We leverage data generated by our customers’ use of SparkPost (called “exhaust data”) in order to provide better email results across our customer base. Our customer’s trust is paramount and everything we do is brand safe and built with privacy by design. This document provides details about how we use your data and exhaust data while keeping your recipients and your brand safe. If you have further questions I’m happy to discuss this with you personally, please get in touch with me here.
-Charlie Reverte, Chief Product Officer
Table of Contents
Is my data visible to other customers?
Can my company opt-out of sharing data?
What do you mean by “brand safe?”
What do you mean by “privacy by design?”
What are examples of exhaust data?
Why are you using my data?
At SparkPost we’re on a mission to help you achieve the best possible email engagement and deliverability. We believe the way to do that is by optimizing our delivery and analytics with data, and at a much greater scale than you can access on your own. So we power our products with email exhaust data like bounces, opens, and pseudonymized (hashed) email address from your sending and the sending of other customers. For example, the SparkPost Signals Health Score uses data from thousands of other senders to predict your future engagement rates, and our Recipient Validation is powered by our global bounce data so we can help you filter out known bad addresses before they hurt your reputation. And this is just the start – we have an exciting optimization roadmap ahead. As the world’s largest email sender, our unmatched data footprint can give you better email ROI than anyone else in the market.
What data are you using?
We use exhaust data and pseudonymized email address to power products that we bring to you and other SparkPost customers. We DO NOT use any data that is associated with your brand, customer interests, commercial behavior, or inferred demographics. We also DO NOT use the personal data of EU Data Subjects under GDPR. The table below summarizes the details of the data types we use to power products for all customers:
| Data Type | Examples | Used? |
| Routing, delivery, and engagement data | When emails are delivered, opened, clicked, unsubscribed, bounced, marked as spam | Yes |
| Pseudonymized (hashed) recipient email address | kSCZGbUPIDQNRjZxymBo0UYpRSo= | Yes |
| GeoIP and user agent | Columbia, Maryland, USA, Google Chrome, iOS 12.2, iPhone X | Yes |
| Message attribute data such as type, tone, length, layout | A message was transactional, playful, long, or contained images | Yes |
| Raw email data | Sender email address, recipient email address, subject line, message body | No |
| Brand affinity or purchasing behavior | A recipient drinks soda from a particular brand | No |
| Recipient’s specific interests | A recipient is a frequent traveler | No |
| Inferred demographics | A recipient is male | No |
| Any identifiers of customer as a source of the data | This data is from “Customer.com” | No |
| Offline & personal data onboarding | LiveRamp-like services or setting third-party cookies on your recipients | No |
| Personal data of EU data subjects | EU recipient email addresses | No |
How do you use my data?
Our usage of your data falls into two categories. The first category is “first-party usage,” whereby we use data in ways that only you can access, for example providing you with delivery analytics. The second category is “third-party usage,” whereby us we use your data in combination with data from other customers to power products that benefit everyone, for example the Signals Health Score and Recipient Validation. It is important to reiterate that for third-party usage of your data, we ONLY use your exhaust data and pseudonymized (hashed) email address. The table below summarizes the details of our third-party data usage:
| Usage | Examples | Permitted? |
| Aggregate research statistics | Publishing an industry benchmarking guide, providing benchmark scoring | Yes |
| Optimizing delivery, engagement, and conversion of your and other customers’ emails | Sending an email at a time the recipient is most likely to open, suppressing an email based on a recipient’s likelihood to complain or unsubscribe, sending a playful variant of an email rather than a serious variant | Yes |
| Internal business purposes | Data science, creating new analytics and optimization functionality, measuring product usage | Yes |
| Commercial / interest / demographic targeting | Allowing customers to target emails based on recipient purchase behavior, engagement with emails about shoes, men age 23-35 | No |
| Sold to 3rd parties | Selling log files or providing direct access to the data | No |
| Paid media targeting / re-targeting | Helping other customers target your users with ads | No |
Do you sell my data?
No. SparkPost is an email intelligence platform. We are not in the business of selling data to third parties, data licensing, or setting cookies. We also do not use your data for our own marketing purposes.
Is my data visible to other customers?
No. We never expose your data or your exhaust data. This data is only used to train our machine learning models and power our algorithms – the data works “behind-the-scenes.”
Can my company opt-out of sharing data?
No. It’s important that all of our customers contribute to achieve maximum benefit from data-powered products. SparkPost delivers email at a much greater scale than any individual sender and in exchange for your contribution, you benefit from the data of thousands of other senders. Together, we will drive huge lift on your open and click rates. If you have further concerns we’re happy to discuss them with you, please reach out to us, here.
What do you mean by “brand safe?”
We will never use your data in a way that compromises your business or the brand and audience that you’ve worked hard to build. Your competitors will not be able to see or target your users, or leverage any data about their interests and behavior that is proprietary to your business. This is why we limit our data usage to “email exhaust” and focus on generic email interaction. We will also never identify your business as the source of particular data or sell your exhaust data directly to others. Your data will only be used in ways where it is blended with the data of many other customers and disconnected from your brand.
What do you mean by “privacy by design?”
Privacy by design means we integrate data protection into the design and implementation of our products, rather than it being an afterthought. Security is baked into our systems, services, and business practices to ensure the full lifecycle protection of your data. As a testament to our commitment to security and privacy, SparkPost is SOCII Type 2 certified. And of course, SparkPost will comply with all applicable data protection laws and will assist you in doing so as well.
Are you GDPR compliant?
Yes. We are GDPR-compliant and we do not use the personal data of EU data subjects (including pseudonymized email address or IP address) for third-party usage.
What are examples of exhaust data?
| Data Attribute | Description | Example Value | First-party Usage | Third-party Usage |
| accept_language | Language(s) accepted by the recipient during an engagement event | en-us | Yes | Yes |
| msg_size | Size of message | 1337 | Yes | Yes |
| raw_reason | Raw bounce/delay reason from the recipient’s domain | noSuchUser bj6si22015798plb.379 – gsmtp | Yes | Yes |
| transactional | Was the email self-identified as transactional | TRUE | Yes | Yes |
| tdate | Timestamp for an email event (e.g., sent, open, click) | 2019-04-30 11:42:29 | Yes | Yes |
| user_agent | User-agent identified by the recipient at time of engagement | Mozilla/5.0 (Linux; Android 8.0.0; ANE-LX1) | Yes | Yes |
| message_tone | SparkPost-derived attribute via natural language processing | playful | Yes | Yes |
| rcpt_to_hash | A hashed version of the recipient’s address | kSCZGbUPIDQNRjZxkmRo0UYpRSo= | Yes | Yes, so long as not EU recipient |
| geo_ip | GeoIP inferred from recipient IP address during engagement event | {country=US, region=CA, city=Sunnyvale} | Yes | Yes, so long as not EU recipient |
| ip_address | Recipient’s IP address | 123.123.123.123 | Yes | No |
| friendly_from | Raw sender email address | bob@bobsburgers.com | Yes | No |
| rcpt_to | Raw recipient email address | sparky@sparkpost.com | Yes | No |
| subject | Raw email subject line | Your SparkPost Receipt | Yes | No |
| message_content | Raw email body | Hello World! It’s nice to meet you. Sincerely, SparkPost | Yes | No |
A complete list of current Event types and included data attributes can be found on our Events API documentation.