Strava declares war against scrapers ahead of the IPO.

AI companies have evolved into data-hungry organisations that require large datasets to train their models. To meet that need, many AI startups disregard long-standing Internet conventions – e.g.,

Respecting robots.txt files. This signals to automated crawlers which parts of the website are off-limits and allows them to aggressively scrape the data.

This trend has forced websites to restrict access to their data and in some cases make licensing deals with AI companies.

Fitness and social running company Stmoving is in this direction by restricting its website and charging a fee for developer access.

To prevent scraping, the company is increasing security around its website and will now only allow authenticated users to view certain data.

Previously, users were able to view details such as public profiles and fitness club listings without logging in. The company is keeping all that data behind authentication to protect it from unauthorised AI scraping.

On the API front, developers could start building apps on Strava through a free, tiered access programme – first applying for basic access and then requesting more as their app grew.

Now the company is adding a fee of $11.99 per month for all developers, although it notes that the price may vary by geography.

Strava said its developer community has grown from 185,000 members last year to 241,000 this year, and the company plans to continue supporting them.

As part of this, Strava also plans to add support for the Model Context Protocol (MCP), an emerging standard that lets AI assistants and apps access external data in a structured way, giving Strava more control over exactly what is shared and how.

The company is also planning to retire some API endpoints – separate access points that protect user data and let external apps pull specific data, such as club details.

Strava had already tightened API rules in 2024, banning its use for AI training and banning third-party apps from displaying other users’ data. Those changes attracted feedback. This feedback came from developers who said their apps would be severely affected.

Although some developers may accept payment of subscription fees, disabling certain API endpoints may impact dependent apps. Strava is giving developers a 90-day grace period before making these changes.

In an interview with TechCrunch, Strava CEO Michael Martin said that unchecked AI scraping could destroy the public internet.

“Given their endless need for training data, AI companies are ruthlessly scraping public websites, causing poor site performance,” Martin said. Over the past several months, we have had several instances where performance has decreased and, in some cases, degraded.

In addition to crawling public sites, they are also trying to use our API to gain access to our data, bypassing the API terms.

He said Strava has rejected overtures from major AI labs seeking data licensing deals. He particularly highlighted the perplexity that AI search startups routed their scrapings through aggregator services to obscure their origins, even though they were shunned.

This is consistent with Perplexity’s past accusations of similar behaviour elsewhere.

Martin also flagged server overload caused by poorly constructed Vibe-coded apps, whose API calls are often inefficiently structured and generate a disproportionate load on Strava’s systems.

It’s a pattern: When Meta banned third-party chatbots from WhatsApp last year, it made a similar argument about system overhead.

This timing is probably not a coincidence. Strava filed confidently for an IPO earlier this year, and its move to protect its data may be aimed at signalling data discipline to potential investors.

Martin quickly drew comparisons to Reddit’s 2024 crackdown on API access. Unlike Reddit, which priced API access based on the number of calls (making it unaffordable for many app developers), Strava is betting that a flat fee keeps the developer ecosystem intact.

“We want users to feel they own their data and feel comfortable with how we’re controlling and securing it. But we also want developers to continue to thrive and grow,” Martin said.