1. Your Privacy Explained
At 4cite Labs*, as a data controller we are committed to processing our customers personal information in ways that comply with its legal and regulatory obligations and are clear with customers about what we do with your personal information.
2. How We Collect Data
We may collect personal information which we receive when:
- You use our website.
- You use our services.
- You contact us.
We collect the following types of information when you use our Recite service:
- Your name and email address.
- Type of user, country of residence, institution (if you choose to give us this information).
- Information required to provide you with a service, and details of our services that you have used.
You may be required to supply payment information such as credit or debit card details when using the paid version of the Recite service. This information is processed by a 3rd party clearing company, "Paddle." You can find more information on our use of 3rd parties under the section: 3rd Party Processing and the use of Intermediaries.
For users on paid plans, we may send payment related emails (eg. subscription renewal), either directly, or via Paddle, in order that we can effectively service your paid membership.
3. What Data Do We Collect?
Login to the Recite service is processed via your Google Account. When you login to our site for the first time we store your name and email address to create a profile. All authentication is performed by Google Accounts and therefore we do not store any password information.
4. How We Use Your Data
Under the Data Protection laws, the lawful bases we rely on for processing this information are:
- Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us.
- We have a contractual obligation.
- We have a legal obligation.
- We have a vital interest.
- We need it to perform a public task.
- We have a legitimate interest.
In the course of providing the service, your files are transferred to and stored on our servers, where the are processed. We do not read, look into, share, or mine any data or metadata from your uploaded files. All file processing is done by an automated process that excludes human engagement with your files. Uploaded files (including pasted text) are fully encrypted at rest and removed from our webservers within 36 hours. These files are subsequently stored in an offline location for use in research and development of our systems and to allow us to debug and improve the product for our users. You may request the deletion of your files at any time via our Contact Us page.
In the "your details" form on the website, after log-in, you can opt to provide us with your: first name, last name, country, type of use and institution. There is also an option to consent to marketing communications (tick box). These emails may include but are not limited to; information about new features or enhancements to the website; news about offers; updates; and tips and tricks on academic writing. We do not use any data we collect for marketing purposes without your aforementioned consent.
You can view and update your details via this form (when logged in). If you wish to remove them completely please contact us via our Contact Us page.
We will not sell, trade or give away any data we collect from you to a third party without your permission. Any emails you receive from us will always include an opt-out option which you can click at any time.
5. 3rd Party Processing and the use of Intermediaries
We pass your information to a very limited number of third parties for the following reasons:
- To deliver the services you have requested from us.
- To deliver services that we have a legal obligation to provide to you, to ensure continuity of our service, and to ensure your services are delivered as you expect.
- For legal or regulatory purposes including the detection of crime and fraud prevention.
- If we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.
We use third party organisations to help us administer and monitor the services we provide, these are explained below:
(non-EU / non-EEA / International organisation)
|Purpose of processing||Safeguards in place and further information|
(Hosted in the EU)
|File format conversion||
Adequacy agreement UK-EU
(Hosted in EU and US)
|Payment processing service provider and Merchant of Record||
Standard Contractual Clause
(Hosted in the US)
|Required to create a user profile and facilitate authentication||
Standard Contractual Clauses
(Hosted in the US)
|Backup intermediary (information is not retained in Dropbox)||
Standard Contract Clauses
|Cloudflare||Traffic management and security||
Standard Contract Clauses
Except as provided in this policy, the data that we collect on our site will not be transmitted to a 3rd party without your express permission. Meaning, that we will not, and do not, mine your data for marketing purposes, nor disclose the details of your traffic to a third party, without your express permission.
In the unlikely event that we, or one of our partners or suppliers, accidently compromise the confidentiality, integrity or availability of your data, then we will implement our breach management process and, where appropriate, endeavour to notify you within 72 hours of becoming aware of the incident. We will do this by informing you via the email address used to create your Recite profile.
We endeavour to ensure that any data we do collect from you remains secure and protected from being inappropriately or accidentally accessed, used, shared or destroyed, and/or lost.
We have several security measures built into our website and ensure regular updates which maintain our security. We have also chosen to partner with companies that share a similar ethos when it comes to security.
- Google Accounts, as part of Google’s security measures, accounts are protected by one of the world’s most advanced and secure infrastructures. By default, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) connectivity is available for all Google customers. You can read more about Google security here.
- Paddle: More than 3,000 software sellers trust Paddle with their data. Paddle are fully committed to data privacy and security, and have successfully completed a Service Organization Control (SOC) 2 Type 1 audit. You can read more about Paddle security here.
- Dropbox is designed with multiple layers of protection, distributed across a scalable, secure infrastructure. Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES); Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and our servers. You can read more about Dropbox security here.
- CloudConvert is committed to maintaining an extensive security program that includes both technical and organisational security measures. All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider. You can read more about CloudConvert security here.
- CloudFlare is committed to protecting customers and their users by complying with a wide range of important security certifications. Explore our posture around ISO 27001:2013, ISO 27701:2019, PCI DSS 3.2.1, SOC 2 Type II, and others. You can read more about their security here.
All authentication is performed by Google Accounts and therefore we do not store any password information.
Although we have taken the necessary steps to ensure a secure service environment, the internet is inherently insecure, so always be alert for possible cyber security dangers. Note that we will never contact you requesting any personal information.
We may disclose Customer Information where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our terms and conditions of use or may be causing injury or interference with our rights, property, our customers or anyone who could be harmed by such activities. We may also disclose customer information when we believe, in good faith, that the law requires it and for administrative and other purposes necessary to maintain services and improve our products and services.
7. Deactivation or deletion of your account
Although we are sad to see you go, you may delete your account by contacting us via our Contact Us page and we will delete your account on your behalf. We may ask you to verify your identity before responding to a request to delete an account.
8. How long we keep your data
We will only retain your data for as long as necessary to fulfil the purposes we collected it for. Once those purposes have been achieved then, unless a different purpose for processing your data arises, it will be permanently deleted.
9. Website cookies
We use two types of cookies – functional and analytical. Functional cookies are required to allow the website to work, for example, helping you to logon to the Recite system. Analytical cookies allow us to gather data to understand whether the website is functioning correctly.
The cookies we use are as follows:
|Cookie name||Cookie category||Cookie author||Cookie purpose||Cookie duration|
|_ga||Analytics||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 Years|
|_ga_#||Analytics||Used by Google Analytics to collect data on the number of times a user has visited the website||2 Years|
|_gat||Analytics||Google uses this cookie to throttle the request rate.||1 day|
|_gid||Analytics||This cookie is installed by Google Analytics. The cookie is used to generate statistical data on how the visitor uses the website||1 day|
We use Google Analytics to store information about how visitors use our website. This information helps us determine what improvements we can make to give visitors a better user experience. Google Analytics is a third-party information storage system by Google that records information about the pages you visit, the length of time you spend on a specific page and the website in general. It also helps us understand how you arrived at the site which helps us to understand how our SEO is performing.
You can opt out of Google analytics by installing the Google Analytics Opt-Out Browser Add In; you can find more information on this feature here.
You can deactivate cookies at any time, please refer to your browser's help pages for instructions.
To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
10. Queries Regarding Your Data
We take the management of your information very seriously. Please contact us if:
- You feel that any information which we may have about you is incorrect.
- You want to see what personal information we hold about you (and receive a copy).
- You have any queries regarding the accuracy or the processing of your data (including any misuse or unauthorised use).
- You want to withdraw your consent where any processing is based upon consent.
If you ever have any concerns that we are not processing your personal information in accordance with the law or have any queries regarding your data or wish us to remove or update any of your data, please contact us contact us via our Contact Us page or our postal address is: Business Innovation Centre, Harry Weston Road, Coventry, England, CV3 2TX
For more information on your rights, you can visit the ICO Website here.
Please note that we may ask you to verify your identity before responding to such requests.
*previously a trading name of M69 Limited