![](https://lemmy.world/pictrs/image/50c7de64-23f3-4778-b814-7132d2382a31.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
I could be misinformed, but this isn’t just limited to Spark as I understand it, I believe a lot (maybe all?) third-party clients do the same thing. They act as an intermediary between you and the server so they can deliver push notifications.
However, as I understand it, Spark’s privacy policy outlines that they don’t read/scan the contents of your emails, and the use of app-specific passwords rather than your email password ensures they only have access to emails and nothing else.
Pretty sure others such as Canary, Airmail, Edison, etc. all do/did the same thing, but it was the lack of clarity in Spark’s privacy policy that made them the main target for scrutiny. I think they’ve since cleared that up.
I could be mistaken, though.
I didn’t know they stored local copies — had a very, VERY quick skim through their privacy policy on their website and couldn’t see any reference to that (sure it’s there but I didn’t see it).
I’m not a Spark user btw, was just following the conversation. I use plain ol’ Apple Mail.