Privacy

1. Your Privacy Explained

In compliance with UK and European data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website and use our Recite Service.

We regularly review our privacy policy for applicability and appropriateness therefore this policy may change occasionally.

At 4cite Labs*, as a data controller, we are committed to processing our customers' personal information in ways that comply with our legal and regulatory obligations and are clear with customers about what we do with your personal information.

Our company number is 13969441, and our registered office address is Business Innovation Centre, Harry Weston Road, Coventry, England, CV3 2TX. We are registered with the ICO as a data controller, registration number ZB325208.

2. How We Collect Data

We may collect personal information which we receive when:

You use our website.
You use our services.
You contact us.

We collect the following types of information when you use our Recite service:

Your name and email address.
Type of user, country of residence, institution (if you choose to give us this information).
Information required to provide you with a service, and details of our services that you have used.

To use the Recite service, you must provide certain information (such as your email address via Google Login). If you choose not to provide this information, we will be unable to create an account or provide the service.

You may be required to supply payment information such as credit or debit card details when using the paid version of the Recite service. This information is processed by a 3rd party clearing company, "Paddle." You can find more information on our use of 3rd parties under the section: 3rd Party Processing and the use of Intermediaries.

For users on paid plans, we may send payment related emails (eg. subscription renewal), either directly, or via Paddle, in order that we can effectively service your paid membership.

3. What Data Do We Collect?

Login to the Recite service is processed via your Google Account. When you login to our site for the first time we store your name and email address to create a profile. All authentication is performed by Google Accounts and therefore we do not store any password information.

Children's data

Our service is not intended for children under 13. We do not knowingly collect or process personal data relating to children under 13 without the consent of a parent or legal guardian. If we become aware that personal data relating to a child under 13 has been provided to us without appropriate consent, we will delete it as soon as reasonably practicable. Users aged 13 or over may use the service via a Google Account, but should do so with the permission of a parent or guardian if required under local laws.

4. How We Use Your Data

Under the Data Protection laws, the lawful bases we rely on for processing this information are:

Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us.
We have a contractual obligation.
We have a legal obligation.
We have a vital interest.
We need it to perform a public task.
We have a legitimate interest.

In the course of providing the service, your files are transferred to and stored on our servers, where they are processed. We do not read, look into, share, or mine any data or metadata from your uploaded files. All file processing is done by an automated process that excludes human engagement with your files. Uploaded files (including pasted text) are fully encrypted at rest and removed from our webservers within 36 hours. You may request the deletion of your files at any time via our Contact Us page.

In the "your details" form on the website, after log-in, you can opt to provide us with your: first name, last name, country, type of use and institution. There is also an option to consent to marketing communications (tick box). These emails may include but are not limited to; information about new features or enhancements to the website; news about offers; updates; and tips and tricks on academic writing. We do not use any data we collect for marketing purposes without your aforementioned consent.

You can view and update your details via this form (when logged in). If you wish to remove them completely please contact us via our Contact Us page.

We will not sell, trade or give away any data we collect from you to a third party without your permission. Any emails you receive from us will always include an opt-out option which you can click at any time.

Where we rely on legitimate interests, these interests include improving and operating our service, ensuring network and information security, and providing customer support.

5. 3rd Party Processing and the use of Intermediaries

We pass your information to a very limited number of third parties for the following reasons:

To deliver the services you have requested from us.
To deliver services that we have a legal obligation to provide to you, to ensure continuity of our service, and to ensure your services are delivered as you expect.
For legal or regulatory purposes including the detection of crime and fraud prevention.
If we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.

We use third party organisations to help us administer and monitor the services we provide, these are explained below:

Third Country (non-EU / non-EEA / International organisation)	Purpose of processing	Safeguards in place and further information
Cloud Convert (Hosted in the EU)	File format conversion	Adequacy agreement UK-EU Privacy policy available here
Paddle (Hosted in EU and US)	Payment processing service provider and Merchant of Record	Standard Contractual Clause Privacy policy available here
Google Account (Hosted in the US)	Required to create a user profile and facilitate authentication	UK Extension to the EU-US Data Privacy Framework Privacy policy available here
Dropbox (Hosted in the US)	Backup intermediary (information is not retained in Dropbox)	UK Extension to the EU-US Data Privacy Framework Privacy policy available here
Cloudflare	Traffic management and security	UK Extension to the EU-US Data Privacy Framework Privacy policy available here
MailerLite (Hosted in the EU)	Email mailing list management (for those opted-in)	UK Extension to the EU-US Data Privacy Framework More information can be found here
Postmark	Email management	UK Extension to the EU-US Data Privacy Framework via ActiveCampaign LLC More information can be found here

Except as provided in this policy, the data that we collect on our site will not be transmitted to a 3rd party without your express permission. Meaning, that we will not, and do not, mine your data for marketing purposes, nor disclose the details of your traffic to a third party, without your express permission.

In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will implement our breach management process and, where appropriate, endeavour to notify you within 72 hours of becoming aware of the incident. We will do this by informing you via the email address used to create your Recite profile.

International transfers

As detailed in the table above, there are times where your personal data may be transferred outside the UK. For example, where the services we provide to you involve parties in other countries, or where we have partners and service providers based outside of the UK, your personal data may be accessed or otherwise processed in other countries.

We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, on the basis of a decision by the UK Government where the UK Government has recognised that the country to which your data will be transferred ensures an adequate level of protection. In the case of transfers not recognised as adequate by the UK Government we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.

6. Security

We endeavour to ensure that any data we do collect from you remains secure and protected from being inappropriately or accidentally accessed, used, shared or destroyed, and/or lost.

We have several security measures built into our website and ensure regular updates which maintain our security. We have also chosen to partner with companies that share a similar ethos when it comes to security.

Google Accounts, as part of Google’s security measures, accounts are protected by one of the world’s most advanced and secure infrastructures. By default, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) connectivity is available for all Google customers. You can read more about Google security here.
Paddle: More than 3,000 software sellers trust Paddle with their data. Paddle are fully committed to data privacy and security, and have successfully completed a Service Organization Control (SOC) 2 Type 1 audit. You can read more about Paddle security here.
Dropbox is designed with multiple layers of protection, distributed across a scalable, secure infrastructure. Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES); Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and our servers. You can read more about Dropbox security here.
CloudConvert is committed to maintaining an extensive security program that includes both technical and organisational security measures. All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider. You can read more about CloudConvert security here.
CloudFlare is committed to protecting customers and their users by complying with a wide range of important security certifications. Explore our posture around ISO 27001:2013, ISO 27701:2019, PCI DSS 3.2.1, SOC 2 Type II, and others. You can read more about their security here.

All authentication is performed by Google Accounts and therefore we do not store any password information.

Although we have taken the necessary steps to ensure a secure service environment, the internet is inherently insecure, so always be alert for possible cyber security dangers. Note that we will never contact you requesting any personal information.

We may disclose Customer Information where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our terms and conditions of use or may be causing injury or interference with our rights, property, our customers or anyone who could be harmed by such activities. We may also disclose customer information when we believe, in good faith, that the law requires it and for administrative and other purposes necessary to maintain services and improve our products and services.

7. Deactivation or deletion of your account

Although we are sad to see you go, you may delete your account by contacting us via our Contact Us page and we will delete your account on your behalf. We may ask you to verify your identity before responding to a request to delete an account.

8. How long we keep your data

Data here refers to any identifiable information that we collect from you via our website and your use of the Recite service (excludes uploaded documents).

We will only retain your data for as long as necessary to fulfil the purposes we collected it for.

The table below details how we retain your data:
Interaction with our service	Data removed after
You sign in, but take no further interaction	6 months*
You run our demo (while logged in)	6 months*
You upload a document in an unsupported format (no usable results)	6 months* (documents are removed within 36 hours)
You upload a document in a supported format (with usable results)	3 years* (documents are removed within 36 hours)
You supply additional (optional) information (user type, country etc.)	3 years*
You subscribe to our mailing list (via optional information form)	3 years*
You pay for additional features or to remove restrictions	3 years*^
Uploaded documents are never stored unencrypted, and are removed within 36 hours

* From last recorded action (login, upload, payment period ends, update optional information etc.)

^ For legal/compliance reasons, we may need to store transaction data for longer, but where possible we will remove any personal identifiable data.

9. Website cookies

Our site uses cookies to enable us to track traffic patterns to our website and for system administration. A cookie is a small text file that your browser creates and is stored on your computer.

We use two types of cookies – functional and analytical. Functional cookies are required to allow the website to work, for example, helping you to logon to the Recite system. Analytical cookies allow us to gather data to understand whether the website is functioning correctly.

The cookies we use are as follows:
Cookie name	Cookie category	Cookie author	Cookie purpose	Cookie duration
_ga	Analytics	Google	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.	2 Years
_ga_#	Analytics	Google	Used by Google Analytics to collect data on the number of times a user has visited the website	2 Years
_gat	Analytics	Google	Google uses this cookie to throttle the request rate.	1 day
_gid	Analytics	Google	This cookie is installed by Google Analytics. The cookie is used to generate statistical data on how the visitor uses the website	1 day

We use Google Analytics to store information about how visitors use our website. This information helps us determine what improvements we can make to give visitors a better user experience. Google Analytics is a third-party information storage system by Google that records information about the pages you visit, the length of time you spend on a specific page and the website in general. It also helps us understand how you arrived at the site which helps us to understand how our SEO is performing.

You can opt out of Google analytics by installing the Google Analytics Opt-Out Browser Add In; you can find more information on this feature here.

You can deactivate cookies at any time, please refer to your browser's help pages for instructions.

To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

10. Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your rights in relation to automated decision making & profiling - As a matter of principle, you have the right not to be subject to a decision based solely on automated processing, including profiling. However, we may automate such a decision if it is necessary for the entering into or performance of a contract between us, authorised by law or regulation or if you have given your explicit consent.

You are not usually required to pay any charge for exercising your rights. If you make a request, we have a calendar month to respond to you.

Please contact us if you wish to make a request.

California Consumer Privacy Act (CCPA)

As the Recite tool is available globally, consumers permanently residing in California are protected by the rights offered by the CCPA, which concerns the control of the users personal information. The following explains how we manage data for Recite users based in California:

Right to know
A consumer has the right to know what personal data has been collected, used, shared or sold about them and why the data has been used. This information has been outlined in this privacy policy and we will provide this information for the past 12 months, if requested, as per the CCPA.
Right to delete
You have the right to request the deletion of your personal information. Should you wish to exercise this right, the relevant contact details can be found in the ‘Our Contact Details’ section below.
Right to Opt-Out
A consumer has the right to ‘opt-out’ of the sale of their personal information by the business. We can confirm we do not share or sell your personal information to any third parties, other than already outlined within this privacy policy.
Right to Non-Discrimination
If you chose to exercise a right either under the GDPR or CCPA, we will not engage in any discriminatory actions against you for exercising these rights.
Your Personal Information and what we do with it
This privacy policy outlines what personal data we collect from you, how we use it, what we do with it and whom we share it with, as well as where we have sourced it from and the business purpose for collecting and processing the data. Please see the relevant sections above for more information. This also outlines the information that has been collected from you within the last 12 months.

Our Contact Details:

4cite Labs Ltd,
Business Innovation Centre,
Harry Weston Rd,
Coventry,
England,
CV3 2TX
Email: [email protected]
ICO registration number: ZB325208

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

11. Links

This web site contains links to other websites. Please note that when you click on one of these links, you are 'clicking' to another website and will leave this page. We encourage you to read the privacy statements of these linked sites as their privacy policy may differ from ours.

This privacy policy was last updated: 28 January 2026.

*previously a trading name of M69 Limited