Privacy-First LaTeX Editing: How Thetapad Protects Your Research

The Privacy Problem in Academic Writing

Your unpublished research is valuable—to you, your institution, and potentially to competitors, governments, or malicious actors.

Yet most researchers upload their work to cloud servers without a second thought.

Consider what's at stake:

• Unpublished findings that could be scooped
• Patent-pending innovations with commercial value
• Sensitive data about human subjects
• Collaborative work with confidentiality agreements
• Grant proposals detailing future research plans

Where does your LaTeX document actually live?

How Cloud Editors Handle Your Data

The Traditional Model

When you use a cloud-based LaTeX editor:

Your Document → Internet → Their Servers → Their Backups
                              ↓
                        Their Employees
                        Their Contractors
                        Their Infrastructure

Your document exists on infrastructure you don't control, accessible to people you've never met, subject to laws of jurisdictions you may not know.

Real Privacy Concerns

Data breaches happen. In 2023 alone:

• Over 2,000 data breaches exposed 8+ billion records
• Academic institutions were frequent targets
• Research data was specifically sought by attackers

Employee access is real. Cloud services typically allow:

• Support staff to access user data for troubleshooting
• Administrators to view content for policy enforcement
• Contractors to access systems for maintenance

Jurisdiction matters. Where your data is stored determines:

• What laws apply
• Who can compel disclosure
• What protections you have

Thetapad's Local-First Approach

Your Data Stays With You

Thetapad's architecture is fundamentally different:

Your Document → Your Device → Your Storage
                    ↓
              Your Control

By default:

• Documents are stored locally on your device
• Compilation happens on your machine
• No data transmitted unless you choose to share
• Full offline functionality

What "Local-First" Means

| Aspect | Cloud-First | Local-First | |--------|-------------|-------------| | Default storage | Their servers | Your device | | Internet required | Yes | No | | Who can access | Provider + you | Only you | | Offline work | Limited/none | Full functionality | | Data location | Unknown/variable | Your choice |

GDPR Compliance Made Simple

The General Data Protection Regulation (GDPR) places strict requirements on handling personal data. For researchers, this often includes:

• Survey responses
• Interview transcripts
• Patient information
• Student records

The Cloud Editor Challenge

Using cloud LaTeX editors with GDPR-covered data requires:

• Data Processing Agreements (DPAs)
• Understanding where servers are located
• Ensuring adequate protection levels for data transfers
• Trusting the provider's compliance claims

The Local-First Solution

With Thetapad:

• Data stays on approved infrastructure—your institution's computers
• No cross-border transfers by default
• You control the data lifecycle completely
• Compliance is built-in, not negotiated

GDPR Requirement: Minimize data transfers
Cloud solution: Contractual arrangements
Thetapad: Data never leaves your device

Security Architecture

End-to-End Encryption (When Sharing)

If you choose to use Thetapad's collaboration features:

• Documents are encrypted before transmission
• Only collaborators with the key can decrypt
• Thetapad servers see only encrypted data
• We cannot read your documents even if we wanted to

Zero-Knowledge Design

For shared projects, we implement zero-knowledge architecture:

Your Document
     ↓
Encryption (your key)
     ↓
Encrypted blob → Thetapad servers → Encrypted blob
                                          ↓
                                    Decryption (collaborator's key)
                                          ↓
                                    Collaborator sees document

At no point can Thetapad access plaintext content.

Local Compilation

Unlike cloud editors that compile on their servers (seeing your full source):

• Thetapad compiles on your device
• Your LaTeX source never leaves your machine
• Output PDFs stay local
• No server-side processing of your content

Institutional Compliance

For Universities

Academic institutions face unique requirements:

• IRB protocols for human subjects research
• Export control regulations
• Contractual obligations with research sponsors
• FERPA for student data

Local-first editing satisfies these by keeping data on institution-approved infrastructure.

For Medical Research

HIPAA and similar regulations require strict data handling:

• PHI must stay on approved systems
• Access must be logged and controlled
• Data at rest must be encrypted

Thetapad on institutional hardware meets these requirements naturally.

For Government-Funded Research

Many government grants impose data handling requirements:

• Data must stay within national borders
• Cloud storage may be prohibited for certain projects
• Specific security certifications required

Local-first gives you complete control over data location and handling.

Practical Privacy Features

Offline Mode

The most secure document is one that never touches the internet:

• Work entirely offline
• Sync only when you choose
• Full functionality without connectivity
• Perfect for sensitive projects

Local Git Integration

Version control without cloud exposure:

# Keep version history locally
git init
git add .
git commit -m "Initial draft"
 
# Or sync to your own Git server
git remote add origin your-server.edu:research/paper.git
git push

Selective Sharing

When collaboration is needed:

1. Choose exactly what to share
2. Set expiration dates on shared links
3. Revoke access instantly
4. Audit who accessed what

Comparison: Privacy Features

| Feature | Thetapad | Overleaf | ShareLaTeX | |---------|----------|----------|------------| | Local-first storage | Yes | No | No | | Offline compilation | Yes | No | No | | End-to-end encryption | Yes | No | No | | Zero-knowledge sharing | Yes | No | No | | On-premise option | Yes | Enterprise only | N/A | | GDPR compliant by default | Yes | Requires DPA | Requires DPA |

Making the Switch

Assess Your Privacy Needs

Ask yourself:

1. Does my research include sensitive data?
2. What are my institution's data handling policies?
3. Do I have contractual obligations about data storage?
4. What jurisdictional issues apply to my work?

Migrate Safely

If you have documents on cloud editors:

1. Export everything - Download all projects as ZIP files
2. Verify completeness - Ensure all files transferred
3. Import to Thetapad - Drag and drop to import
4. Delete cloud copies - Once verified, remove from cloud storage

Establish Good Practices

Going forward:

• Default to local storage
• Share only what's necessary
• Use encrypted sharing when needed
• Regular local backups

Conclusion

Your research represents years of work, significant investment, and often sensitive information. It deserves better than hoping a cloud provider keeps it safe.

Thetapad's local-first approach gives you:

• Complete control over where your data lives
• GDPR compliance by default
• Zero-knowledge sharing when collaboration is needed
• Peace of mind that your work stays yours

Privacy isn't just a feature—it's a fundamental requirement for serious research. Choose tools that respect that.

For institutional deployment options and custom security configurations, contact our team.