Hacker News new | past | comments | ask | show | jobs | submit login

Yes, they do. It's why I don't use them.

Source: https://sparkmailapp.com/privacy

> Accounts are added to Spark through OAuth where possible. Where OAuth is not supported we keep your account username and password on our secure servers. We then use the authorization provided to download your emails to our virtual servers and push to your device. We use Amazon Web Services (AWS) infrastructure to store your data. Apart from the AWS' security policies we take a number of measures to ensure that your data is never read by anyone else. We ensure that all transmission is secured with HTTPS so that no one else can access your data. Your account credentials are stored on secure cloud-based servers using asymmetric encryption.

I may be wrong, but that seems like the only way to provide push notifications. I guess that's the trade-off.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact