Security privacy

Your data is yours. Simple.

We believe privacy and security are essential to any conversation.
That’s why we do everything to protect your data and to create
a workspace you can trust.

  • Spike is ad-free and does not rent, sell, distribute or monetize on your data. To anyone. Ever.

  • Spike passed a security audit by an independent security evaluator (ISE)*

  • We store only the minimum data needed to provide the fastest communication and collaboration experience. Period.

  • Message data is encrypted using the AES-256 encryption.

We treat ALL data with the highest level of security to ensure that it stays safe.

GCP Security Assessment

Penetration testing

Strict data privacy policies

Data encryption (AES-256 Algorithm)

Frequently Asked Questions

Part of the beauty of Spike is that it’s built right on top of your existing email. We ask you to log in with your email account in order to enable you to send and receive emails via Spike. Spike does not store passwords for accounts that support OAuth, such as Gmail. Your Spike account is also protected by the same security protocols that protect your Gmail, Outlook, or IMAP email account. Accounts from email providers that don’t support OAuth are protected with AES-256 encryption.

We ask for permission to connect to your email account so you can use your email via Spike. We do not store passwords for Gmail accounts since we authenticate that connection via the OAuth protocol. This means that your account on Spike has the same industry-leading login security as your Google account. If you want, you can add 2-factor authentication via Google. If your email account does not support OAuth, then your password is encrypted. We employ the strictest security procedures so no one, not even Spike employees, have access to the password. 

We receive the information you share with us, such as your email address, authentication and refresh tokens. These allow Spike to complete the tasks you ask for, such as undo send, snoozing that email, or moving messages into folders you designate.

Spike does not rent, sell, distribute or monetize on your data. To anyone. 

There are no ads on Spike.

Any non-personal data we may receive, such as IP address, geolocation, device type, or how often you use your favorite Spike features, may be used to improve the quality and efficiency of our service.

We may use your email to communicate with you. For example, we may send you tips on using Spike, new features we’ve launched, or to provide you with excellent support for your requests. If you don’t wish to receive communication from us, simply select “unsubscribe” at the bottom of the messages we’ve sent you (for each email account). You can find more help on how to unsubscribe here

Spike requests access to your account so you can do the following:

Email password: This gives you the ability to send, receive, and compose emails via Spike. Once connected you can start reaping the benefits of Conversational email, and easily chat with your existing email account. You’ll also get access to all of Spike’s powerful features, such as Send Later, Undo Send, RSVP directly within your messages.

Contacts: Easily connect with your existing contacts, quickly search for them and see their pictures. 

Manage your calendars: Spike gives you access to your calendar from your workspace – removing the need to switch between workplace apps. Quickly set up meetings and RSVP to invites directly from your message feed.

Storage/Cloud: Attach any file from the Cloud in just a click, directly from the message you’re composing.

Camera and Microphone: Start a video or voice call directly from Spike. When typing just gets to be too much (we know the struggle), just record a voice note and send that instead. 

Location: Grant location access in order to be able to share your location with any contact. Need to send an address? Share your location instead of typing the address and attaching a map…yawn.

Face ID (iOS)/Fingerprint (Android or devices with biometric recognition) – For that added layer of protection when you want it. 


*Granting permission is not mandatory to use Spike! However, without them, you won’t be able to get access to many features, so they’ll be disabled.

We treat all data with the highest sensitivity and security to ensure that user data is protected. We protect your data from the moment you enter Spike. From login to encrypting data sent and received over Spike, we take extra measures to make sure no one can access your data. We work closely with our engineering, product, security and legal teams to ensure that you enjoy top-notch privacy, security, and data protection. 

Data is stored using the AES-256 algorithm, with a per-message private key. In addition, we apply software patches on a regular basis and have periodic external security audits by third parties to ensure compliance.


Our security team investigates all reported security issues. If you think you have found a bug, vulnerability or want to report an issue, please contact Spike’s security team at


We do. Read more about our Bug Bounty program.

If you are a security researcher and would like to submit your report to our team, please send the report with all the relevant details to

* Spike was audited by independent security firm Bishop Fox

(Updated March 2022)