Frequently Asked Questions
Part of the beauty of Spike is that it’s built right on top of your existing email. We ask you to log in with your email account in order to enable you to send and receive emails via Spike. Spike does not store passwords for accounts that support OAuth, such as Gmail. Your Spike account is also protected by the same security protocols that protect your Gmail, Outlook, or IMAP email account. Accounts from email providers that don’t support OAuth are protected with AES-256 encryption.
We ask for permission to connect to your email account so you can use your email via Spike. We do not store passwords for Gmail accounts since we authenticate that connection via the OAuth protocol. This means that your account on Spike has the same industry-leading login security as your Google account. If you want, you can add 2-factor authentication via Google. If your email account does not support OAuth, then your password is encrypted. We employ the strictest security procedures so no one, not even Spike employees, have access to the password.
We receive the information you share with us, such as your email address, authentication and refresh tokens. These allow Spike to complete the tasks you ask for, such as undo send, snoozing that email, or moving messages into folders you designate.
Spike does not rent, sell, distribute or monetize on your data. To anyone.
There are no ads on Spike.
Any non-personal data we may receive, such as IP address, geolocation, device type, or how often you use your favorite Spike features, may be used to improve the quality and efficiency of our service.
We may use your email to communicate with you. For example, we may send you tips on using Spike, new features we’ve launched, or to provide you with excellent support for your requests. If you don’t wish to receive communication from us, simply select “unsubscribe” at the bottom of the messages we’ve sent you (for each email account). You can find more help on how to unsubscribe here.
Spike requests access to your account so you can do the following:
- Email password: This gives you the ability to send, receive, and compose emails via Spike. Once connected you can start reaping the benefits of Conversational email, and easily chat with your existing email account. You’ll also get access to all of Spike’s powerful features, such as Send Later, Undo Send, RSVP directly within your messages.
- Contacts: Easily connect with your existing contacts, quickly search for them and see their pictures.
- Manage your calendars: Spike gives you access to your calendar from your workspace – removing the need to switch between workplace apps. Quickly set up meetings and RSVP to invites directly from your message feed.
- Storage/Cloud: Attach any file from the Cloud in just a click, directly from the message you’re composing.
- Camera and Microphone: Start a video or voice call directly from Spike. When typing just gets to be too much (we know the struggle), just record a voice note and send that instead.
- Location: Grant location access in order to be able to share your location with any contact. Need to send an address? Share your location instead of typing the address and attaching a map…yawn.
- Face ID (iOS)/Fingerprint (Android or devices with biometric recognition) – For that added layer of protection when you want it.
*Granting permission is not mandatory to use Spike! However, without them, you won’t be able to get access to many features, so they’ll be disabled.
We treat all data with the highest sensitivity and security to ensure that user data is protected. We protect your data from the moment you enter Spike. From login to encrypting data sent and received over Spike, we take extra measures to make sure no one can access your data. We work closely with our engineering, product, security and legal teams to ensure that you enjoy top-notch privacy, security, and data protection.
Data is stored using the AES-256 algorithm, with a per-message private key. In addition, we apply software patches on a regular basis and have periodic external security audits by third parties to ensure compliance.
We also offer an extra level of protection for Spike users. Spike users can activate Spike’s EEM (encrypted email messaging) by quickly toggling the encryption icon, and the message can be viewed by the recipient ONLY. Messages are seamlessly visible to all (intended) Spike users and just a tap away for non-Spike users. Spike EEM works by creating a per-message encryption key and splitting the key between Spike and your email provider, so no one can view your message. Not even your email provider.
Our security team investigates all reported security issues. If you think you have found a bug, vulnerability or want to report an issue, please contact Spike’s security team at firstname.lastname@example.org.
We do. Read more about our Bug Bounty program.
If you are a security researcher and would like to submit your report to our please send the report with all the relevant details to email@example.com.