Mailspring Data Collection

Mailspring requires that you create a Mailspring ID, but it’s almost entirely an offline mail client. Your email credentials, passwords, etc. are never sent to the cloud and all of your mail is synced on your local computer. Mailspring’s servers don’t collect or store any mail data or other metadata unnecessarily.

Mailspring connects to its servers via HTTPS / SSL at all times. Here’s a detailed breakdown of the information Mailspring sends to its own servers as you use the product:

  • The email address you use for your Mailspring ID and any information you explicitly add to your account, such as information you’d like to appear on your invoices.

  • The metadata (read receipts, snooze dates, reminder dates, etc.) you attach to emails using Mailspring’s features (eg: “snoozed until tomorrow”). For each email in your mailbox, Mailspring hashes the headers to create a unique ID, and it associates its own metadata with that ID—it does not send the messages, their headers, or other identifying message data to the cloud. Note that for open/link tracking, the stored metadata may contain encoded recipient email addresses because read receipt tracking is on a per-recipient basis.

  • Simple usage metrics that track how often you use each “Mailspring Pro” feature.

  • The headers, bodies and attachments of messages shared with Mailspring’s “Thread Sharing” feature. When you enable thread sharing, the messages in a specific thread are synced to the cloud so you can share the conversation via a public link.

  • The signature images you upload using the signature editor in Preferences > Signatures.

  • The activity reports you upload and share from the Activity tab in the left sidebar.

This data is all associated with your Mailspring ID. Having to create an ID to use the app is a bit of a pain, but this process ensures that everything transferred to Mailspring’s servers is associated with an account you can control. You can delete your account and all related data by visiting https://id.getmailspring.com/

Third Party Tools

The Mailspring desktop application does not send usage analytics to third parties (Mixpanel, Segment, Google Analytics, etc.).

However, it does use:

  • Sentry to collect and triage errors that occur in the application
  • Stripe to securely process payments.
  • Basic, non-billing data stored with Stripe is additionally shared with Chartmogul, which provides a business metrics dashboard.

These third party services receive your email address and name and hold this data securely in accordance with their own policies.

Crash Reporting

When crashes occur in the JavaScript part of Mailspring, crash reports are sent to Sentry, which performs automatic anonymization of important fields. When crashes occur in the C++ part of Mailspring, crash data is sent to our servers over HTTPS where it is encrypted at rest so it can be analyzed later offline.


See also: Delete Mailspring ID and Data [GDPR]

You can read the full privacy policy here: Mailspring Privacy Policy.

MailSpring looks great, but why the need for all this server side data? Could you have a paid option where no account or data is transferred?

1 Like

This is already possible, if you don’t create a Mailspring Account on there initial setup.

Is it possible for this and the official privacy policy to be updated to be more explicit about what data is collected when Mailspring is used without an account?

Specifically, I’m looking for clarification on the following statements:

From above:

Mailspring connects to its servers via HTTPS / SSL at all times.

From the privacy policy:

If you download and install the App, you’ll link one or more email accounts you want to access through the app. The addresses of the email accounts you link (eg: “bengotow@getmailspring.com”) will be sent to our servers…

and

Mailspring includes an optional feature that displays the contact information of people you email in the right sidebar of the application. Enabling this feature sends the email address of the person(s) in the messages you view to our servers so that we can provide expanded contact details.

Thanks

1 Like

The contacts feature is a Pro (i.e. subscription) feature. So, you won’t have this enabled unless you’ve taken out a sub.

As to sending the email addresses of connected accounts to their server, it says that it’s done so I’d assume that it is. If you have no Mailspring ID (like me), it obviously can’t be connected to a nonexistent ID.

Mailsping looks good visually but there just remain question marks about what actually happens to your credentials, emails and contacts etc when using Mailsping.

Would someone at Mailspring please clearly articulate what exactly is sent to the Mailspring servers when an account is created, without a Mailspring ID, and with a Mailsping ID.

Also, even without a Mailspring ID created, what features will share or send data to Mailspring servers?

What is stored locally on the user device and what is stored on the Mailspring side?
Why is the Non Mailspring ID option not just a pure device to email server connection?

But they still collect something every time you use Mailsping, they elude to this type of behavior in their Privacy Policy but it’s not clear exactly what they do and when they do it.

What does uploading an activity report mean exactly? How is this upload initiated?

Is it possible to completely disable activity activity-tracking & activity reports entirely (even locally) so that it isn’t recorded at all?