Built so districts can say yes.
CoverMate handles staff data. We treat it the way you'd want your own kids' data handled.
School-level data isolation
Every row in our database is tagged with your school ID and enforced by row-level security rules in Postgres. Other schools cannot see, query, or join against your data — even if someone tried.
Single sign-on
Sign in with Google or Microsoft. Passwords never touch our servers. Revoking a teacher's Google account revokes their CoverMate access immediately.
Encryption everywhere
TLS 1.2+ in transit. AES-256 at rest. Database backups are encrypted and stored across multiple regions.
Full audit log
Every change — who edited a duty, who claimed coverage, who approved a swap — is recorded with actor, timestamp, and diff. Admins can export the log anytime.
Least-privilege roles
Staff see only their duties and their school's marketplace. Admins manage their own school only. Platform-level support access is separate, logged, and time-boxed.
Responsible disclosure
Found a vulnerability? Email security@covermate.app. We respond within 24 hours and credit researchers who follow responsible disclosure.
What we collect
Staff profiles: name, school email, role (admin/staff). That's the minimum to make scheduling work.
Schedule data: the duties, assignments, holidays, and coverage requests admins and staff create inside the app.
No student data, ever. CoverMate is a staff-only tool. We don't collect, store, or process student records.
Need a signed Data Processing Addendum (DPA) for your district? Email colton@covermate.app — we'll send one over.
Talk to security or procurement
We answer security questionnaires fast and we don't hide behind sales gates.
Get in touch