Security and Data Protection

1. Overview

DrillRoster is built for K–12 emergency accountability. We take security seriously and design the platform to protect school, staff, and student data.

2. Data Minimization

DrillRoster stores only what is necessary to run emergency roll calls and generate reports. We do not sell personal data and we do not use student information for advertising.

3. Encryption in Transit

Data is transmitted over HTTPS using modern TLS encryption.

4. Role-Based Access

Access is restricted by role (e.g., administrator vs. teacher). Users can only view information required to perform their job during a drill or incident.

5. Tenant Isolation

Each school operates in an isolated tenant environment. Data is scoped per tenant and is not shared across tenants.

6. Auditability

The system is designed to support accountability and documentation, including timestamps and user attribution for key roll-call actions.

7. Operational Security

• We maintain regular dependency and server updates.
• We use secure authentication and session practices.
• We monitor for abnormal activity and abuse patterns.

8. Vulnerability Reporting

If you believe you’ve found a security issue, please email security@drillroster.com. We will review and respond as quickly as possible.

‍