What Dodl Notes is, and who holds the data
Dodl Notes is a Chrome extension teachers use to keep their own anecdotal notes. Students do not have accounts and never sign in or interact with it. The teacher decides what to write and which identifiers, if any, to use. Dodl Notes is built so that note content is readable only by the teacher who wrote it.
What is encrypted, and who can read notes
Note content is encrypted on the teacher's device with AES-GCM (256-bit) before it is stored or synced. The encryption key is derived from the teacher's password (PBKDF2, 310,000 iterations) and a recovery key, and never leaves the device in unencrypted form. Neither Dodl Notes nor Google can derive it.
At rest, the database stores only an encrypted blob plus sync metadata such as timestamps, a revision number, and a device id. It holds no plaintext student names, class names, or note text. Notes are grouped by class and student only after they are decrypted on the teacher's device. Data in transit is protected with HTTPS and TLS.
What data Dodl Notes handles
- Account: an email address and password (Google Firebase Authentication).
- Notes and workspace: stored only as client-side-encrypted ciphertext. It may contain whatever a teacher types, including observations and any identifiers the teacher chooses to include.
- Billing (Pro only): processed by Stripe. Dodl Notes stores limited billing metadata and never card numbers.
- Optional AI prompts and responses: de-identified text only, and only when a teacher uses an AI feature (see below).
- Optional diagnostics and usage data: used for reliability, switchable off by the teacher, and scrubbed of note content and identifiers (see below).
- Support messages you choose to send.
Where data is stored
Dodl Notes runs on Google Cloud and Firebase in the United States, with server functions in the us-central1 region. Account data, the encrypted workspace, and backups are stored in Google's United States infrastructure.
Sub-processors
- Google Firebase and Google Cloud (United States): authentication, encrypted storage, hosting, and server functions.
- Google Gemini API, paid tier (AI features only): receives only de-identified text. Under Google's paid Gemini API terms, Google does not use the prompts or responses to train its models, and applies only limited retention for abuse monitoring.
- Stripe: payment processing for Pro subscriptions.
Optional AI features, and what leaves the device
AI features are optional and can be turned off entirely. When a teacher uses one, Dodl Notes does not send the encrypted workspace. It first de-identifies the relevant note text on the device: it replaces student names with pseudonyms and redacts emails, phone numbers, links, dates, times, room, bus and locker references, named staff, named family members, and long verbatim quotes. It then re-scans the outgoing text and blocks the request entirely if any direct identifier remains. Only de-identified observation text is sent to the AI provider.
This de-identification is designed to remove direct identifiers before anything is sent, with the hard block as a backstop. It is thorough but heuristic, so it is not a guarantee. A teacher whose district has not approved an external AI provider can keep AI features turned off.
Data sharing, advertising, and model training
Dodl Notes does not sell personal data, does not use it for advertising, and does not build advertising profiles. Dodl Notes does not train its own models on your notes.
Retention and deletion
Teachers can permanently delete their data themselves. A reset, confirmed by typing "DELETE MY DATA," deletes the account's encryption keys. Once those keys are gone, any remaining encrypted data cannot be read by anyone, including us. Individual notes and stored snapshots can also be deleted. Server logs and any residual encrypted backups are kept only for normal operational and abuse-prevention purposes.
Data portability
Teachers can export a full copy of their data to a file, export reports to Google Docs (optional and revocable), and download an offline recovery file. Data can also be imported back into the extension.
Children's data
Dodl Notes is a tool for teachers, who are adults. Students do not create accounts or provide information to Dodl Notes directly. Dodl Notes does not knowingly collect personal information directly from children.
FERPA notes for your review
Sole-possession records. FERPA's definition of education records excludes records that are kept in the sole possession of the maker, used only as a personal memory aid, and not accessible or revealed to anyone else. Whether a given teacher's Dodl Notes notes meet that definition depends entirely on how they are created, used, and shared. Your school or district makes that determination.
School official exception. Districts that wish to designate Dodl Notes as a "school official" under the district's direct control, or that require a data processing agreement, can contact us to discuss.
De-identification. The optional AI workflow is designed to transmit only de-identified data.
No self-certification. Dodl Notes does not certify its own FERPA compliance, because that determination depends on how your staff use it.
Security practices
Client-side AES-GCM encryption, a password and recovery-key model, per-account isolation enforced by database security rules, and auto-lock. Dodl Notes has not completed a third-party security audit such as SOC 2 or ISO 27001.
Using Dodl Notes in a FERPA-aligned way
For teachers whose districts have not adopted Dodl Notes formally, these practices keep usage low-risk:
- Use initials, codes, or identifiers as your district allows, rather than full names.
- If your district has not approved an external AI provider, keep AI features turned off.
- Treat Dodl Notes as your personal working notes, not the official student record.
- Follow your school, board, district, or organization privacy rules.
Contact for schools and districts
For privacy questions, a data processing agreement, or a deletion request, contact dodl.notes.extension@gmail.com.