in a single region. Backups are kept for 24 hours. The database is not replicated to third-party services, not shipped to analytics providers, and not used to train external AI models.

The coach uses Anthropic's Claude API to generate responses. When you chat with the coach, your training context is included in the prompt; Anthropic's API does not train on prompts or completions from API customers like us. We retain your chat history in our database so the coach has continuity across conversations.

Strava OAuth: what you authorize, what we store

When you click “Connect Strava,” you're sent to Strava's authorization screen. Strava handles the consent. We never see your Strava password.

What lope receives back: an access token (short-lived) and a refresh token (longer-lived) tied to your athlete ID. We use the refresh token to get new access tokens as they expire. You can revoke access from your Strava settings at any time, which immediately invalidates both tokens.

How sync works

On first connect, lope fetches your last several years of activity history (up to Strava's API limits) and processes each one through the analysis pipeline described in per-run analysis. This takes a few minutes for most accounts.

After that, lope subscribes to Strava webhooks for new activities. When you finish a run and it lands on Strava, we get a notification, fetch the activity, and run it through the pipeline. Most activities are processed within a minute or two of appearing on Strava.

If Strava rate-limits us or returns an error during sync, we back off and retry. You won't see a broken or partially-synced activity in your dashboard — either it's fully processed or it's pending.

What you can do

Re-sync at any time

A “Sync Strava” button in the app re-pulls recent activities. Useful if you edited a Strava activity (renamed it, fixed the type) and want lope to see the update.

Override what lope inferred

If lope misclassified a run, override it on the activity detail page. If your zones look wrong, edit them in your profile settings. lope respects your overrides on every subsequent calculation.

Disconnect Strava

Revoke lope's access from your Strava settings. Your existing data stays in lope unless you also delete your account; new activities will stop syncing.

Delete your account and data

Email hello@lopeapp.com with a deletion request. We wipe your athlete profile, all synced activities, derived metrics, chat history, training plans, and notes. The Strava sync token is invalidated. We aim to complete deletion within 7 days.

What we don't extract today

Strava's API exposes more data than lope currently uses. Two notable fields we're aware of and not yet pulling:

  • Temperature. Strava records the temperature at activity start when your device reports it. A hot run vs a cool run with identical splits is a different story for the coach. On the roadmap.
  • Power data. Stryd and similar running power meters publish to Strava. We don't currently parse the power streams.

When we add either, we'll update this doc and tell you in the app.

If you have questions

Privacy questions, deletion requests, or anything else: hello@lopeapp.com. The full legal terms are in our Privacy Policy; this doc is meant to be the plain-language version.