Age-appropriate moderation
Server-side profanity, contact-info, and URL detection runs on every message and announcement. Org admins can dismiss flags; students cannot un-flag their own posts.
Safety isn’t a feature — it’s the foundation of every shared neighborhood. Covol is built on a digital commons that preserves the integrity of local voices while maintaining an uncompromising standard for privacy and data sovereignty.
A commitment to civic innovation and secure public infrastructure.
We use Supabase Row Level Security (RLS) so your data stays your data. Every transaction between user and database is governed by identity-based policies that prevent unauthorized access at the kernel level.
Row-level security
Every table has Supabase RLS policies tied to auth.uid(). A bug in any server action cannot expose another user's data — Postgres refuses to return it.
Boolean location masking
We never persist your raw GPS. The check-in route stores within_geofence: true/false plus a timestamp — enough to verify presence, not enough to map your day.
Server-side profanity, contact-info, and URL detection runs on every message and announcement. Org admins can dismiss flags; students cannot un-flag their own posts.
Volunteers rate orgs and orgs rate volunteers, but only for events with verified attendance. A 7-day edit window lets cool heads prevail; everything else is locked.
Approval, rejection, deletion, and message-flag actions write to an audit_log table that's revoked from authenticated/anon. Only platform admins can read it.