From d22f78c46af8157fb80264e0662a25b2635a8396 Mon Sep 17 00:00:00 2001 From: mmann1123 Date: Mon, 6 Apr 2026 14:52:52 -0400 Subject: [PATCH] init legal and use --- index.html | 13 +- package.json | 1 + src/App.jsx | 7 + src/components/CookieConsent.jsx | 48 ++++ src/index.css | 168 +++++++++++++ src/pages/Legal.jsx | 420 +++++++++++++++++++++++++++++++ src/pages/Login.jsx | 7 + 7 files changed, 660 insertions(+), 4 deletions(-) create mode 100644 src/components/CookieConsent.jsx create mode 100644 src/pages/Legal.jsx diff --git a/index.html b/index.html index f595078..3930cad 100644 --- a/index.html +++ b/index.html @@ -4,13 +4,18 @@ LaTeX Forge - - + diff --git a/package.json b/package.json index aa2a48a..7644641 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,7 @@ "name": "latexforge", "private": true, "version": "1.0.0", + "license": "GPL-3.0-only", "type": "module", "scripts": { "dev": "vite", diff --git a/src/App.jsx b/src/App.jsx index b57152f..8683905 100644 --- a/src/App.jsx +++ b/src/App.jsx @@ -7,6 +7,8 @@ import ProjectEditor from './pages/ProjectEditor.jsx'; import AcceptInvite from './pages/AcceptInvite.jsx'; import InviteColleagues from './pages/InviteColleagues.jsx'; import AccessDenied from './pages/AccessDenied.jsx'; +import Legal from './pages/Legal.jsx'; +import CookieConsent from './components/CookieConsent.jsx'; function ProtectedRoute({ children }) { const { user, loading } = useAuth(); @@ -70,6 +72,10 @@ export default function App() { path="/access-denied" element={} /> + } + /> } @@ -95,6 +101,7 @@ export default function App() { } /> + ); } diff --git a/src/components/CookieConsent.jsx b/src/components/CookieConsent.jsx new file mode 100644 index 0000000..329e681 --- /dev/null +++ b/src/components/CookieConsent.jsx @@ -0,0 +1,48 @@ +import { useState, useEffect } from 'react'; + +export default function CookieConsent() { + const [visible, setVisible] = useState(false); + + useEffect(() => { + const consent = localStorage.getItem('cookie-consent'); + if (!consent) setVisible(true); + }, []); + + function handleAccept() { + localStorage.setItem('cookie-consent', 'accepted'); + setVisible(false); + // Enable GA if it wasn't loaded on page load + if (!window.gtag) { + const s = document.createElement('script'); + s.async = true; + s.src = 'https://www.googletagmanager.com/gtag/js?id=G-Y6B556JJNX'; + document.head.appendChild(s); + window.dataLayer = window.dataLayer || []; + window.gtag = function () { window.dataLayer.push(arguments); }; + window.gtag('js', new Date()); + window.gtag('config', 'G-Y6B556JJNX'); + } + } + + function handleDecline() { + localStorage.setItem('cookie-consent', 'declined'); + setVisible(false); + // Disable GA + window['ga-disable-G-Y6B556JJNX'] = true; + } + + if (!visible) return null; + + return ( +
+

+ This site uses cookies for authentication and analytics.{' '} + Learn more +

+
+ + +
+
+ ); +} diff --git a/src/index.css b/src/index.css index 4b8d2a9..36cd1ac 100644 --- a/src/index.css +++ b/src/index.css @@ -111,6 +111,157 @@ body { color: var(--text-muted); } +/* ===== Legal Page ===== */ +.legal-page { + min-height: 100vh; + background: #1e1e2e; + color: #e0e0e0; + padding: 40px 24px; +} +.legal-container { + max-width: 720px; + margin: 0 auto; +} +.legal-back { + color: #888; + text-decoration: none; + font-size: 14px; +} +.legal-back:hover { + color: #4caf50; +} +.legal-page h1 { + font-size: 28px; + font-weight: 700; + color: #fff; + margin: 20px 0 4px; +} +.legal-updated { + color: #888; + font-size: 13px; + margin-bottom: 24px; +} +.legal-nav { + display: flex; + gap: 16px; + margin-bottom: 40px; + padding-bottom: 16px; + border-bottom: 1px solid #3a3a50; +} +.legal-nav a { + color: #4caf50; + text-decoration: none; + font-size: 14px; + font-weight: 500; +} +.legal-nav a:hover { + text-decoration: underline; +} +.legal-page section { + margin-bottom: 48px; +} +.legal-page h2 { + font-size: 22px; + font-weight: 600; + color: #fff; + margin-bottom: 20px; + padding-top: 16px; + border-top: 1px solid #3a3a50; +} +.legal-page h3 { + font-size: 16px; + font-weight: 600; + color: #ddd; + margin: 20px 0 8px; +} +.legal-page p { + font-size: 14px; + line-height: 1.7; + color: #bbb; + margin-bottom: 12px; +} +.legal-page ul { + margin: 0 0 12px 20px; + padding: 0; +} +.legal-page li { + font-size: 14px; + line-height: 1.7; + color: #bbb; + margin-bottom: 4px; +} +.legal-page a { + color: #4caf50; + text-decoration: none; +} +.legal-page a:hover { + text-decoration: underline; +} +.legal-footer { + margin-top: 40px; + padding-top: 20px; + border-top: 1px solid #3a3a50; + text-align: center; +} + +/* ===== Cookie Consent Banner ===== */ +.cookie-banner { + position: fixed; + bottom: 0; + left: 0; + right: 0; + z-index: 1000; + display: flex; + align-items: center; + justify-content: center; + gap: 16px; + padding: 14px 24px; + background: #1a1a1a; + border-top: 1px solid #333; + flex-wrap: wrap; +} +.cookie-banner-text { + font-size: 14px; + color: #ccc; +} +.cookie-banner-text a { + color: #4caf50; + text-decoration: none; +} +.cookie-banner-text a:hover { + text-decoration: underline; +} +.cookie-banner-actions { + display: flex; + gap: 8px; +} +.cookie-btn-accept { + background: #4caf50; + color: #fff; + border: none; + padding: 8px 20px; + border-radius: 4px; + font-size: 13px; + font-weight: 600; + cursor: pointer; +} +.cookie-btn-accept:hover { + background: #43a047; +} +.cookie-btn-decline { + background: transparent; + color: #999; + border: 1px solid #555; + padding: 8px 20px; + border-radius: 4px; + font-size: 13px; + cursor: pointer; +} +.cookie-btn-decline:hover { + border-color: #888; + color: #ccc; +} + /* ===== Access Denied Page ===== */ .access-denied-page { display: flex; @@ -483,6 +634,23 @@ body { font-size: 13px; color: #666; } +.landing-footer-links { + margin-top: 8px; + display: flex; + align-items: center; + justify-content: center; + gap: 8px; +} +.landing-footer-links a { + color: #888; + text-decoration: none; +} +.landing-footer-links a:hover { + color: #4caf50; +} +.landing-footer-links span { + color: #555; +} /* Responsive */ @media (max-width: 768px) { diff --git a/src/pages/Legal.jsx b/src/pages/Legal.jsx new file mode 100644 index 0000000..e59c840 --- /dev/null +++ b/src/pages/Legal.jsx @@ -0,0 +1,420 @@ +import { useEffect } from 'react'; +import { useLocation, Link } from 'react-router-dom'; + +export default function Legal() { + const { hash } = useLocation(); + + useEffect(() => { + if (hash) { + const el = document.querySelector(hash); + if (el) el.scrollIntoView({ behavior: 'smooth' }); + } else { + window.scrollTo(0, 0); + } + }, [hash]); + + return ( +
+
+ ← Back to home + +

LaTeX Forge Legal

+

Last updated: April 6, 2026

+ + + + {/* ── Terms of Service ── */} +
+

Terms of Service

+ +

1. Service Description

+

+ LaTeX Forge is a free, web-based collaborative LaTeX editor currently in beta. + It is provided as an open-source project under the GNU General Public License v3 + and is intended for academic and nonprofit use. The service allows users to create, + edit, compile, and share LaTeX documents through a web browser. +

+ +

2. Beta Service

+

+ LaTeX Forge is currently offered as a beta service. Beta features are provided + "as-is" and may be changed, suspended, or removed at any time without notice. + Beta services may contain bugs, errors, or inaccuracies. By using the beta service, + you acknowledge that it may not function as intended in all cases. +

+ +

3. Account Eligibility

+

+ Access is limited to users with Google-authenticated institutional email accounts, + including .edu, .ac.uk, .ca, .org, and other recognized academic domains. Additional + accounts may be granted access at the administrator's discretion. You must provide + accurate and complete information during registration and keep your account + information current. +

+ +

4. User Content

+

+ You retain full ownership of all content you create, upload, or store on LaTeX Forge. + We do not claim any intellectual property rights over your documents, images, or other + files. By uploading content, you grant LaTeX Forge a limited license to store, process, + and transmit your content solely to provide the service (e.g., storing files in Cloud + Storage, sending files to the compilation server). +

+

+ You are responsible for ensuring you have the right to upload and share any content + you add to the platform, including third-party files, fonts, images, and bibliographic + data. If you share a project with collaborators, you control who has access and at + what permission level (editor or viewer). +

+ +

5. Backup Responsibility

+

+ While LaTeX Forge uses Google Cloud infrastructure with built-in redundancy, you are + responsible for maintaining local copies of your important files. We strongly recommend + regularly exporting your projects using the ZIP download feature. LaTeX Forge shall not + be liable for any loss or corruption of data, howsoever caused. +

+ +

6. Service Availability

+

+ LaTeX Forge is provided on an "as-is" and "as-available" basis without warranties of + any kind, whether express or implied, including but not limited to implied warranties + of merchantability, fitness for a particular purpose, or non-infringement. We make no + guarantees regarding uptime, availability, reliability, or error-free operation. We + reserve the right to modify, suspend, or discontinue the service at any time without + notice. +

+ +

7. Limitation of Liability

+

+ To the fullest extent permitted by law, LaTeX Forge and its maintainers shall not be + liable for any indirect, incidental, special, consequential, or punitive damages arising + from your use of or inability to use the service, including but not limited to data loss, + service interruptions, compilation errors, or loss of profits, even if advised of the + possibility of such damages. +

+ +

8. Indemnification

+

+ You agree to indemnify and hold harmless LaTeX Forge and its maintainers from and + against any claims, damages, losses, liabilities, and expenses (including reasonable + legal fees) arising out of or related to your use of the service, your violation of + these terms, or your violation of any rights of a third party. +

+ +

9. Account Termination

+

+ We reserve the right to suspend or terminate accounts that violate these terms, the + Acceptable Use Policy, or that are inactive for an extended period. Grounds for + immediate suspension include: violations of the Acceptable Use Policy, fraudulent + activity, illegal use, or failure to comply with these terms. You may delete your + account and associated data at any time by contacting the administrator. +

+ +

10. Governing Law

+

+ These terms shall be governed by and construed in accordance with the laws of the + United States and the District of Columbia, without regard to conflict of law principles. + Any disputes arising from these terms or your use of the service shall be subject to the + exclusive jurisdiction of the courts located in Washington, D.C. +

+ +

11. Changes to Terms

+

+ We may update these terms from time to time. When we make material changes, we will + notify you by posting a notice within the application or by sending an email to the + address associated with your account. The "last updated" date at the top of this page + will be revised accordingly. Continued use of the service after changes constitutes + acceptance of the revised terms. +

+
+ + {/* ── Privacy Policy ── */} +
+

Privacy Policy

+ +

1. Information We Collect

+

When you use LaTeX Forge, we collect:

+
    +
  • Account information: Your Google account name, email address, and unique identifier (UID), collected during sign-in via Google OAuth
    • +
  • User content: LaTeX documents, images, bibliography files, and other files you create or upload to your projects
    • +
  • Collaboration data: Project sharing settings, invitation records, and real-time editing presence information (cursor position, active file)
    • +
  • Usage analytics: Page views and general usage patterns collected via Google Analytics (only if you consent to analytics cookies)
    • +
+ +

2. How We Use Your Information

+
    +
  • Authentication: To verify your identity and enforce access controls
    • +
  • Document storage: To save and sync your projects across devices
    • +
  • Collaboration: To enable real-time editing, sharing, and commenting
    • +
  • Compilation: To send your LaTeX files to our compilation server and return PDF output
    • +
  • Service improvement: To understand usage patterns and improve the application (analytics data only)
    • +
  • Security: To protect against unauthorized access and enforce the email allowlist
    • +
+ +

3. Legal Basis for Processing

+

We process your personal data on the following legal bases:

+
    +
  • Contractual necessity: Account setup, document storage, and service delivery are required to provide you with the service
    • +
  • Legitimate interest: Security enforcement, service improvement, and abuse prevention
    • +
  • Consent: Analytics cookies are only set with your explicit consent via the cookie banner. You may withdraw consent at any time
    • +
+ +

4. Third-Party Services

+

LaTeX Forge relies on the following third-party services to operate:

+
    +
  • Google Firebase: Authentication, database (Firestore), and file storage (Cloud Storage)
    • +
  • Google Cloud Run: LaTeX compilation backend
    • +
  • Google Analytics (GA4): Anonymous usage statistics (only with your consent)
    • +
+

+ These services process data on our behalf and are subject to their own privacy policies. + Google's privacy policy is available + at policies.google.com/privacy. + We do not share your data with any other third parties. +

+ +

5. Data Storage and Security

+

+ Your data is stored on Google Cloud infrastructure in the United States. Data is + encrypted in transit (HTTPS/TLS) and at rest (Google Cloud default encryption). + Access to project data is controlled by Firebase security rules that enforce + per-project permissions (owner, editor, viewer). See + the Security Overview for more details. +

+ +

6. Data Retention

+
    +
  • Your documents and project files persist until you delete them
    • +
  • Account data is retained until you request account removal
    • +
  • Deleted projects are moved to trash and can be permanently deleted by you
    • +
  • Analytics data is retained according to Google Analytics default settings (14 months)
    • +
  • After retention periods expire, data is destroyed, erased, or anonymized
    • +
+ +

7. Data Sharing

+

+ We do not sell, rent, or share your personal data with third parties for marketing + or advertising purposes. Data is only shared with the third-party service providers + listed above, solely to operate the service. We may disclose data if required by law + or compulsory legal process. +

+ +

8. Your Rights

+

You have the right to:

+
    +
  • Access: Request copies of the personal data we hold about you
    • +
  • Export: Download your documents via the ZIP export feature at any time
    • +
  • Rectification: Request correction of inaccurate personal data
    • +
  • Deletion: Request deletion of your account and all associated data
    • +
  • Objection: Object to the processing of your personal data
    • +
  • Opt out: Decline analytics tracking via the cookie consent banner
    • +
+

+ To exercise these rights or ask questions about your data, open an issue + on GitHub. +

+ +

9. International Users

+

+ If you are located in the European Economic Area (EEA) or United Kingdom, we process + your personal data on the bases described in Section 3 above. Your data is transferred + to and stored in the United States via Google Cloud infrastructure. These transfers + are conducted in accordance with Google's data processing terms, which include + standard contractual clauses approved by the European Commission. +

+

+ You have the right to lodge a complaint with your local data protection supervisory + authority if you believe your data is being processed unlawfully. +

+ +

10. Changes to This Policy

+

+ We may update this privacy policy from time to time. The revised policy will be posted + on this page with an updated "last updated" date. We encourage you to review this page + periodically. Material changes will be communicated via the application or email. +

+
+ + {/* ── Cookie Policy ── */} +
+

Cookie Policy

+ +

+ Cookies are small text files stored on your device that help us provide and improve + our service. This policy explains what cookies we use and how you can control them. +

+ +

Essential Cookies

+

+ These cookies are required for the application to function and cannot be disabled. + They include: +

+
    +
  • Firebase authentication session: Keeps you signed in across page loads and browser sessions
    • +
  • Cookie consent preference: Remembers whether you accepted or declined analytics cookies
    • +
  • Application state: Editor preferences and layout settings stored in local storage
    • +
+ +

Analytics Cookies

+

+ We use Google Analytics (GA4) to collect anonymous usage statistics such as page views + and general usage patterns. These cookies are only set if you accept analytics tracking + via the cookie consent banner. Specifically: +

+
    +
  • _ga (13 months): Distinguishes unique users
    • +
  • _ga_* (13 months): Maintains session state
    • +
+

+ You can change your analytics preference at any time by clearing your browser's local + storage for this site and refreshing the page. The cookie consent banner will reappear, + allowing you to make a new choice. +

+ +

No Advertising or Tracking Cookies

+

+ LaTeX Forge does not use any advertising, marketing, or cross-site tracking cookies. + We do not serve ads, participate in ad networks, or track you across other websites. +

+
+ + {/* ── Security Overview ── */} +
+

Security Overview

+ +

Infrastructure

+

+ LaTeX Forge is hosted on Google Cloud Platform, which provides enterprise-grade + physical security at its data centers, including electronic access controls, alarm + systems, perimeter fencing, and 24/7 monitoring. All application services + (authentication, database, storage, compilation) run within Google Cloud. +

+ +

Data Encryption

+
    +
  • In transit: All connections use HTTPS with TLS encryption. No unencrypted HTTP connections are accepted.
    • +
  • At rest: Data stored in Firebase Firestore and Cloud Storage is encrypted at rest using Google Cloud's default encryption (AES-256).
    • +
+ +

Authentication and Access Control

+
    +
  • Authentication is handled exclusively through Google OAuth 2.0 — LaTeX Forge does not store passwords
    • +
  • An email allowlist restricts access to approved institutional domains (.edu, .ac.uk, .ca, .org, etc.)
    • +
  • The allowlist is enforced at four layers: frontend, Firestore security rules, Cloud Storage rules, and the compilation backend
    • +
  • Per-project access controls enforce owner, editor, and viewer permission levels
    • +
+ +

Compilation Security

+
    +
  • LaTeX compilation runs in isolated Docker containers on Google Cloud Run
    • +
  • pdflatex is executed with -no-shell-escape to prevent arbitrary command execution
    • +
  • File paths are validated with regex and resolved path checks to prevent path traversal attacks
    • +
  • Rate limiting (10 compilations per 60 seconds per user) prevents abuse
    • +
  • Each compilation has a 30-second timeout and runs in a temporary directory that is cleaned up afterward
    • +
+ +

Backup and Redundancy

+

+ Firebase Firestore and Cloud Storage provide built-in data redundancy across multiple + Google Cloud availability zones. However, we strongly recommend maintaining local + backups of important work by regularly downloading your projects using the ZIP export + feature. +

+ +

Vulnerability Reporting

+

+ If you discover a security vulnerability in LaTeX Forge, please report it responsibly + by opening a security advisory + on GitHub. + We will investigate all reported security issues and work to address them promptly. + Please do not publicly disclose vulnerabilities until we have had an opportunity to + address them. +

+
+ + {/* ── Acceptable Use Policy ── */} +
+

Acceptable Use Policy

+ +

+ This policy outlines prohibited activities when using LaTeX Forge. Violation of this + policy may result in immediate suspension or termination of your account. +

+ +

System and Network Abuse

+

You may not:

+
    +
  • Probe, scan, or test the vulnerability of our systems or networks
    • +
  • Tamper with, breach, or circumvent any security or authentication measures
    • +
  • Access non-public areas of the service or other users' accounts without authorization
    • +
  • Interfere with or disrupt the service, servers, or networks (e.g., overloading, flooding, denial-of-service attacks)
    • +
  • Introduce or facilitate the spread of malware, viruses, or other harmful code
    • +
+ +

Automated Access

+

You may not:

+
    +
  • Use robots, scripts, spiders, scrapers, or other automated means to access the service
    • +
  • Crawl, scrape, or mine data from the service without explicit written permission
    • +
  • Use the service or its content for machine learning, model training, or AI-related purposes without permission
    • +
+ +

Compilation Resource Abuse

+

You may not:

+
    +
  • Use the LaTeX compilation service for purposes other than compiling LaTeX documents (e.g., cryptocurrency mining, running arbitrary programs)
    • +
  • Attempt to bypass compilation timeouts, rate limits, or resource restrictions
    • +
  • Submit files designed to exploit the compilation environment or access the underlying server
    • +
+ +

Content Violations

+

You may not upload, store, or share content that:

+
    +
  • Is unlawful, fraudulent, defamatory, or misleading
    • +
  • Infringes on copyrights, trademarks, or other intellectual property rights
    • +
  • Contains pornographic, obscene, or excessively violent material
    • +
  • Harasses, threatens, or invades the privacy of others
    • +
  • Contains another person's personal or sensitive information without their consent
    • +
+ +

Commercial Misuse

+

You may not:

+
    +
  • Resell, sublicense, or commercialize access to the service
    • +
  • Use the service to promote or advertise products or services
    • +
  • Impersonate any person or entity, or misrepresent your affiliation
    • +
+ +

Intellectual Property

+

You may not:

+
    +
  • Copy, modify, or create derivative works of the service itself (beyond what the GPL v3 license permits for the source code)
    • +
  • Decompile, disassemble, or reverse engineer any part of the service infrastructure
    • +
  • Remove or alter any proprietary notices, labels, or markings
    • +
+ +

Reporting Violations

+

+ If you become aware of any violation of this policy, please report it + to mmann1123@gmail.com or open an issue + on GitHub. +

+
+ +
+

+ LaTeX Forge is open-source software licensed under the GNU GPL v3. + Source code is available on GitHub. +

+
+
+
+ ); +} diff --git a/src/pages/Login.jsx b/src/pages/Login.jsx index f56bce0..7a84332 100644 --- a/src/pages/Login.jsx +++ b/src/pages/Login.jsx @@ -177,6 +177,13 @@ export default function Login() { );