I agree with your primary statement that Strava’s not private - users need to accept it, or go with #5 on your list, all activity private.
Here’s where I think your summary could be clarified for strava novices or someone really wanting to understand how strava privacy works:
#2 - Enhanced privacy & not approving follower requests makes it HARDER for non-followers to see your rides, but it’s still possible (and requires little work if your Employer decided to check up on you)
#3 - Change this to don’t join a club vs public club (It doesn’t matter if it’s a public or closed membership club. Club activity is currently accessible to all strava users through the club page)
Finer points sure, and not looking to pick a fight, just being detailed because many people don’t understand how it works, especially the whole public vs closed club/non-follower aspects.