SafetyTrack

OSHA cards don't expire on you.

Track 1–25 workers' safety cards on one screen — no passwords, no spreadsheets. Works for OSHA-10, White Card, WHMIS, and any custom cert.

Available for crews in the US, Canada & Australia.

See the Dashboard Demo →

Work email

By signing in you agree to our Terms of Service, Privacy Policy, Cookie Policy, and Security Policy.

For training providers →

Legal & Security

Effective date: March 31, 2026

By using OSHA-10 Safety Card Tracker ("the Service") you agree to these terms.

The Service

Safety Card Tracker is a web-based tool for tracking worker safety certifications. It is provided as-is for informational record-keeping purposes only and does not constitute legal or safety compliance advice.

Your Account

Accounts are created by submitting a valid email address. You are responsible for maintaining access to that address. Accounts are tied to a single email and are non-transferable.

Acceptable Use

Use the Service only for lawful purposes
Enter only data you are authorized to manage
Do not attempt to access other users' data
Do not abuse, overload, or reverse-engineer the Service

Subscription & Billing

Pro plan subscriptions are billed through Stripe. You authorize Stripe to charge your payment method on the agreed schedule. Cancellation takes effect at the end of the current billing period. No refunds are issued for partial periods.

Your Data

You retain ownership of all worker and certification data you enter. We do not sell, share, or use your data for any purpose other than operating the Service. Your data is preserved upon cancellation.

Termination

We reserve the right to suspend or terminate accounts that violate these terms. You may close your account at any time by contacting support.

Limitation of Liability

To the maximum extent permitted by applicable law, Safety Card Tracker is not liable for any indirect, incidental, or consequential damages arising from your use of the Service.

Contact

support@osha10tracker.com

Effective date: March 31, 2026

What We Collect

Email address — provided at login; used for magic links and reminder emails
Worker and certification data — names, roles, cert types, dates, and notes you enter
Session data — a signed browser cookie that keeps you logged in
Payment data — handled entirely by Stripe; we never see or store your card number

How We Use It

To send your magic login link
To operate and display your dashboard, workers, and certifications
To send daily reminder emails (Pro plan, if you enable this)
To process subscription payments through Stripe

We Do Not

Sell your data to any third party
Use your data for advertising
Share worker data with anyone outside the Service

Third-Party Services

Stripe — payment processing (stripe.com/privacy)
Brevo — transactional email delivery

Data Retention

Your data is preserved when you cancel. To request full deletion of your account and data, contact support@osha10tracker.com.

Effective date: March 31, 2026

What Cookies We Use

Safety Card Tracker uses one cookie: a session cookie that keeps you logged in.

Required - the Service cannot function without it
First-party only - set by Safety Card Tracker, not any third party
HttpOnly and SameSite=Lax - protected against cross-site request forgery

What We Do Not Use

No tracking or analytics cookies
No advertising or remarketing cookies
No third-party pixels

Managing Cookies

Sign out to clear the session cookie. Blocking cookies in your browser will prevent login from working.

Last updated: March 31, 2026

Authentication

Safety Card Tracker uses passwordless magic link login — there is no password database to breach. Login tokens are hashed with SHA-256 before storage, expire after 15 minutes, and can only be used once.

Sessions

Sessions are maintained via a signed, HttpOnly, SameSite=Lax browser cookie. The session token is rotated on every new login, which invalidates any prior session on any other device.

Data Isolation

Every database query is scoped to your account. No user can access another user's workers or certifications — enforced at the query level, not just the UI.

Payment Security

Credit card data is handled entirely by Stripe (PCI-DSS Level 1 certified). We never see, transmit, or store your payment card number.

Transport Security

All traffic is served over HTTPS with TLS. Session cookies are only transmitted over secure connections in production.

Reporting a Vulnerability

Email support@osha10tracker.com. We respond within 2 business days.