Legal

Compliance & Security

This page is the public compliance and security overview for marketing, procurement, and comparison-page claims. It explains what LaTeX Cloud Studio states publicly today, where the current proof comes from, and where guided-rollout or roadmap boundaries still apply.

What we state publicly today

  • Privacy-first handling: public docs position the product around privacy-first document handling.
  • Training-data boundary: public security materials state that user documents are not used to train AI models.
  • EU-oriented posture: public materials describe EU-focused hosting and GDPR-oriented handling.
  • Consent-based analytics: optional analytics and marketing cookies stay off until users opt in.

What we do not overstate

  • Legal review: this page is not a substitute for customer-specific legal advice or procurement review.
  • Enterprise GA: self-serve SSO, audit logs, and broader admin controls are not presented here as general-availability features.
  • Roadmap separation: roadmap items stay labeled as roadmap items until the public product docs change.

Public proof sources

Use the documents below when a claim needs a direct public source instead of summary copy on a landing page.

Data Protection & GDPR Compliance

We design the service and our processes to support GDPR-oriented handling where it applies. In practice, that means we focus on:

  • Data minimization: Collecting and processing only what we need to operate and improve the service
  • Purpose limitation: Using data only for defined purposes
  • User rights requests: Supporting access, correction, deletion, and portability requests where applicable
  • Privacy by Design: Data protection is built into our systems from the ground up
  • Vendor management: Using vetted service providers and contractual safeguards where required

Infrastructure Security

Data Centers

  • EU data hosting for our web product infrastructure
  • Physical and operational security controls provided by our hosting providers

Network Security

  • Encryption in transit (TLS) for the website and API traffic
  • DDoS and abuse protections at the edge (provider-managed)
  • Ongoing security patching and dependency vulnerability monitoring

Application Security

Access Controls

  • Principle of least privilege for internal access
  • Security review for changes that affect data access paths

Data Encryption

  • Encryption in transit (TLS)
  • Encryption at rest and key management as supported by our infrastructure and storage providers

Compliance & Assurance

Depending on your organization, you may need assurance artefacts (for example, for procurement or institutional review). Please contact us and we can share what is currently available.

  • GDPR: We design for GDPR obligations (lawful bases, transparency, and user rights)
  • Cookies/consent: Optional analytics and marketing cookies are disabled until you opt in

Security Practices

Development Security

  • Secure development practices and code review
  • Regular code reviews and static analysis
  • Dependency scanning for vulnerabilities
  • Security training for all developers

Operational Security

  • Monitoring and alerting for service health
  • Incident response procedures
  • Employee background checks
  • Principle of least privilege

Vulnerability Management

We accept vulnerability reports and work to remediate issues in a timely manner.

  • Regular vulnerability scanning
  • Timely patching of identified vulnerabilities
  • Responsible disclosure via email

Third-Party Services

We use third-party service providers to operate the service (for example infrastructure, email delivery, and analytics). Details about analytics cookies and tracking are described in our Cookie Policy and Privacy Policy.

  • Vendors are selected based on security and reliability requirements
  • Contractual and technical safeguards are applied where required

Contact

Email us at LaTeX@hirox-software-solutions.com for security concerns, vulnerability reports, or compliance/privacy questions.

If you need the plain-language proof pages used across the marketing site, open the AI and data-handling page or the migration guide.

Proof Links

Proof pages linked from commercial pages

These are the pages the website should use when a claim needs a public source. That keeps homepage, pricing, alternatives, and migration language aligned.

AI and data handling

Use this for privacy-first wording, training-data boundaries, and public AI-language constraints.

Migration guide

Use this for ZIP import, GitHub sync, and live-vs-roadmap migration wording.

Security & Privacy docs

Canonical product-side source for the public privacy and data-handling posture.