Your school's data, protected by design
Security isn't an afterthought at CoverMyClass. It's the foundation everything is built on. Here's how we protect your school.
GDPR compliant by designWe only collect what's needed
No student data is collected — ever. Teacher data is limited to professional information (school email, department, role). We follow the principle of data minimisation rigorously.
School workspaces are private
Each school has its own isolated workspace. Data is never shared between schools, even within a MAT. Role-based access ensures staff only see what's relevant to their role.
URN/DfE verified schools only
Only verified UK schools can register. We validate school identity through URN/DfE numbers, preventing unauthorised access and fake accounts.
Role-based permissions
Admins, teachers, and cover staff each have appropriate access levels. Invite codes control onboarding. All activity is logged and auditable.
Explicit, informed consent
GDPR consent is required during setup — no pre-checked boxes. Users can access, export, or delete their data at any time. We never sell data to third parties.
UK-hosted infrastructure
All school data is hosted within the United Kingdom. Encrypted in transit and at rest. Regular security audits and penetration testing ensure ongoing protection.
Need security documentation for procurement?
We can provide a Data Processing Agreement (DPA), Data Protection Impact Assessment (DPIA), and detailed security documentation for your school's procurement process.
Request security documentation