Hi everyone,
I’m looking for advice regarding the Strava API increased athlete capacity review process.
My app, SummitGo, has been rejected multiple times, but the rejection email only contains the standard list of possible reasons. I understand that Strava may not provide individual feedback, but I’m trying to understand what could still be wrong before submitting again.
SummitGo is a mobile outdoor exploration and achievement app for hikers, runners and outdoor users. It helps users turn completed outdoor activities into private SummitGo progress, including visited mountain points, timeline entries, achievements and quest completion.
The Strava integration is read-only. An authenticated user can connect their own Strava account via OAuth and import their own Strava activities into their private SummitGo account.
SummitGo uses Strava API data to:
-
display the authenticated user’s own activity list inside SummitGo;
-
let the user choose an activity for import;
-
temporarily process the activity route to detect nearby SummitGo points of interest;
-
create private SummitGo progress records, timeline entries and achievements;
-
prevent duplicate imports using the Strava activity ID;
-
allow the user to manage their Strava connection and delete imported Strava-related data.
Strava data is visible only to the authenticated user who connected their Strava account. SummitGo does not display one user’s Strava data to other users.
SummitGo does not permanently store Strava GPS tracks, polylines, route coordinates, or raw Strava activity JSON. GPS route data is processed temporarily during import only. After processing, SummitGo stores only the minimum resulting records needed to show private user progress and support deduplication/deletion.
SummitGo does not sell Strava data, does not share it with third parties for advertising, does not use it for AI/ML training, and does not use it for benchmarking or customer insight products.
Users can disconnect Strava and delete imported Strava-related data from within the app. Support, Privacy Policy and Terms links are visible inside the Strava integration screen.
API usage is optimized: activities are fetched only for authenticated users, pagination and filters are used, detailed GPS data is requested only when the user selects an activity for import, and new activity monitoring is optional and controlled by the user.
The app also has visible in-app controls for:
-
Connect with Strava;
-
Disconnect Strava;
-
Delete imported Strava data;
-
Support;
-
Privacy Policy;
-
Terms.
I submitted screenshots showing these screens and the private user flow.
I’m not asking anyone to override the review decision. I’m only trying to understand what area may still be problematic:
-
Does this use case not qualify as a complementary experience for Strava users?
-
Could the temporary processing of GPS route data still be considered a privacy concern, even if routes/polylines are not stored?
-
Could optional new activity monitoring be seen as an API optimization issue?
-
Could there be a branding or wording issue in the app/screenshots?
-
Is there anything obvious in this description that could conflict with the API Agreement or API Policy?
Any advice from developers who successfully passed review would be greatly appreciated.
Thanks,
Damian
