I've just re-watched DCR. The three things are that an app may not do are:
Disclose data to another user or third party
Use data for training of "AI, ML or similar" models
Process or disclose Strava data (incl aggregated, de-identified data) for analytics, analyses, customer insights.
Strava's biggest asset is its huge volume of data from millions of individuals and it wants to be the only one allowed to do mass operations on that data. That is, sharing, leaderboards, social networking, training AI models, and generally data mining. They don't want a competitor piping data into their own db and then doing "Strava things" with it.
But they're happy for apps to provide individuals with user specific processing (eg like training analysis, square visiting). The problem arises once one of these apps has extracted a sufficient volume of user data to start to be able to do mass operations. Strava want these apps to "stay in their lane" serving their end users, and not take advantage of the volume of data they have accumulated to start doing "Strava things".
This is actually a reasonable approach. An app is there to do nice things for its users, and not as a cover to syphon data out of Strava in order for the app owners to use that data en masse for training models, data mining or social networking.
Let's say that Veloviewer allowed you to define things called "stretches" which were pre-defined bits of route. It would process all the Veloviewer users' rides against these "stretches" to see how fast riders were, and published leaderboards. This would be technically feasible and I think everyone would agree that Strava would have a right to be aggrieved that Veloviewer was trying to compete with segments.
But Strava just don't seem to have thought this through....
Is limited sharing with personal coaches really comparable to public sharing and social networking? No it isn't. They just didn't stop to think about this.
Are Veloviewer's leaderboards an abuse of the extracted data or harmless niche processing that in no way competes with Strava services? That's arguable but they are clearly against the new terms.
Is Trainerroad's use of data from Strava to train its "AI FTP model" an abuse of the data? (Note that's to train the model, not apply the model to an individual, that's OK) This is more arguable. Although I bet Trainerroad's AI FTP isn't really the result of a genuine AI model. It's probably a couple of formulas derived from an excel spreadsheet somewhere.
A bit of consultation with the major players (Trainerroad etc) might have resulted in a more nuanced and less heavy-handed approach.
