Hey everyone, I woke up a very happy man today when I saw that longed "Your submission was approved!" email from Strava!
I submitted my API rate limits increased application on 9th June and it just got approved today to 999 users on the 11th June! I asked for 5000, but that's okay, I can prove user activity first then re-apply once I hit 999. I also joined this forum yesterday (10th June) to give feedback to many posts regarding their API review questions. If you notice all my comments, they're meant for advocating good policy adherence. I believe that my submission approval in 2 days goes to show that I have somewhat of a decent understanding of what good Strava API policy adherence means.
A few things I think made the difference:
1. Do a full policy audit before submitting. Go through the API Agreement and API Policy line by line. Fix every gap before you hit submit, don't leave anything for Strava to flag. Instead of using AI features in my app, I used AI to scrutinise my app and it's policies more than dozen time access different models and calling out the BS (a lot of the models keep pointing to older Strava API policies, you need to keep instructing them to adhere to the latest June 2026 policies)
2. Privacy policy has to be airtight. Make sure it explicitly covers Strava data collection, retention, deletion and user rights. Vague or generic privacy policies are an easy rejection. Need to adhere to local Privacy laws and mention them. You need to put yourself in the shoes of your user, Strava, and your local laws.
3. Brand guidelines down to the pixel. Correct Connect with Strava button, correct Powered by Strava attribution, no modified logos anywhere. Correct and intentional placement.
4. Be specific about your data usage. Don't just say you use activity data. State exactly which endpoints, which scopes, what you store, how long you store it and why. Every single feature that uses Strava data is explicitly mentioned and how all activity is deleted within 7-days. Only data I keep is activity timestamp for logging recorded/detected activities, nothing else.
5. Webhooks fully implemented and tested for deduplication. Strava OAuth and Revoke (User deletion) fully proven and tested. Common bugs I faced and fixed, every login asked for app authorization, account revoke didn't actually revoke the app, webhooks weren't subscribed and after subscription were failing authorization. All these issues were ironed out, tested and hardened.
6. Show you complement Strava, not compete with it. Be clear in your description that your use case adds something Strava doesn't already offer. Honestly this is where I spent most of my thinking. I scraped 2 ideas and prototypes each bringing me to my current idea that is fully compliant although very stripped down.
I architected and built my app from scratch with Policy-first in mind, every feature I intended to introduce must be policy airtight, unfortunately I had to drop many many features but it got me to think really creatively. No leaderboards, no dashboards, no AI coaching, and the killer: no pace, no distance mentioned anywhere in the app 😉
