This Privacy Policy explains how CoverGrid™ collects, uses, stores, and protects information when schools, boards, administrators, or staff use the CoverGrid™ website and teacher coverage management platform.
1. Information we may collect
Depending on how CoverGrid™ is used, we may collect:
- school or board name and contact information;
- administrator account information, including name, email address, and a unique user identifier linked to a Firebase Authentication account;
- teacher timetable, schedule, and availability information entered by authorized users;
- coverage assignment, absence, status, and reporting records, including the names of absent and covering teachers, periods, subjects, and rooms;
- action audit logs — records generated automatically during coverage operations that capture the acting user’s email address, a unique user identifier, timestamp, and the records acted upon (such as assignments, cancellations, and data restores);
- browser and device storage — teacher rosters, coverage history, user profile, school identifiers, and interface preferences are stored locally in your browser’s storage on the device used to access CoverGrid™. This data does not leave the device and is separate from data stored in the cloud database;
- technical information such as browser type, device information, and basic usage data.
2. How information is used
We use information to operate and improve CoverGrid™, including to manage teacher coverage workflows, generate reports, support users, improve reliability, and maintain security. Audit logs are used to support accountability, troubleshooting, and the investigation of data issues within a school’s own records.
3. School and staff data
School and staff data entered into CoverGrid™ is used only for the purpose of providing teacher coverage management services to the authorized school or board. CoverGrid™ does not sell school or staff data.
4. Sharing of information
Information may be shared only when required to provide the service, comply with legal obligations, protect security, or with authorized direction from the school, board, or account administrator.
5. Data storage and security
CoverGrid™ uses reasonable administrative, technical, and organizational safeguards to protect information against unauthorized access, loss, misuse, or alteration. These include:
- Firebase Authentication to verify user identity before any access to school data is permitted;
- Firestore security rules that enforce server-side data isolation between schools and boards;
- subresource integrity (SRI) verification on third-party scripts loaded by the application, so that modified scripts are rejected by the browser;
- input escaping throughout the interface to protect against injection of unintended content;
- an audit log of administrative actions within each school’s account.
No online service can guarantee absolute security, but we aim to use practical protections appropriate for school operations.
6. Data retention
Data stored in the CoverGrid™ cloud database is retained while an account is active. When a school or board account is closed, or upon a verified administrator request, data associated with that account will be deleted, subject to any applicable legal or record-retention requirements.
Data cached in your browser’s local storage persists on the device until cleared by the user or administrator through the browser’s settings. This data is under the control of the device owner.
7. Access, correction, and deletion
Authorized school or board administrators may request access to, correction of, or deletion of information associated with their CoverGrid™ account, subject to operational, legal, or record-retention requirements.
8. Cookies and tracking
CoverGrid™ does not use advertising cookies, behavioural tracking, or analytics tools that profile users. No third-party advertising or analytics SDKs are loaded by the application.
Firebase Authentication, used for sign-in, may set session-related cookies on your device as part of its standard authentication process. These cookies are necessary for maintaining a secure login session and are not used for advertising or behavioural profiling.
9. Third-party services
CoverGrid™ relies on the following third-party services to operate the platform:
- Firebase (Google) — provides user authentication and the cloud database (Firestore) where all school data, teacher records, and coverage history are stored. Data is processed under Google’s terms and stored in Google Cloud infrastructure. Firebase is the primary data processor for CoverGrid™.
- Jotform — provides the AI support assistant embedded in the application interface. When a user interacts with the assistant, that conversation may be processed by Jotform’s servers and is subject to Jotform’s own privacy policy. Users are not required to interact with the assistant.
- ExcelJS (jsDelivr CDN) — a script library loaded to support spreadsheet export features. The library is verified using a cryptographic integrity check (SRI hash) before execution.
- Email (mailto) — coverage notification emails are generated as mailto: links and sent from the administrator’s own email client. CoverGrid™ does not transmit emails directly and has no access to email content after a link is opened.
10. Changes to this policy
This Privacy Policy may be updated from time to time. The updated version will be posted on this page with a revised “Last updated” date.
11. Contact
Questions about this Privacy Policy can be sent to info@covergrid.ca.