Last updated: July 12, 2025
Recito Reader ("Recito", "we", "us") is a modern research and reference management platform that combines intelligent paper discovery, an immersive reader, and powerful organization and citation tools. To power its discovery capabilities, Recito connects to an extensive network of open scholarly databases, including Semantic Scholar, OpenAlex, CORE, Europe PMC, Unpaywall, Elsevier, and CrossRef, that collectively index over 300 million unique academic works worldwide. This Privacy Policy explains what personal data we collect when you use Recito, why we collect it, how we protect it, and the rights you have regarding your data.
Short version: Your library is private by default. We do not sell your data, we do not run advertising, and we do not use your papers or annotations to train AI models. You control whether content is synced to our cloud storage as part of a paid plan.
This policy applies to personal data collected through Recito Reader and its websites. The data controller for Recito Reader is the company operating the service. For questions about data handling or to exercise your data rights, contact us at support@recitoreader.com.
Examples: email address, display name, account identifier, plan status, and billing references.
Examples: paper metadata you add, PDF files you upload (if you enable cloud backup), annotations and notes, reading position and preferences, folders, and tags. By default this data is stored in your browser (IndexedDB) and is not transmitted to our servers unless you enable account sync on a paid plan.
Recito includes a discovery engine that allows you to search across a broad network of open scholarly databases — collectively covering over 300 million unique academic works. When you use Discover or search by DOI or title, our servers query the following third-party academic data services on your behalf to find metadata, citation counts, and open-access PDF locations:
Your search query (DOI, title, or keyword) is transmitted to these services. These services have their own privacy policies which you can review at their respective websites. We do not transmit your account identity to these services; only the search query itself is shared.
If no downloadable PDF is found, our servers may use a headless browser to navigate to the paper's publisher landing page and generate a PDF snapshot of that page on your behalf. In this process our server visits the publisher's website, and the publisher may log the access. Only the URL of the publisher page is visited; your personal identity is not sent to the publisher in this process.
Examples: anonymized usage metrics, crash and error reports, device and browser type, and support correspondence. These help us keep the service stable and improve features.
We collect billing-related details necessary to manage subscriptions, such as plan identifier and transaction references. Payment processing is handled by Creem (creem.io), which acts as the Merchant of Record for all transactions. Creem may collect and process your payment information (such as card details) directly; we do not store full payment card numbers on our servers. For details on how Creem handles your payment data, refer to Creem's privacy policy at creem.io.
If you install the optional Recito Companion browser extension, it can read page content from websites you visit in order to extract PDF links and download papers on your behalf. Extension data is processed locally within your browser; it does not transmit browsing history or page content to our servers.
We do not use your papers, annotations, notes, or highlights to train machine-learning or AI models, and we do not allow third parties to do so on our behalf.
We do not sell personal data. We may share data with service providers acting on our behalf for hosting (Supabase, Cloudflare), payment processing (Creem), error monitoring, and support. These providers are required to use data only to provide services to us and to maintain appropriate security. We may also disclose data in response to lawful requests by public authorities, to protect rights or safety, or in connection with a merger, acquisition, or sale of assets, provided we give reasonable notice to users where legally permitted.
Recito uses browser storage (IndexedDB, localStorage) and session cookies for essential functionality, authentication session management, and user preferences. We do not use tracking cookies for advertising or cross-site tracking. Specifically:
You can clear browser storage in your browser settings, which will remove local library data and require you to re-download cloud data on next login.
We retain account and billing records while your account is active and for a limited period afterward to meet legal obligations. Server-side diagnostic logs are retained for up to 90 days. Backups for disaster recovery may be retained for up to 6 months. Cloud-stored PDFs associated with a cancelled subscription are retained for 30 days after cancellation, after which they are deleted. If you cancel during a free trial before any charge is made, no billing record is created. Local (browser-stored) data is not under our control and persists until you clear it from your device.
To exercise any of these rights, contact us at support@recitoreader.com. EU-based users may also lodge a complaint with their local data protection authority (Supervisory Authority).
We implement reasonable administrative, technical, and physical safeguards to protect personal data, including encrypted network connections (HTTPS/TLS), authenticated API access, and row-level security in our database. All PDF files stored in cloud storage are accessible only via authenticated, short-lived signed URLs. No internet service is completely secure, and we cannot guarantee absolute protection.
Data breach notification: If a security incident affects personal data we control, we will investigate promptly and notify affected users and relevant regulators as required by applicable law, including details of the incident and remedial steps where required.
Our infrastructure providers (Supabase, Cloudflare, Vercel) may process data in jurisdictions outside your country, including the United States. Where applicable law requires safeguards for cross-border transfers, we rely on appropriate contractual mechanisms including standard contractual clauses.
You agree to comply with applicable export and import laws and regulations. You must not use the service to process or transmit content that would violate applicable export controls, sanctions, or trade restrictions.
Recito is not intended for children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. Material changes will be announced on the site and, where appropriate, notified to account holders by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy. The date at the top of this page indicates when the policy was last revised.
For privacy questions, data requests, or concerns:
Email: support@recitoreader.com