As someone who works with clients, some with more restrictive rulesets than others, we opt to treat ALL client data/information/processing to the most stringent rules set by our clients. I disagree with Strava's action in this case, but I do understand what they're doing and why.