← Back to home
🔒

Privacy Policy

ShortHand is built by a teacher who understands how sensitive student data is. This policy explains exactly what we collect, why, and how we protect it.

Last updated: June 2026

The short version
  • We only collect what you put in. ShortHand doesn't gather browsing data, device fingerprints, or anything beyond what you actively type or import.
  • Your data is encrypted. All data is stored on Supabase, which is SOC 2 Type II certified and encrypts data at rest with AES-256. Data in transit is protected by HTTPS.
  • Other teachers can't see your students. Row-level security means every query is scoped to your account only — no other teacher can access your data. As the operator, I technically have access to the database, but I commit to never looking at your data unless you ask me to (for example, to help fix a problem).
  • We comply with the Student Privacy Pledge. We do not sell student data, use it for advertising, or share it with third parties beyond what's needed to run the app.
👤
Who This Applies To
ShortHand is a classroom management tool for teachers. When you create an account, you are the user. Student data you enter (names, notes, parent communications) is entered by you, the teacher, and is stored under your account only.
📋
What We Collect
Your account: Your email address and password (managed securely by Supabase Auth).

Student data you enter: Student names, class periods, behavioral notes, birthday info, parent contact details, and photo URLs, all entered or imported by you.

Google Classroom (optional): If you connect Google Classroom, we access your course list and student names, emails, and profile photos to help you import your roster. We store a token to keep you connected. You can disconnect at any time.

AI features:Some features use AI to turn your notes into polished text. See the “How ShortHand Uses AI” section below for full details.
🤖
How ShortHand Uses AI
ShortHand uses AI for two different kinds of tasks, and we handle each differently depending on how sensitive the data is.

Polishing your notes (reports, parent messages, summaries). When you generate a report comment, parent message, or note summary, ShortHand sends the note content using students' first names only — last names are never included, and parent contact details are never sent. These features use Groq as our primary AI provider, with Together AI as a backup if Groq is temporarily unavailable. Both providers are configured so your data is not used to train their models.

Organizing pasted lists (roster import, birthday import). These two features work by reading the text you paste in — which may include full student names, parent names, emails, and phone numbers — and organizing it into clean records. Because making sense of that messy text is the feature, the full pasted content is sent to AI. To protect this more sensitive data, these imports are processed by Groq only — they never fall back to any other provider. Groq is contractually prohibited from storing this data, training on it, or using it for any purpose beyond providing the service. If Groq is unavailable, roster import switches to basic on-device parsing (names only, no AI), and birthday import pauses until Groq is back — in neither case is your data sent to any other AI provider.

We never send student or parent data to AI for advertising or model training, and we don't sell your data.
🚫
What We Don't Do
We do not sell your data or student data to anyone. Ever.

We do not use student data for advertising.

We do not share your data with third parties except the services required to run the app (Supabase for database and auth, Groq and Together AI for AI features, Vercel for hosting, Upstash for rate limiting).

No other teacher can access your students' information. As the operator, I can access the database directly if needed for support, but I will never do so without your request.
🔐
How We Protect Your Data
All student data is stored on Supabase, which is SOC 2 Type II certified and encrypts all data at rest with AES-256.

All data is stored with Row Level Security (RLS) enabled, meaning every query is scoped to your account only — no other teacher can see your data. As the operator, I technically have access to the database, but I commit to never looking at your data unless you ask me to (for example, to help fix a problem).

All communication between the app and our servers uses HTTPS encryption.

API endpoints require authentication. Your session token is verified on every request.
🗑️
Your Rights
You can delete all your data at any time from within the app (Settings → Danger Zone → Factory Wipe).

You can permanently delete your account and all associated data from within the app (Settings → Danger Zone → Delete My Account).

You can export a copy of all your data at any time (Settings → Your Data → Export My Data).

You can disconnect Google Classroom at any time, which removes your stored Google tokens.
🌐
Third-Party Services
ShortHand uses the following third-party services to operate:

Supabase: database and authentication (privacy policy)
Groq: AI language model processing (privacy policy)
Together AI: backup AI provider for report and message generation (privacy policy)
Vercel: hosting and deployment (privacy policy)
Google: Google Classroom integration, optional (privacy policy)
🎓
Student Privacy Pledge
ShortHand follows the principles of the Student Privacy Pledge. This means:

We will never sell student data to anyone, for any reason.

We will never use student data for targeted advertising, not to students, parents, or anyone else.

We will never share student data with third parties beyond the services required to operate the app.

We will always allow teachers to delete their student data at any time.
🏫
For Schools & Districts
Need a Data Processing Agreement (DPA) for district approval? View our DPA →

Canadian teachers: Our DPA includes a section addressing PIPEDA and provincial privacy laws (BC FIPPA, Quebec Law 25). Data is stored on US servers. Schools with data residency requirements should contact us before signing up.
✉️
Contact
Questions about this policy or your data? Reach out anytime:

info@getshorthandapp.com

We're a small team and we'll respond personally.