The short version
- We only collect what you put in. ShortHand doesn't gather browsing data, device fingerprints, or anything beyond what you actively type or import.
- Your data is encrypted. Everything is stored with AES-256 encryption in a SOC 2 Type II certified data center. Data in transit is protected by HTTPS.
- We never see student names. Student records are locked behind your login. Row-level security means only your account can access your students — not us, not other teachers.
- We comply with the Student Privacy Pledge. We do not sell student data, use it for advertising, or share it with third parties beyond what's needed to run the app.
👤
Who This Applies To
ShortHand is a classroom management tool for teachers. When you create an account, you are the user. Student data you enter — names, notes, mood check-ins — is entered by you, the teacher, and is stored under your account only.
📋
What We Collect
Your account: Your email address and password (managed securely by Supabase Auth).
Student data you enter: Student names, class periods, behavioral notes, mood check-ins, birthday info, parent contact details, and photo URLs — all entered or imported by you.
Google Classroom (optional): If you connect Google Classroom, we access your course list and student names, emails, and profile photos to help you import your roster. We store a token to keep you connected. You can disconnect at any time.
AI features: When you use AI-generated reports or summaries, the relevant notes are sent to our AI provider (Groq) to generate the response. No student data is stored or used for training by our AI providers.
🚫
What We Don't Do
We do not sell your data or student data to anyone — ever.
We do not use student data for advertising.
We do not share your data with third parties except the services required to run the app (Supabase for database and auth, Groq for AI features, Vercel for hosting, Upstash for rate limiting).
We do not allow anyone other than you to access your students' information.
🔐
How We Protect Your Data
All student data is stored in a SOC 2 Type II compliant data center with AES-256 encryption.
All data is stored with Row Level Security (RLS) enabled — meaning every query is scoped to your account only. No teacher can see another teacher's data.
All communication between the app and our servers uses HTTPS encryption.
API endpoints require authentication — your session token is verified on every request.
🗑️
Your Rights
You can delete all your data at any time from within the app (Settings → Danger Zone → Factory Wipe).
You can permanently delete your account and all associated data from within the app (Settings → Danger Zone → Delete My Account).
You can export a copy of all your data at any time (Settings → Your Data → Export My Data).
You can disconnect Google Classroom at any time, which removes your stored Google tokens.
🌐
Third-Party Services
ShortHand uses the following third-party services to operate:
Supabase — database and authentication (
privacy policy)
Groq — AI language model processing (
privacy policy)
Vercel — hosting and deployment (
privacy policy)
Google — Google Classroom integration, optional (
privacy policy)
🎓
Student Privacy Pledge
ShortHand follows the principles of the Student Privacy Pledge. This means:
We will never sell student data to anyone, for any reason.
We will never use student data for targeted advertising — not to students, parents, or anyone else.
We will never share student data with third parties beyond the services required to operate the app.
We will always allow teachers to delete their student data at any time.
🏫
For Schools & Districts
Need a Data Processing Agreement (DPA) for district approval?
View our DPA →✉️
Contact
Questions about this policy or your data? Reach out anytime:
hello@getshorthand.appWe're a small team and we'll respond personally.