Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Access data at risk when using mail apps – as of 2025

Microsoft / Outlook App

Microsoft provides an Outlook app for iOS and Android that can also use IMAP accounts such as mailbox, including contacts and calendars.

In contrast to other mobile mail clients such as K-9 Mail or FairEmail, when using a mailbox account with the Outlook app it does not connect directly to our mail servers, but instead stores your login credentials in the Microsoft Cloud and “delegates” the service of retrieving and sending your mails as well as managing your contacts and calendars to Microsoft’s cloud service. The Microsoft cloud service retrieves your mails and stores them, and the attachments are also stored unencrypted in a cloud drive. Only afterwards are the data available on your smartphone. The same applies to calendars and contacts.

Privacy Policy Outlook for iOS & Android (excerpt, 2015):
“Email Credentials. We collect and process your email address and credentials to provide you the Service.
Email Data. We collect and process your email messages and associated content … Your email data may contain messages, address book, contact information, message attachments and calendar information.”

In more recent versions, Microsoft no longer refers to individual apps but describes data collection in general terms:

“The data we collect depends on the context of your interactions with Microsoft and the choices you make (including your privacy settings), the products and features you use, your location, and applicable law.”
Among the data collected are credentials, i.e. passwords and similar authentication information. (Microsoft Privacy Statement)

This behavior compromises the confidentiality and security of your data, especially in professional contexts. Therefore, various organizations have prohibited the use of the Outlook app in business environments or have blocked access to the Microsoft Cloud.
The Swiss Federal Institute of Technology Lausanne warned against using the app. The IT Department of the EU Parliament (DG ITEC) also warned its employees:

“Please do not install this application, … the apps will send password information to Microsoft without permission and will store emails in a third-party cloud service over which the Parliament has no control.”

Recent analyses (2023–2025) also indicate that Microsoft Outlook increasingly functions as a data collection service and that when using third-party accounts (IMAP/SMTP), credentials are transmitted to Microsoft servers. (Proton Blog)

Spark Email

The Spark app also requires your login credentials, which are then stored on the provider’s servers. As of 2025, the following points emerge from the privacy policy and additional information:

  • Spark states that the data are used to provide the mail service (retrieval, sending, notifications, additional features). (Spark Privacy)
  • Spark emphasizes that user data are not sold. (Readdle Support)
  • For the Spark +AI feature, Spark states that contents are transmitted in encrypted form. Data sent to Azure OpenAI are not used for training and are retained for a maximum of 30 days. (Spark AI Security)
  • Users can request export or deletion of their data under GDPR/CCPA. (Readdle Support)
  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe