Privacy Policy

Last updated: April 17, 2026

This policy describes how Recita collects and processes personal data.

This policy applies to users of the service, subject, where applicable, to any mandatory data protection rules applicable in their country of residence.

1. Data controller

The data controller is:

Benjamin LIVONNEN
Address: 111 avenue Juyette, Mougins, France
Email: support@recita.app

2. Data processed

Recita may process the following categories of data:

  • account data: email address, encrypted password;
  • usage data: imported scripts, extracted texts, scenes, lines, characters, metadata, language preferences;
  • audio data: generated audio files;
  • technical data: technical logs, connection information, session identifiers;
  • payment and billing data: country of residence, currency, credit and usage history, PayPal references, transaction statuses, and related data;
  • data relating to requests sent to support.

3. Purposes and legal bases

Your data is processed for the following purposes:

  • creating and managing your account, on the basis of contract performance;
  • providing the service, including script import, processing, and audio generation, on the basis of contract performance;
  • managing payments, billing, abuse prevention, and the retention of required records, on the basis of contract performance and legal obligations;
  • ensuring the security, maintenance, and proper functioning of the service, on the basis of legitimate interest;
  • handling requests sent to support, on the basis of contract performance or legitimate interest, depending on their purpose.

The GDPR requires that individuals be informed of the purposes, legal bases, recipients, possible transfers, and retention periods.

Depending on the user’s country of residence, some processing operations may also be subject to additional local obligations relating to personal data protection.

4. Recipients and processors

Data may be accessible, within the scope of their respective duties, to:

  • the publisher of Recita;
  • the hosting provider OVH SAS;
  • PayPal, for payment management and related operations;
  • other technical service providers necessary for the operation of the service, including object storage, email delivery, and audio generation, including Google Cloud Text-to-Speech.

5. Transfers outside the European Union

Hosting is currently prioritized within the European Union. However, some technical service providers, in particular for payment or audio generation, may process certain data outside the European Economic Area. In such cases, these processing operations are governed by the appropriate legal mechanisms required by the applicable regulations.

Technical service providers involved in operating the service may be located in or operate across multiple countries. When an international data transfer is necessary, Recita seeks to ensure that it is based on an appropriate legal mechanism.

Data may also be accessible from the countries in which the service is offered to users, strictly to the extent necessary for its performance and proper functioning.

6. Data retention periods

Data may not be retained indefinitely; a retention period must be defined according to the purpose pursued. The periods indicated below are reference periods, subject to longer retention where required by law or where necessary for the establishment, exercise, or defense of legal claims.

Subject to the above, Recita applies the following principles:

  • user account: for the entire duration of the account’s existence; in the event of prolonged inactivity, deletion or anonymization no later than 3 years after inactivity;
  • scripts, extracted texts, scenes, lines, and audio files: retained while the account is active and while the service can be used with the available credit; deleted upon user request or upon account deletion;
  • technical logs: maximum retention of 12 months;
  • support messages and exchanges: maximum retention of 3 years from the last exchange;
  • payment and billing data: retained for the period legally required, and for up to 10 years where required by regulation;
  • in the event of account deletion: retention of a minimal pseudonymized billing record for 10 years.

7. Cookies and trackers

Recita uses:

  • cookies and trackers strictly necessary for the operation of the service, including authentication, session management, and security;
  • a language preference cookie;
  • on the payment page, technical components related to PayPal, which may place or read their own trackers according to their own terms.

At this time, Recita does not use analytics tools or advertising trackers.

If trackers requiring prior consent are added in the future, they will only be used after appropriate information has been provided and the user’s consent has been collected, where required by applicable regulations.

8. Your rights

Depending on the circumstances, you have the right to access, rectify, erase, restrict, object to, and request portability of your data. You may also define instructions regarding the handling of your data after your death.

You may exercise your rights or send any question relating to the protection of personal data to the following address: support@recita.app

You also have the right to lodge a complaint with the CNIL.

Depending on the user’s country of residence and the applicable law, some rights or the way they may be exercised may vary.

9. Security

Recita implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.