How is this different from a generic PDF-to-text extractor?

Generic extractors flatten your PDF into raw text and lose the layout. Our purpose-built pipeline reads each page like a human reader would, then rebuilds it as real LaTeX — sections, equations, tables, lists and figures stay where they belong, page by page.

How accurately is the original PDF reproduced?

The goal is a near 1:1 rebuild of the source document. The same number of pages, the same headings, the same equations and tables — as an editable LaTeX project you can keep working on in Overleaf.

What do I receive after conversion?

An editable LaTeX project (main.tex plus assets), a compiled PDF render, and a side-by-side comparison of every page so you can verify the result before exporting.

Can I open the export in Overleaf?

Yes. The exported ZIP is structured so Overleaf compiles main.tex on the first try — no missing packages, no manual restructuring.

Legal

Privacy Policy

This page explains what data document-to-latex collects, where it is stored, which third parties process parts of it on our behalf, and what rights you have under the GDPR.

Last updated: 2026-04-29

1. Controller

The controller responsible for personal data processed on this site (per Art. 4 (7) GDPR) is:

Florian Wider
Felsenbirnenweg 35
88045 Friedrichshafen
Germany
Email: [email protected]

We have not appointed a Data Protection Officer because we are not legally required to (Art. 37 GDPR / § 38 BDSG: fewer than 20 persons regularly processing personal data). For any privacy enquiry please write to the email above.

2. Data we collect & legal basis

Account data (via Clerk): email address, authentication identifiers, session tokens. Legal basis: performance of the contract, Art. 6 (1) (b) GDPR.
Billing data (via Stripe): customer email, billing address as you enter it on Stripe Checkout, payment status, invoice history. Card details never touch our servers. Legal basis: Art. 6 (1) (b) GDPR (contract) and Art. 6 (1) (c) GDPR (statutory record-keeping under § 147 AO).
Uploaded documents: the PDFs you submit for conversion and everything we derive from them (extracted text, table summaries, generated LaTeX project, compiled PDF, page renderings, status logs). Legal basis: Art. 6 (1) (b) GDPR.
Usage data: page counts, conversion timings, credit balance changes, feature usage — used for billing and internal product analytics. Legal basis: Art. 6 (1) (b) GDPR (billing) and Art. 6 (1) (f) GDPR (legitimate interest in operating and improving the service).
Server logs: IP address, user agent, request path, response status, timestamp. Retained for 14 days for security and abuse prevention. Legal basis: Art. 6 (1) (f) GDPR.

3. What we send to OpenAI

LaTeX generation and repair use the OpenAI Responses API. The following parts of your document are transmitted to OpenAI, L.L.C. in the United States:

The extracted document text.
A compact table summary (row/column counts and content).
Page order metadata and any extraction warnings.
For repair calls: the current generated LaTeX source and a truncated copy of the LaTeX compiler log.

We do not send the raw PDF binary, rendered page images, database records, billing data, Clerk JWTs or Stripe identifiers to OpenAI.

We pass store=false on every OpenAI request, asking OpenAI not to retain the prompt in their dashboard. OpenAI is certified under the EU-U.S. Data Privacy Framework, which provides an adequacy decision for transfers under Art. 45 GDPR; in addition we rely on the EU Standard Contractual Clauses (Art. 46 GDPR) included in OpenAI's Data Processing Addendum.

4. Other processors

Vendor	Purpose	Data shared	Transfer basis
Clerk, Inc. (USA)	Authentication	Email, identifiers, session JWTs	EU-U.S. DPF + SCCs
Stripe Payments Europe, Ltd. (Ireland)	Payments & subscription management	Customer email, billing identifiers, line items	EEA processor
Cloudflare, Inc. (USA, EU edge)	CDN, DNS, tunnel for the backend	Standard HTTP traffic (TLS-terminated at edge)	EU-U.S. DPF + SCCs
OpenAI, L.L.C. (USA)	LaTeX generation & repair	Extracted text, table summary, compiler logs	EU-U.S. DPF + SCCs
Hetzner Online GmbH (Germany)	Backend hosting	All server-side data at rest	EEA processor

5. Cookies & similar technologies

We only use cookies and local storage that are strictly necessary to operate the service — they are exempt from consent under § 25 (2) Nr. 2 TTDSG, so we do not show a cookie banner.

Set by	Purpose	Lifetime
document-to-latex (1st party)	UI preferences (e.g. billing toggle state)	Local storage, until you clear it
Clerk	Authentication session	Session + refresh cookies, up to 30 days
Stripe	Fraud prevention during checkout	Set only when you start a payment, up to 1 year
Cloudflare	Edge security (e.g. `__cf_bm`)	Up to 30 minutes

We use no tracking, advertising or third-party analytics cookies. We do not use Google Analytics, Meta Pixel, Hotjar or similar.

6. Retention

Job artefacts (source PDF, intermediate JSON/MD, generated LaTeX, compiled PDF, ZIP, status JSON, render PNGs) live on our backend for 30 days after conversion, after which they are deleted automatically. You can delete a job manually at any time from your dashboard.

Account data is retained for the lifetime of your account and deleted within 30 days of account deletion. Billing data (invoices, payment records) is retained for 8 years as required by § 147 AO.

7. Your rights (GDPR)

You have the right to:

request a copy of the data we hold about you (Art. 15);
have inaccurate data corrected (Art. 16);
have your data erased (Art. 17);
restrict or object to processing (Art. 18, 21);
data portability (Art. 20);
withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7 (3));
lodge a complaint with a supervisory authority (Art. 77). For users in Germany the competent authority for the controller's seat is Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), Königstraße 10a, 70173 Stuttgart — baden-wuerttemberg.datenschutz.de.

To exercise any of these rights, write to [email protected].

8. Security

All traffic is TLS-encrypted end-to-end. Backend services run behind a Cloudflare tunnel and are not publicly reachable except through the application. Job artefacts are stored on encrypted disks. Access to production systems is restricted to the operator and protected by SSH key + 2FA.

9. Changes

We may update this policy when our processing changes or when the law requires it. The “last updated” date at the top reflects the most recent change. Material changes will be announced by email to the address on your account.