On March 13, a crew member aboard the French nuclear aircraft carrier Charles de Gaulle finished a workout, synced his watch, and let Strava upload the activity with full GPS data. Public profile. Default settings. The route pinpointed the carrier’s position off the coast of Turkey during a classified deployment.

French military intelligence wasn’t thrilled.

This isn’t the first time Strava has accidentally mapped sensitive locations. Back in 2018, the Strava Global Heatmap lit up military bases in Afghanistan, Syria, and Somalia because soldiers ran laps with default privacy settings. Eight years later, the same problem just exposed a nuclear-powered warship.

You’re probably not hiding an aircraft carrier. But your fitness apps are broadcasting your exact running routes, home address, gym location, and daily schedule to anyone who looks. And most people never touch the privacy settings.

Here’s how to fix that on every major platform.

Why Default Settings Are the Problem

Fitness apps want social features turned on. More sharing means more engagement, more engagement means more subscriptions. So the defaults lean toward public.

That means your GPS tracks, activity times, and location data are often visible to strangers unless you actively change things. For most runners and cyclists, the risk isn’t military — it’s personal safety. Your morning run broadcasts where you live, what time you leave, and the route you take. Every single day.

The good news: every major fitness platform has privacy controls. The bad news: they’re buried in settings menus and almost nobody configures them.

Let’s go app by app.

Strava: The Biggest Offender

Strava is ground zero for fitness privacy problems. It’s the most social fitness platform, which means it exposes the most data by default.

Step 1: Set Your Profile to Private (or Semi-Private)

1. Open Strava → Settings → Privacy Controls
2. Set Profile Page to “Followers” (only people you approve can see your activities)
3. Set Activities to “Followers” (this is the big one)
4. Set Group Activities to “Followers” or “Only You”

If you want some social interaction but don’t want strangers stalking your routes, “Followers” is the right balance. You approve who follows you.

Step 2: Enable Map Privacy Zones

This is the single most important setting and most Strava users don’t know it exists.

1. Go to Settings → Privacy Controls → Map Visibility
2. Toggle on Hide Start and End Points
3. Add a Privacy Zone centered on your home address (set the radius to at least 200 meters, ideally 400)
4. Add another privacy zone for your workplace

Privacy zones hide your GPS track within the radius, so nobody can figure out your exact address from your activity maps. You can add multiple zones.

Step 3: Review Past Activities

Here’s what people miss: privacy zone changes don’t apply retroactively to activities already uploaded. If you ran from your front door 500 times before adding a privacy zone, those routes still show your address.

Go to your activity list and either delete old public activities or change them to “Only You” visibility. Tedious, but necessary if you’ve been running public for years.

Step 4: Check Flyby and Local Legends

• Flyby lets other Strava users see when you crossed paths with them. Turn it off: Settings → Privacy Controls → Flyby → set to “No One”
• Local Legends and Segment Leaderboards can reveal where you train regularly. If that matters to you, opt out of leaderboards

If you recently had to migrate your Strava login away from Facebook, now’s a good time to audit all these settings while you’re already in the account.

Garmin Connect: Better Defaults, Still Needs Work

Garmin Connect is less social than Strava, but it still shares more than you might expect, especially if you use Garmin’s newer social and coaching features.

Step 1: Set Activity Privacy

1. Open Garmin Connect → tap your profile icon → Settings → Privacy Settings
2. Set Activity Visibility to “Connections” or “Private”
3. Under Profile & Settings, set Profile Visibility to “Connections Only”

Step 2: Disable LiveTrack (or Lock It Down)

Garmin’s LiveTrack feature shares your real-time location during activities. Useful for safety, but dangerous if set to share with everyone.

1. Go to Safety & Tracking → LiveTrack
2. Either disable it or set it to share only with specific contacts
3. Make sure Auto Start is off unless you intentionally want LiveTrack every ride

Step 3: Review Connected Apps

Garmin Connect shares data with a lot of third-party apps. Each connection is a potential privacy leak.

1. Go to Settings → Connected Apps
2. Remove any apps you no longer use
3. For apps you keep, check what data they’re receiving. Some pull full GPS tracks when they only need summary stats

If you use Garmin with Peloton’s new two-way sync, double-check what Peloton is pulling from your Garmin data.

Apple Fitness / Apple Watch: Decent by Default

Apple is better about privacy defaults than most. But there are still settings worth checking.

Step 1: Activity Sharing

1. Open Fitness app on iPhone → tap your profile → Sharing
2. Review who you’re sharing activity data with
3. For each person, you can choose to hide your activity or remove them entirely

Step 2: Location Services for Workout Apps

1. Go to Settings → Privacy & Security → Location Services
2. Find Fitness and any third-party workout apps
3. Set to “While Using” instead of “Always.” No reason a workout app needs your location 24/7
4. Toggle off Precise Location for apps that don’t need exact GPS (yoga apps, home workout apps)

Step 3: Health Data Sharing

1. Go to Settings → Health → Data Access & Devices
2. Review which apps have access to your health data
3. Remove access for apps you’ve stopped using

Apple doesn’t publicly share your workout routes by default, which is a genuine advantage over Strava. But if you share activities with friends or sync data to third-party apps, your location data flows through those channels instead.

WHOOP: Less Social, Not Zero Risk

WHOOP is primarily a recovery and strain tracker, not a social platform. But it still collects location data and has sharing features.

Step 1: Team and Community Privacy

1. Open the WHOOP app → Profile → Privacy
2. If you’re on a WHOOP Team (common for sports teams, gym groups), your strain, recovery, and sleep data may be visible to the team admin
3. Review what you’re sharing with your team and whether you’re comfortable with it

Step 2: Disable Activity Location

WHOOP tracks GPS for outdoor activities. If you’ve been looking at alternatives to WHOOP’s subscription model, keep in mind that some alternatives have even weaker privacy controls.

1. In activity settings, check whether GPS is recording for every activity type
2. For indoor workouts, GPS should be off. It’s just draining battery and logging your gym address

Step 3: Connected Apps

Same as Garmin: review what apps are pulling your WHOOP data. Each integration is a data leak vector.

Oura Ring: Small Device, Still Tracking

The Oura Ring 4 doesn’t have GPS, so it can’t broadcast your running route. But the app still collects location data through your phone, and the social features share more than you’d expect from a sleep tracker.

Step 1: App Permissions

1. On your phone, go to app permissions for Oura
2. Deny location access. Oura doesn’t need your GPS location to track sleep and recovery
3. Review notification and health data permissions

Step 2: Profile Privacy

1. In the Oura app → Settings → Profile
2. Make your profile private
3. Disable any community or social features you’re not actively using

The Bigger Picture: GPS Data Is Personal Data

The French carrier incident makes headlines because it involves the military. But the underlying problem applies to everyone.

Your GPS data reveals:

• Where you live (morning runs start and end at home)
• Where you work (lunchtime workouts near the office)
• Your daily schedule (same routes, same times)
• When you’re away (no activities at home = probably traveling)
• Your physical patterns (speed, fitness level, injuries from rest days)

That’s a stalker’s checklist.

And it’s not just about individual privacy. The 2018 Pentagon review of fitness app data on military bases showed that aggregated GPS data from thousands of users can reveal facility layouts, patrol routes, and staffing patterns. Your individual data might seem harmless, but combined with thousands of other users in your area, it paints a detailed picture.

Quick Privacy Audit Checklist

Run through this in ten minutes. Do it today, not “later.”

• Strava: Profile set to Followers only. Map privacy zones on home and work. Flyby off. Old activities cleaned up.
• Garmin Connect: Activities set to Connections or Private. LiveTrack locked down. Connected apps reviewed.
• Apple Watch/Fitness: Location set to “While Using” for workout apps. Precise Location off where unneeded. Activity sharing reviewed.
• WHOOP: Team sharing reviewed. GPS off for indoor workouts. Connected apps pruned.
• Oura: Location access denied. Profile private.
• Any other fitness app: Check profile visibility, activity visibility, location permissions, connected apps.

One More Thing

If you’re someone who uses AI coaching features in your fitness apps, pay extra attention. AI features often require more data access to function: more sensors, more location data, more activity history, more background permissions. That’s a trade-off worth understanding. More data flowing to the app means more data that could leak.

The French sailor’s Strava activity didn’t just reveal a carrier’s position. It reminded everyone that fitness apps are, at their core, location-tracking tools. They track where you go, when you go, how fast you move, and how often you repeat the pattern. That data is personal and, by default, far too public.

Lock it down. Ten minutes. Do it now.

---

Settings verified as of March 2026. App interfaces change frequently, so menu paths may shift with updates, but the settings themselves should exist in similar locations.