At Readdle, we believe privacy is a fundamental human right. That’s why we never sell your data. We are committed to creating amazing products that provide a safe and secure environment for tens of millions of our users. Being honest and transparent is one of our main principles. This blog post here is meant to better explain our principles and the Spark Privacy Policy.
First things first. We don’t sell or unlawfully share your personal data with any third parties.
Spark is fully GDPR and CCPA compliant. We take all the required security measures to protect your data. And you have the right to know how it’s used and ask to delete your data.
Now, we are happy to answer the most frequently asked questions.
What is Spark’s business model?
Our mission with Spark is to create an effortless and remarkable email experience for everyone. Spark’s business model is simple: All essential email features are free for everyone — Spark makes money by offering Premium plans for individuals and teams/organizations.
About Readdle
Readdle is a well-known company that creates popular productivity apps such as Scanner Pro, PDF Expert, Documents, and Calendars. We’ve been doing this for 12 years. People all around the world have downloaded our premium productivity apps 135 million times. A team of 182 professionals work every day to make your life easier, to create products, apps, and features to save you time, delight and automate your routines. Our mission is to improve people’s lives. At this scale, we are proudly independent. This means that we’ve never raised investors’ money.
Principles of working with our Customers’ Data
We value the trust of our users and always rely on these principles while working with your data:
- Purpose limitation. Spark uses your data only to provide you with amazing services and features. Also, the Spark team is using the anonymized analytics in order to create better experiences and to optimize the product. We don’t use your data for any other purposes.
- Data minimization. We won’t ask for more data than is needed to provide you with the service. We always delete your data once it’s no longer necessary.
- Honesty and transparency. We are always clear about what data we collect and why.
- Security. We use the recommended industry practices to keep your data safe.
- Respect for your rights. Spark is GDPR and CCPA compliant, and you have the right to get access to your data or require its deletion. We are committed to dealing with all privаcy requests promptly and transparently.
How email clients work and what data they collect
As an email client, Spark needs to have access to some of your data. It’s impossible to use an email app that can’t access your email account. We use your personal data only when it’s absolutely necessary to make Spark work as you expect.
Here are the cases when Spark needs to use your data:
1. Read and send emails
Spark needs to check and send emails from your email account. Otherwise, you won’t be able to read or compose emails in the app. This is how every email client works.
For services like Gmail, Outlook or Yahoo, we store an application-specific token. This means that we don’t have your actual password. You can revoke this access token at any moment from your email account on the web. For example, if you’re a Gmail user, you can do it here. For services like AOL, Exchange and custom IMAP accounts, this access token is your email login and password. You can also create an app-specific password to connect your account to Spark (for example, it’s a must for iCloud accounts).
All connections to our servers are protected with TLS. The servers' databases are encrypted, and to make things even more secure we additionally encrypt your password in the database.
2. Receive notifications
To compose and send you notifications, Spark syncs the subject and a part of your message, encrypts this information and stores it on its secure servers. Encryption means that humans can’t read the contents of your message.
The encryption key is saved locally on your device, so only you have access to it. As a step to minimize the amount of data we store, we delete this encrypted information from our servers in 4 hours after sending a notification as this data is no longer needed.
Spark requires the server-side processing to send you push notifications, so you don’t miss important emails. This is how the Apple Push Notification service works.
3. Advanced email features
The content of the emails you send and receive is stored on the server of your email account (Gmail, Outlook, Yahoo, etc.).
At the same time, Spark offers advanced email superpowers and team functionality to let you and your colleagues share, draft, and discuss emails together. These features require our server-side email processing to work. All the information we store is encrypted.
Here is the list of Spark’s advanced features that require the support of our servers:
- Teams
- Shared Emails and comments
- Shared Drafts
- Shared Links
- Delegation
- Templates
- Send Later
Spark offers the Send Later feature that lets you send an email on the chosen time. For example, when you schedule an email to be sent at 12 PM tomorrow, Spark encrypts your message and stores it till that time. After the message is sent, it’s instantly deleted from our servers.
We’re on a mission to build the most powerful email client out there, and this absolutely requires the server-based features which our users love.
Where are Spark’s servers located? Are they safe?
To make everything as safe as possible, we don’t use our own servers. Instead, we rely on Google Cloud service, one of the most secure solutions available in the industry. Leading tech companies like PayPal, Twitter, and Atlassian also use Google Cloud to process user data.
Our cloud infrastructure is hosted by Google in the US, which is fully SOC-2 and ISO 27001 certified. Google Cloud service meets the requirements of Standard Contractual Clauses. This is a mechanism (after invalidating the US-EU Privacy Shield framework) for the lawful transfer of personal data from the European Union to countries outside of the EU under the EU GDPR. Thus Google Cloud meets the GDPR standards for the transfer of personal data outside of the EU.
How to remove data from Spark?
You can remove your data from Spark anytime you wish. Here’s how:
- On Mac, click Spark > Preferences > Remove My Data From Spark.
- On iOS, open Settings, tap your email address at the top and select Remove My Data From Spark.
- On Android, go to Settings, select your email address and tap Remove My Data From Spark.
To start the data deletion process under GDPR or CCPA or request a copy of all data associated with your specific email account, please send an email at dpo@sparkmailapp.com.
Wrapping up
Our mission is to build the best email client for professionals and their teams. We believe that privacy is a fundamental human right, and we’re doing our best to double down on that.
As an email client, Spark only collects and uses your data to let you read and send emails, receive notifications, and use advanced email features. We never sell user data and take all the required steps to keep your information safe.
If you have any questions regarding Spark privacy, feel free to contact us at dpo@sparkmailapp.com.
Update: This article has been updated in January 2023 to reflect the introduction of Spark Premium plans for individuals.
