Privacy Policy
Last updated: 2026-06-27
Recued is local-first personal automation. The browser extension, webclient, and optional self-hosted server are designed so recipe content, credentials, CRM records, emails, files, and AI prompts stay on systems you control unless you intentionally connect a third-party provider or use an explicitly described hosted feature.
This policy applies to recued.com, the Recued dashboard, the Recued Bridge browser extension, the Recued webclient, the self-hosted recued-server, the public marketplace, and Recued hosted services.
- No sale or ad targeting — We do not sell personal data, run behavioral ads, or share data with data brokers.
- Local-first by design — Recipe execution and user warehouse data live in your browser or self-hosted server.
- Paddle handles cards — Payments are processed by Paddle. Recued does not store card numbers or CVCs.
Chrome Web Store Limited Use statement. The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
1. Who controls your data and how to contact us
Recued — operated by RECUED LDA, a company registered in the Macao Special Administrative Region — is the controller for account, dashboard, marketplace, support, billing-entitlement, and hosted-service records that Recued operates. For data that you keep only in your browser, your extension profile, or your self-hosted recued-server, Recued does not have custody unless you deliberately send it to a hosted service.
Privacy requests, account deletion requests, and data questions should be sent to privacy@recued.com. If you contact us from an email address that is not associated with your account, we may ask for additional verification before acting on an account request.
2. Product components and what each one can see
| Component | What it can process | Where it is stored |
|---|---|---|
| Public site | Pages you request, basic operational request metadata, and messages you send to us. | Hosting/security logs and support inboxes. |
| Dashboard and account | Email address, account id, publisher handle, sign-in state, server-binding fingerprints, billing status, checkout state, and security/audit metadata. | Recued auth/dashboard services and their backing stores. |
| Recued Bridge extension | Local settings, pairing token, permission grants, selected tab URLs, page content only when a recipe action requires it, optional screenshots only when a recipe action requires capture, and OS notification content. | Browser extension storage, IndexedDB, and your paired server. Hosted Recued services do not receive this data unless a hosted feature is explicitly used. |
| Webclient | Pairing state, local route state, local IndexedDB data, recipes, approvals, run history, and settings needed to operate your server. | Your browser and your paired recued-server. |
| Self-hosted server | Warehouse data such as CRM snapshots, emails, calendar events, files, recipe definitions, credentials, audit logs, and outputs you choose to store. | Your machine, VPS, or storage provider. Recued does not host this server for you. |
| Marketplace | Public recipes, ingredients, publisher handle, submission/review state, ratings, and install/browse metadata. | Recued marketplace services. Published content is public. |
| Pro convenience services | Subscription state, server fingerprint, bound hostname or handle, public IP or DNS information needed for DDNS/reachability, and certificate-signing request data. | Recued cloud services and infrastructure providers. The cloud never runs recipes, routes none of your traffic, and never decrypts recipe data or credentials. |
3. Data categories we may process
Account and contact data
- Email address and authentication identifiers.
- Publisher handle, account id, server-binding records, and server fingerprints.
- Support messages you send, including any files or logs you choose to include.
Extension, browser, and device data
- Extension configuration and pairing state stored by the browser.
- Capability data needed for compatibility, such as extension version, browser version, supported APIs, and permission state.
- Selected tab URL and tab id when Recued must find or act on the page selected by the user or by an approved recipe.
- Page content, form fields, screenshots, or DOM data only when a recipe or bridge command needs that information for a user-facing action.
Recipe, warehouse, and connection data
- Installed recipes, custom recipes, approvals, run metadata, and audit entries.
- Credential material, OAuth refresh tokens, API keys, and pairing tokens stored locally or on your server unless you explicitly opt into an encrypted sync or hosted relay feature.
- CRM, email, calendar, file, webpage, and other connected-service data that your recipes access.
- AI prompts, AI outputs, and model-provider responses when a recipe uses an AI provider you selected.
Payment and entitlement data
- Paddle checkout transaction id, subscription id, subscription status, entitlement state, renewal/cancelation state, and billing support metadata.
- Billing name, email, location, tax, fraud-prevention, and payment details are collected by Paddle during checkout. Paddle may pass limited buyer information to Recued for order fulfillment, account matching, fraud prevention, and support.
- Recued does not store full card numbers, bank account numbers, or CVC/CVV codes.
Operational and security data
- Request time, IP address, user agent, request id, route, status code, and rate-limit metadata for hosted services.
- Security, abuse-prevention, and diagnostic records needed to protect users and operate the service.
- Public marketplace records and abuse reports.
4. How we use data
- Provide the Recued product, including account access, marketplace publishing, pairing, recipe operation, approvals, dashboard management, billing entitlement, and Pro convenience features.
- Route user-requested commands, notifications, remote triggers, diagnostics, reachability checks, and encrypted payloads.
- Process payments, subscription status, refunds, chargebacks, taxes, fraud checks, and billing support through Paddle.
- Keep the product secure, prevent abuse, rate-limit hostile traffic, diagnose failures, and maintain audit trails.
- Respond to support, privacy, security, legal, and account-management requests.
- Comply with legal obligations and enforce applicable terms.
We do not use personal data to serve personalized, retargeted, or interest-based advertising. We do not sell, rent, license, or broker user data.
5. Extension permissions and browser-store disclosures
Recued Bridge is a Manifest V3 browser extension. It is a thin actuator for a paired Recued server and uses a narrow permission set. It does not request blanket default host access.
| Permission | Why Recued uses it |
|---|---|
storage | Store local extension settings, pairing state, queues, and encrypted token material. |
alarms | Run periodic bridge keepalive, retry, and maintenance work. |
offscreen | Support background browser work that requires an offscreen document. |
notifications | Show user-visible OS notifications requested by Recued workflows. |
tabs | Find user-relevant tabs and selected pages for approved recipe actions. |
scripting | Execute recipe actions on a user-granted origin, such as reading a field or filling a form. |
sidePanel | Open and operate the Recued side-panel user interface. |
| Optional host permissions | Ask for site access only when a user or approved recipe needs a specific domain. Recued does not ship with default <all_urls> host access. |
Recued Bridge is designed not to request or use browser permissions such as cookies, webRequest, webRequestBlocking, history, bookmarks, tabCapture, desktopCapture, pageCapture, proxy, vpnProvider, or debugger.
Browser-store privacy disclosures should match this policy and the actual extension package. If a future version adds a data category or permission, Recued will update the extension disclosure and this policy. The extension does not load remotely hosted code for execution. Firefox and Microsoft Edge data-collection disclosures must also match this policy and the submitted extension package.
6. Limited Use, human access, and advertising restrictions
Recued uses user data only to provide or improve user-facing Recued features. This applies to raw data and to data derived, aggregated, or de-identified from raw data.
- Allowed use. We use data to operate Recued features users request, such as recipes, approvals, account binding, marketplace publishing, diagnostics, hosted convenience, and support.
- Allowed transfer. We transfer data only when necessary to provide or improve Recued, process payments, connect to user-selected vendors, protect against abuse, comply with law, or complete a merger/acquisition/sale with required consent where applicable.
- No advertising use. We do not use or transfer user data for personalized ads, retargeting, interest-based advertising, data brokerage, or credit-worthiness/lending decisions.
- Human access limits. Recued personnel do not read user content such as emails, CRM records, page contents, files, AI prompts, or recipe outputs unless the user gives explicit consent for support, access is required for security or abuse investigation, access is required by law, or the data is aggregated/anonymized for internal operations.
7. Third-party services and subprocessors
Recued may share data with service providers only for the purposes described in this policy. Providers must process data under appropriate confidentiality and security obligations.
| Provider or category | Purpose | Data involved |
|---|---|---|
| Paddle | Merchant-of-record checkout, subscriptions, taxes, fraud checks, refunds, chargebacks, invoices, and billing support. | Buyer and transaction data. See Paddle's privacy policy and refund policy. |
| Cloud infrastructure | Host the public site, dashboard, marketplace, auth endpoints, APIs, DDNS/ACME helpers, queues, and security/rate-limit systems. | Account, routing, operational, security, and public marketplace data needed for hosted services. |
| Authentication and database infrastructure | Account sign-in, session validation, publisher records, marketplace records, account binding, and entitlement state. | Email, account id, publisher metadata, session state, binding rows, and entitlement records. |
| User-selected SaaS providers | Run recipes against services such as CRM, email, calendar, files, chat, or messaging platforms. | Only data sent by the user's browser, server, or recipe configuration to that provider. |
| User-selected AI providers | Generate, classify, summarize, extract, or transform data when a recipe uses AI. | Prompts, context, outputs, and metadata that the recipe sends to the provider the user selected. |
| Open-source and distribution platforms | Host source code, issue reports, releases, and public package listings. | Public information you submit to those platforms. |
8. Legal bases for processing
Where privacy law requires a legal basis, Recued relies on the following bases:
- Contract. To provide the Recued product, account access, marketplace features, billing entitlement, support, and requested integrations.
- Consent. For optional host permissions, connected providers, optional recipes, optional AI providers, support access to specific user-provided content, and any marketing consent if Recued later offers marketing messages.
- Legitimate interests. To secure the service, prevent abuse, debug failures, maintain logs, improve reliability, and support users, balanced against user privacy and the local-first product design.
- Legal obligations. To keep billing, tax, accounting, fraud-prevention, dispute, and compliance records.
9. Payments, refunds, and billing privacy
Paid Recued Pro subscriptions are processed by Paddle. Paddle is the merchant of record for transactions it processes. During checkout, Paddle may collect buyer name, billing email, payment method, location, tax information, fraud-prevention information, and other data required to complete the transaction.
Recued receives only the data needed to fulfill the purchase and provide support, such as transaction id, subscription id, subscription status, plan/price id, billing contact information made available by Paddle, entitlement state, and webhook event metadata. We use this data for order fulfillment, product access, fraud prevention, account support, tax/accounting records, refunds, chargebacks, and legal compliance. We do not use Paddle buyer information for marketing unless the buyer separately consents.
Refunds and payment disputes are handled through Paddle and applicable consumer-protection rules. If you contact Recued about billing, we may use Paddle transaction identifiers and entitlement audit records to investigate the request.
10. Cookies, local storage, and tracking
- The public marketing site is designed without third-party analytics or behavioral advertising cookies.
- The dashboard uses secure, host-only, HttpOnly cookies for authentication and CSRF protection. Browser JavaScript does not read the raw session cookie.
- The webclient and extension use browser storage and IndexedDB for local operation, token wrapping, queues, pairing state, settings, and offline-capable state.
- Paddle checkout and other third-party sites you choose to open may use their own cookies and tracking technologies under their own policies.
- Infrastructure providers may process operational request metadata to deliver, secure, and debug the service.
11. Security
- Hosted Recued services use HTTPS. Browser/server communication should use HTTPS or WSS in production.
- Auth cookies are encrypted, Secure, HttpOnly, and scoped to the host where they are issued.
- Local token and credential storage uses browser or server encryption where the product surface supports it, including non-extractable WebCrypto keys for bridge token wrapping.
- Cloud routes are designed around least-privilege authentication, signed requests where appropriate, rate limiting, tenant isolation, and service-role-only writes for sensitive billing state.
- The extension is designed around least-privilege permissions, empty default host permissions, and per-domain opt-in host grants.
- No system is perfectly secure. If you believe you found a vulnerability, contact privacy@recued.com.
12. Sensitive data
Recued is a general automation tool. A user may choose to run recipes against data that contains sensitive information, such as financial, health, employment, government-id, or children-related information. Recued does not require users to provide these categories to Recued hosted services, does not use them for advertising, and does not use them to infer sensitive traits. If a recipe or connected provider handles sensitive information, that processing should stay in the user's browser or self-hosted server unless the user intentionally sends it to a selected third-party provider or hosted feature.
13. Retention
| Data | Retention approach |
|---|---|
| Browser extension and webclient local data | Stored until you clear it, uninstall, reset the browser profile, or use Recued's clear/export controls. |
| Self-hosted server data | Controlled by your server configuration and deletion/export choices. |
| Account and dashboard records | Kept while your account is active and for a reasonable period afterward for security, backup, legal, dispute, and operational purposes. |
| Checkout reservations | Bounded short-term reservation state is used to prevent duplicate checkout starts. |
| Paddle webhook replay records | Unmatched webhook events may be retried for a limited period so paid users can be matched after signup or transient failures. |
| Billing, entitlement, refund, and chargeback records | Kept as long as needed for product access, support, accounting, tax, dispute, fraud-prevention, and legal obligations. |
| Public marketplace content | Kept while published or while needed for review, abuse prevention, audit, backups, and repository history. |
| Support messages | Kept while needed to respond and maintain a reasonable support/security record. |
Backup copies and logs may persist for a limited time after deletion. We may retain records longer if required for legal compliance, security, abuse prevention, dispute resolution, accounting, or enforcement.
14. Your choices and rights
- Local data. You can export or delete local Recued data from the product surfaces that store it. Browser data can also be cleared by uninstalling the extension or clearing browser site/extension storage.
- Extension permissions. You can revoke site permissions through your browser's extension controls. Recued will stop acting on domains for which it lacks permission.
- Connected providers. You can revoke API keys or OAuth access at the third-party provider, and you can remove the connection from Recued.
- Account data. You can request access, correction, export, deletion, or restriction by emailing privacy@recued.com.
- Billing data. You can manage Paddle buyer preferences and exercise Paddle-held buyer rights through Paddle. Recued can help identify the relevant subscription or transaction.
- Opt-out of sale/share. Recued does not sell personal data or share it for cross-context behavioral advertising.
Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing. You may also have the right to complain to a data protection authority. We will respond as required by applicable law.
15. International transfers
Recued and its service providers may process data in countries other than your country of residence. Where required, we rely on appropriate transfer safeguards, contractual protections, and the necessity of processing to provide the service you requested.
16. Children's privacy
Recued is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child provided personal data to Recued, contact privacy@recued.com so we can review and delete it where required.
17. Changes to this policy
We may update this policy when Recued changes, when store or payment provider requirements change, or when laws require changes. The "Last updated" date shows when this page last changed. If a material change affects account or extension data practices, we will provide notice in an appropriate product surface or listing before the change takes effect where required.