Is Your Email App Spying on You? Probably, but Spike Won’t!

Spike Team
By Spike Team, Updated on January 24, 2023, 12 min read
email security

Updated on Jan 24th, 2023

Ever get the feeling that you’re being watched? That someone is following you? That the guy sitting on the bench over there—guy in a trench coat, guy holding a large newspaper with two eye holes cut out—is actually spying on you? Or maybe it’s something a little more insidious. Those Amazon ads you keep seeing. Google Predict’s uncanny knack of knowing what you’re searching for after typing just two letters. That Facebook getaway suggestion that you only talked to your friends about.


Or perhaps it’s even closer to home. Your inbox, for example.  


It’s scary to think that your email app may be spying on you, and that there’s big money to be made in selling on the contents of your inbox to data-hungry commercial concerns! Just last year, in fact, Vice revealed that popular email provider Edison was raking its users’ inboxes for its “Edison Trends” and “Trends Direct” programs. Programs that provide “detailed behavior patterns to improve your customers’ experience and business results.”


Pretty scary stuff.


However, Edison was not alone in its questionable data policies. There are plenty of other companies out there looking to cash in on your data. Let’s take a look at some that might surprise you.



Which Email Providers Share User Data?

In terms of actual email providers, there are two that still openly scrape emails for targeted advertisement. 



As of early 2020, Yahoo! Mail had about 225 million users – all of whom are open to email scanning for targeted ads. In 2018, Yahoo! Mail’s parent company made it very clear that they would continue to scan users’ inboxes for data for targeted ads, despite others in the tech world bringing the practice to an end. 


As Yahoo’s Terms of Service say: 


“By using and benefitting from Yahoo’s Services you recognize that personalization lies at the core of many of our services. We can only provide many of these Services by using your personal data to provide personalized content and ads.”


And in the Yahoo Privacy Policy, from September 2021: 


“Yahoo analyzes and stores all communications content, including email content from incoming and outgoing mail.”



AOL Mail

Incredibly, there are still more than 1.5 million users of AOL Mail in the United States, despite it being one of the first providers around. Unfortunately, those users are all open to targeted advertisements based on the content of their emails. 


AOL Mail, just like Yahoo! Mail, is controlled by Oath, the media division of Verizon, and is thus subject to the same Terms of Service and Privacy Policy quoted above. 



It’s the Apps to Watch Out For

Google stopped scanning users’ emails for ad-related purposes back in 2017. However, just a year later, it was reported that Google still allowed third-party apps to scan your emails and share that data with others that they deem fit. 


And this is where a lot of the problems are. Just like Edison was caught out in 2020, there are plenty of other email apps (clients, extensions, etc.) out there just waiting to exploit the loopholes in major email providers’ terms of services to get your data. To make matters worse, terms of service and privacy policies are often so dense and complicated that it can be hard to know if a company is using your data for marketing or not.


For example, Trello is an extremely popular productivity app that also offers a Gmail extension. However, in order to use the extension, you have to agree to their privacy policy, which gives them the right to “collect and store content that you post, send, receive and share” through any of their products – does this include emails running through the Gmail add on? A big part of their data use is intended to “market, promote and drive engagement with” their services. 


Sometimes, you might not even know that an add-on service is getting your information. Doist, for example, which also offers a Gmail add on, informs users that they should get “permission from [their] co-workers or friends before sharing Information referring to [their] co-workers or friends with” the company, because “if you choose to share and collaborate on a task with your co-workers or friends, [doist] will collect the email address of your co-workers or friends.”


It makes sense, but it’s still kind of creepy. And let’s be fair, who is checking privacy policies to make sure they’re not accidentally adding their friends to some database?


It must be made very clear that not all data is collected for ads. There is plenty collected for legitimate reasons, such as scanning for spam. However, this can still leave you open to potential security issues, especially when third-party apps store private messages. 




But if They Aren’t Selling The Data, What’s the Problem?

It’s not only intentional data selling that is of concern. While the email provider or app might “only” be gathering up data for their internal use (such as improvements), this can still all to easily fall into less benevolent hands in a data breach – something that happens a surprising amount. 


There have been numerous data breaches in the past couple of years alone, and these aren’t rinky-dink websites or blogs. They’re some of the biggest names in the tech world. For example, in 2020: 


  • Over 250 million Microsoft customer records were exposed online, including email addresses, IP addresses, and other details related to support case analytics. 
  • More than 267 million Facebook profiles (most of whom were from the USA) went up for sale on the dark web. The information included full names, phone numbers, and unique Facebook IDs for many of the accounts.
  • Early in the year, attackers could breach more than half a million Zoom accounts. 
  • Nintendo reported a breach that affected 300,000 accounts, giving the attackers access to payment services linked to the accounts, such as credit cards and PayPal. The attackers then used these to make fraudulent payments. 
  • Twitter suffered an attack that breached numerous prominent accounts such as Kanye West, Elon Musk, and Obama. The attackers then successfully tweeted out requests for Bitcoin as well as accessed the private messages of some of the accounts. 


And 2021 is set to be a record-breaker in terms of data breaches, with more reported by October than happened in the whole of 2020. And these have included some big names, such as: 


  • 700 million LinkedIn users’ personal data were going up for sale online. 
  • Email accounts of at least 30,000 organizations across the United States from Microsoft Exchange.
  • The names, mailing addresses, email addresses, and phone numbers of 3.3 million Volkswagen and Audi customers.
  • 12.3 million records from men’s clothing store Bonobos, including addresses and partial credit card records.
  • Almost the entirety of Twitch’s codebase was breached, including payout reports for creators and proprietary code.


And this is just the tip of the iceberg, with 1,291 breaches so far this year, as of October. All of this to say, if you’re data is being scraped and stored – even by companies you trust – it is still vulnerable to attack. 


When you aren’t sure about a company’s data policy, or it’s just too hard to check, then there is a simple question to remember.



Are You the Customer… or the Product?

How much data are you willing to trade to access a free service? Does your email provider really believe in its product, or is it merely an opportunity to monetize your data?  

Moreover, in a world where our every online movement is tracked and the data traded for billions of dollars, are you, in fact, the consumer or the product?

In truth, there is usually some trade-off when you use free services, and your data is the main currency in today’s eCommerce-centric world. However, the balance is very quickly tipping in favor of the Big Four and the countless startups and satellite services that surround them. There’s no escaping it—you are the product, and your data will be sold under the guise of “improved user experience.” 


But here at Spike, we like to think of you as…well……customers—trusted, valued, and working with us to build something truly special. In return, we want you to know that you can trust us, and that we’d never profit from silly little things like your Amazon shopping list or your Victoria’s Secret receipts.


Spike takes a wholly different approach to your data and your privacy—and we might be among the last email providers you can really trust!



Spike is All About Email (Not Data Harvesting)

Let’s be crystal clear: Spike doesn’t care about what you buy. We couldn’t care less about which websites you spend the most time on, and we’re definitely not interested in which services and apps you’re signed up to. If you’re president of the Britney Spears fan club, then that’s on you my friend—but you can relax, Spike will never know about it anyway!  


What we do care about is your privacy, your anonymity, and your security. 

We have not, do not, and NEVER will sell or monetize your data.

We’re not concerned with tracking trends, purchasing patterns, newsletter subscriptions, or media outlet affiliations. We’re not interested in your Netflix viewing habits, your Spotify playlists, or your Instagram feed updates.


In fact, we only care about one thing––reinventing email and the way you work, to bring you ALL of the tools you need to communicate and collaborate with the world. More than email. Better than chat. We’re making work enjoyable by simplifying and unifying your entire workflow. All in one beautiful and easy to use inbox that’s completely secure (so you never have to worry about people snooping as you nail that next world-beating idea).


With the exception of unobtrusive technical access to keep everything running smoothly, we store the minimum amount of data needed to make your experience as fast and smooth as possible. We use the AES-256 algorithm to secure all data, meaning you can speak and share freely, go about your business with complete security, and generally relax in the knowledge that all of your data is safe from snoopers.


Spike simply offers you a sleek, unified workspace with great collaboration tools, and we’re always working to make them better—nothing more. And we know we’ve got no business intruding on yours!



Spike is Built for Privacy (and We’ve got Proof)

email privacy


Security and privacy underpin everything we do at Spike. It’s our driving force, a mission that we take seriously, an ethos that is evident from the ground up. We will never sell on your data to pay for your services, and we don’t rely on ads to subsidize our work.

With Spike, you are the customer and never the product.

But don’t just take our word for it. The proof lies in our security standards. 


We passed a comprehensive audit required by Google from its third-party email developers, and with flying colors. Spike is and always will be transparent when it comes to your data and how it is handled. We also regularly perform penetration testing, using the insights gathered to continue to improve our security and privacy protocols.



Spike Loves Security (and We’re Still Innovating)

Today, email security is more important than ever. One of the key justifications for Edison’s data policy is that the revenue stream generated by your data is used to provide ad-free email that still delivers innovative services. Spike, however, does all this without profiting from your data. Spike CEO and Co-founder, Dvir Ben-Aroya asserts:


“Email by nature is a very personal asset, like a bank account, since it includes a lot of sensitive information that you want to keep for yourself. At Spike, we believe the privacy of these assets is critical to the health of your communications. Our never-ending dedication to providing you with the ability to work and communicate openly and with confidence that your data is protected means intrusive and damaging data mining practices will never be seen here. 


We believe in modern and fair business models that are based on bringing real value to the users. Spike offers free access to consumers, while businesses that find Spike significantly beneficial to their operations can subscribe to the Pro plan.”  


At Spike, we’re committed to the continuous development of our services to meet the demands of 21st-century communication. However, we’d never sacrifice your security to do that, and selling on your data to achieve our goals is never going to happen. 


For more insight into how we’re innovating and advancing email to give you all the tools you need to work and play safely and securely, head over to the Spike blog. Additionally, if you have any questions regarding our security policies, write us at, we’re always here for you. 


Updated 12/04/2021



As of 2021, many of the major email providers, such as Gmail, make it explicitly clear that they do not scrape the content of your emails for targeted ads or for sale. Two email providers, however, continue to retain the right to do so – Yahoo! Mail and AOL Mail, both owned by Verizon. 

Well, that depends on who you give it to. Ask yourself: are you the customer, or the product? Even if you think it is a safe company, there is still always the chance of a data breach, so better to keep it to yourself through encrypted communication. 

No! Never! Spike has security at its core and has an independent comprehensive security audit to prove it. Spike uses the AES-256 algorithm to secure all data and is only interested in delivering innovative email services. 


Spike Team
Spike Team The Spike team posts about productivity, time management, and the future of email, messaging and collaboration.

Gain Communication Clarity with Spike

You may also like

The Best Email Apps for Windows 11

The Microsoft mail app offers a number of useful features, but it’s not geared towards productivity. Is there a better alternative email client for Windows? We've compiled a roundup of the top Windows email clients.

Read More