FormaTeX
FormaTeX

\usepackage{legal}

Privacy Policy

This policy explains how FormaTeX collects, uses, and protects your personal information when you use our LaTeX compilation API and related services.

Last updated: February 2026

Introduction

FormaTeX operates the FormaTeX LaTeX compilation API and associated web services. This Privacy Policy describes how we collect, use, and safeguard information about you when you visit our website, create an account, or use our API.

By using FormaTeX, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

Information We Collect

We collect information you provide directly to us and information generated automatically through your use of our services.

Account information

When you register, we collect your name, email address, and a hashed version of your password. If you sign in via GitHub or Google OAuth, we receive your name, email address, and profile avatar from those providers.

Usage data

We log metadata about each compilation request: the LaTeX engine used, compilation status (success or failure), duration in milliseconds, and input size in bytes. We never store, inspect, or retain the actual LaTeX source code or the compiled PDF output.

API key data

We store a SHA-256 hash of each API key you create, along with its prefix, name, and usage timestamps. The raw key is shown to you exactly once and is never stored in recoverable form.

Billing data

Payment processing is handled entirely by Polar.sh, our billing provider. We receive a customer ID and subscription status from Polar but never handle or store your payment card details.

Technical data

We collect standard server logs including IP addresses, browser user-agent strings, and request timestamps for security, rate-limiting, and operational purposes.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the FormaTeX API and dashboard
  • Authenticate your identity and authorize access to our services
  • Enforce plan-based rate limits and compilation quotas
  • Send transactional emails such as account verification and password reset
  • Detect, investigate, and prevent fraudulent or abusive activity
  • Comply with legal obligations and enforce our Terms of Service
  • Improve the reliability and performance of our infrastructure

We do not sell your personal information to third parties. We do not use your data for advertising or behavioral profiling.

Data Retention

Compilation files are deleted immediately after processing. Project files you choose to save are stored securely and only accessible to you.

We retain your account information for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

Compilation metadata (engine, status, duration, size) is retained for 12 months to support usage reporting and billing reconciliation. Compilation files — LaTeX source and PDF output — are ephemeral. They are written to an in-memory tmpfs filesystem and deleted immediately after the compilation response is delivered or the job file is downloaded, whichever comes first.

Server access logs are retained for 90 days for security and operational purposes.

Data categoryRetention periodPurpose
Compilation source and generated PDF (temporary job files)Deleted immediately after processingRun and return compilation results
Saved project files (.tex, images, bibliography, assets)Until you delete them or delete your accountProvide persistent projects and collaboration features
Compilation metadata (engine, status, duration, input size)12 monthsUsage reporting, quota enforcement, billing reconciliation
Server access logs (IP, user-agent, timestamps)90 daysSecurity monitoring, abuse prevention, operations
Account and billing recordsWhile account is active, plus legally required retention for financial recordsAccount management, compliance, tax and accounting obligations

Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service providers

We use the following third-party services, each receiving only the data necessary to perform their function:

  • Polar.sh — billing and subscription management
  • Resend — transactional email delivery (verification, password reset)
  • PostHog — product analytics (page views, feature usage, compilation events) — only with your consent
  • Sentry — error monitoring and performance tracking for service reliability

OAuth providers

If you choose to sign in with GitHub or Google, we receive profile data from those providers as described above. We do not share your FormaTeX data back to those providers.

Legal requirements

We may disclose information if required by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed with bcrypt and never stored in plain text
  • API keys are stored as SHA-256 hashes — the raw key is shown once and never retained
  • All data is transmitted over TLS (HTTPS)
  • Infrastructure uses non-root containers with no-new-privileges security options
  • Worker processes have no internet access and run in isolated Docker networks
  • Compilation jobs run in ephemeral tmpfs storage, cleared immediately after use

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we continuously review and improve our security practices.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

AccessRequest a copy of the personal data we hold about you.
CorrectionRequest correction of inaccurate or incomplete data.
DeletionRequest deletion of your account and associated personal data.
PortabilityRequest your data in a structured, machine-readable format.
ObjectionObject to processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@formatex.io. We will respond within 30 days.

Cookies

We use two categories of browser storage:

Essential cookies (no consent required)

We set an auth_token cookie to keep you signed in, and a theme cookie for your dark mode preference. These are strictly necessary for the service to function.

Analytics (consent required)

With your consent, we use PostHog for product analytics — tracking page views, feature usage, and compilation events to improve the product. PostHog stores data in your browser's localStorage. You can withdraw consent at any time via the cookie banner or by clearing your localStorage for formatex.io.

For full details on the cookies and storage we use, see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify registered users by email. Your continued use of FormaTeX after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out:

FormaTeX

Email: privacy@formatex.io

Website: formatex.io

One quick thing

We track anonymous usage — page views, feature usage, compilation events — to understand what works and what doesn't. No ads, no personal data, no third-party sharing.

Cookie policy