More and more I’m enjoying spark email clients on OS and iOS. I cannot figure out how they are making money offering such a good product for free. Concerned that they’re using my email data in someway does anyone have any feedback on this issue?
Personally I’ll be happy to pay for it since it’s such a high-quality program if it provided me more security.
John
I stopped using spark a few years ago because of this. Would have loved to see more clarity on their earnings model for spark. Nothing showed so I went back to the stock mail app.
We’ve discussed this a few times before here. Here’s what I’ve noted: apps like Edison and Spark and Newton Mail scrape your info, try to de-identify and anonymize it, then resell the metadata. Edison even has the following scary commerce page in which they crow about being able scrape emails to offer travel booking behavior, info on items sold by companies and their final prices, what groceries, stores, brands are involved, and “research with deep geographic resolution and compete at a granular level”
Apple doesn’t do any of that (although if you’re using another email provider, like Gmail, Google has that info already).
Spark and Edison claim they de-identify and aggregate your email data, but I still find it unacceptable, which is why I use my me.com or my Gsuite (which unlike Gmail doesn’t track and use data from emails) for my purchase receipts, and why I don’t sync my contacts with facebook, gmail or Yahoomail,
Different people have differing comfort levels for how much of their lives they’re willing to open up in exchange for services. Yours might be more accepting. But allowing mail providers to scan and harvest info from my email is just not acceptable to me. For hundreds of millions of Gmail users it’s acceptable (assuming they even realize it’s happening) but I don’t like it, and I don’t particularly have confidence in Readdle’s ability to have sufficient security to protect my mail coursing through their servers.
Spark:
• sends statistical data to several services known for bad privacy policies (Google, Facebook) to which there’s no way to opt out. (“We use third party services, such as Google Analytics, Facebook Analytics and Amplitude, to collect and analyze how you use Spark.”)
• automatically creates an account with the first address entered, and subscribes you to their newsletter. (“The first email you add to Spark is used as your username. We might use that email address to reach out to you periodically”)
• stores credentials for your email accounts on their servers.
• stores your emails on their servers to push them to your devices. (“We then use the authorization provided to download your emails to our virtual servers and push to your device.”)
In a 2015 blog post entitled “How we handle your account information in Spark” they wrote, “Some people raised a question about why do we store access tokens even if you have decided not to use Push Notifications. It’s a valid question and, in the next update of Spark, we will change this behaviour.” Does it currently still storing the tokens even if you don’t use Push notifications - I don’t know.
They also use Amplitude to track how you use the app. Personal data is used (without explanation) “to improve the Product”.
Their security? An “appropriate level” of protective measures.
Whatever that means.
Even if in this case deanonymization cannot be teased out of large data sets (as it most certainly does in web browsing and other online spheres) via field matching or weak data masking, the fact that they want to use my data to package and sell is sufficient for me to never ever use them. YMMV.
"We only obtain information necessary to provide you
with our services…Some of the data of our users is
aggregated for statistical purposes and processed in the
legitimate interests as stated in section 2 above"
Indeed: they’re admitting that they scrape your data and sell it as their business model. They say “we” don’t market to you, but your data is indeed scraped and promised to be anonymized when sold.
Finally, some opting out is only possible on a browser-by-browser basis via cookie, and if you have a policy of deleting cookies regularly (I have an app which does this every 45 minutes ) then even this doesn’t help me.
There’s money to be made in seeing what people buy, and when, and at what prices, and what newsletters they subscribe to, and where they’re located, and what their political affiliations are. I’d rather use mail that doesn’t let anyone get that insight if I can help it. Disgraced Andy Rubin, formerly of Google and then Essential Phone, recently bought CloudMagic and is resurrecting Newton Mail, with an eye to doing the same data harvesting as Google, Edison and Readdle. He’s certainly not doing it out of the goodness of his heart. But again, if you’re okay with your data presumably being anonymized (although we’ve found time and again that reidentification can be parsed out in other anonymized instances) and if you’re willing to trust the provider’s ability to have hardened security day after day going forward, then go for it.
I’m a huge fan of all of Readdle’s apps and I use them multiple times a day. But those are apps I paid for and which don’t glean information about me. I’m less sanguine about the Ukranian company’s service related security, or their new ‘free’ business model for my email. 
Based on rumors for Apple’s update to its mail app, I look forward to more privacy-oriented advancements.
Thanks Svirsky for asking the right question. Thanks bowline for such a thorough answer. I learned a little more about email app monetization. So, I guess this means stick with Mail and watch the keynote today.
thank you for such an in depth analysis, your process was very helpful to me in making my decision. Also, appreciate you introducing me to Cookie 5 sounds like a great little app.
The kids today have no expectation of privacy, in some ways maybe it is easier.
John
thanks for letting me know about the pricing, wonder if that ensures more privacy as it does with GSuite? Do you have any idea? John
I can’t say for sure, but it answers the question of whether they have a way to make money without selling out their users. Between that, Readdle’s clarification of why they temporarily store data, and the straightforward way they make money on their other apps, I’m satisfied I’m responsibly using it for the email account I have connected.
I switched from Airmail to Spark recently. Mainly because I expect “email” to work. When bugs become a daily thing, it’s no longer productive and helpful. I would exit and close Airmail several times a day because it would lock up.
As far as privacy goes, I used to be all about privacy. Then I realized something, I gave away any privacy I thought I had the day I made my first e-mail address, then came the online shopping age, the auction sites, the social media network sites. Then came the cloud wars, you know the one where the provider says “unlimited storage” for your pictures, only to find out you are signing away for your photos to be used per the terms and conditions.
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.
Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
Using a third-party application (calendars, email clients, etc) the credentials need to be stored somewhere to get those push notifications and those badges on our phones. Privacy died a long time ago when we signed up for services, just my 2 cents.
Hi guys! Let me clarify a few points here:
At Spark, we never sell your data. This is against our principles as a company.
Our business model is pretty simple: Spark is free for individual users and offers Premium plans for teams.
Spark is brought to you by Readdle, developers of popular productivity apps like Documents, Scanner Pro, PDF Expert, Calendars 5. We’ve been on the App Store since day one, and our apps were downloaded 135M times. Our team has built a sustainable business model with these paid apps, and we’ve never raised investors’ money.
Obviously, as an email client Spark needs access to some of your data. And we are always honest and transparent about this. In this article, we answer all the frequently asked questions about the Spark privacy: https://sparkmailapp.com/blog/privacy-explained
Make sure to check it out!
@Maria_from_Readdle Readdle did it right long time ago (2015), if users chose to opt out of certain features to protect their privacy:
But now Spark stores credentials on Readdle’s servers, even if it could be done locally on the device only (if users still opt out of those features) 
(confirmed by Readdle support via email)
FYI the ‘Privacy Explained’ link Maria provided is the distilled explainer-page rather than the privacy page itself, which you can read here:
https://sparkmailapp.com/privacy
It’s heartening that unlike with some other email apps there is no mention about ‘sharing’ anonymized aggregate data with 3rd parties. (It’s permissible in the USA but the European Union’s General Data Protection Regulation [GDPR] considers pseudonymous or encrypted data as a part of personal data as it can be used to re-identify a person.)
Heartening… with one exception/possible loophole.
Spark uses Amplitude “to better understand general usage patterns for our Product”. This is not a simple downloaded app, it is a highly sophisticated behavioral analytics platform. And while they say “This tool does not provide us with any additional personal data about you or your behavior online” it does not state that Amplitude itself does not benefit from gathering and repackaging info about what you subscribe to (that Spark is not provided), when you open it, what you’ve bought and form whom, what prices were paid, etc. (Also, what does “behavior online” mean in the specific context of received email content?)
Amplitude is not a cheap product. One wonders about possible sliding fees in exchange for its ability to siphon user data, or whether access to that info by Amplitude is simply a requirement in order to use its platform.
Spark also uses tracking pixels in its emails to you, and the only way you can retain privacy from them is onerous: “You can disable image rendering in your email client which will deactivate this feature, however you will be unable to see any images within other received emails.”