Back to sign inMySafetyTracker

Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes how Clever Solutions, Inc. (“we,” “us,” or “our”) handles information in connection with the Training Tracker application and related services (the “Service”). This Policy applies to information we collect through the Service and to business communications with prospective and current customers.

1. Our Role: Controller vs. Processor

Training Tracker is a multi-tenant service used by organizations (each a “Customer”) to manage training records for their personnel.

  • Employee and training records.When a Customer enters information about its employees (for example, employee name, completed trainings, or completion dates), the Customer is the controller of that information and we act as a processor on the Customer’s behalf. Individuals with questions about that data should contact the Customer directly.
  • Account holders. For personal information about administrators and other Authorized Users who sign in to the Service (for example, login email, password hash, session cookies, and audit entries tied to their actions), we act as the controller.

2. Information We Collect

2.1 Account information

When an administrator is provisioned, we collect the administrator’s email address, a hashed password, the Customer organization they belong to, and their assigned role (e.g., company user, company admin, platform admin). We also record whether the user must change their password on next login so we can enforce a first-login password change.

2.2 Customer Content

On behalf of the Customer, we store the training records the Customer enters into the Service, including:

  • employee records (such as name and any identifiers the Customer chooses to enter);
  • training completions (training name, date of completion, and linkage to an employee);
  • generated certificates of completion (PDF documents that reproduce Customer Content).

The Customer controls what fields it chooses to populate and is responsible for ensuring it has a lawful basis to provide that information to us.

Do not upload sensitive information.The Service is not designed to store highly sensitive personal information. Customers should not submit Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, protected health information under HIPAA, workers’ compensation medical details, immigration documents, union membership information, precise geolocation data, or other sensitive personal information unless we have expressly agreed to that use in writing.

2.3 Usage and log information

We collect routine technical information generated by the Service, including IP addresses of authenticated sessions, user-agent strings, timestamps of sign-in and key actions, error diagnostics, and — as we expand the Service — audit-log entries that record who performed a given action (for example, creating an employee record or generating a certificate).

2.4 Cookies and similar technologies

The Service uses cookies that are strictly necessary for authentication and session management, provided via our authentication platform (Supabase). We do not use advertising cookies, third-party analytics cookies, or cross-site tracking cookies. Browsers can usually be configured to refuse cookies, but disabling strictly necessary cookies will prevent sign-in from working.

2.5 Email and support communications

If you contact us for support or send us messages about the Service, we will receive the content of those messages along with your contact details and use them to respond and to improve the Service.

2.6 Privacy notice summary

The following table summarizes the main categories of personal information we may collect through the Service.

CategoryExamplesSourcePurposeShared With
Account informationAdministrator email address, hashed password, Customer organization, role, first-login password-change statusCustomer administrators, Authorized Users, and the ServiceAccount provisioning, authentication, authorization, and account securityAuthentication, database, hosting, and support providers as needed to operate the Service
Customer ContentEmployee names, employee identifiers chosen by the Customer, training names, completion dates, generated certificatesCustomer and Authorized UsersTraining-record management, certificate generation, auditability, support, and account administrationAuthorized Users within the Customer’s account and Sub-processors that operate the Service
Usage and log informationIP address, user-agent string, timestamps, sign-in events, audit entries, diagnosticsThe Service and user devicesSecurity, troubleshooting, abuse prevention, audit trails, and Service improvementHosting, database, logging, security, and support providers as needed to operate and secure the Service
Communications informationNames, email addresses, message content, support detailsProspective customers, Customers, Authorized Users, and other correspondentsResponding to inquiries, providing support, sales communications, and improving the ServiceEmail, support, hosting, and business-operations providers as needed to respond and maintain records

We do not sell personal information, share personal information for cross-context behavioral advertising, use Customer Content for advertising, or use Customer Content to train artificial-intelligence or machine-learning models.

3. How We Use Information

We use the information described above to:

  • provide, maintain, secure, and support the Service (including authenticating users, generating certificates, and enforcing tenant isolation);
  • detect, investigate, and prevent security incidents, abuse, and violations of our Terms of Service;
  • maintain audit trails and records of material actions taken in the Service;
  • communicate with Customer administrators about the Service (including service messages, security notices, and billing);
  • comply with legal obligations and enforce our rights; and
  • improve the Service, on aggregated or de-identified data that does not reasonably identify any individual.

We do not sell personal information, and we do not use Customer Content to train machine-learning models or for advertising.

4. How We Share Information

We share information only as described below.

  • Within the Customer’s organization. Customer Content is visible to Authorized Users of that Customer in accordance with their role. The Service uses row-level security and per-query tenant filtering to prevent cross-tenant access.
  • Sub-processors. We engage third parties to help operate the Service, including Supabase (authentication, database, and object storage), Railway (application hosting), and Mailgun (email). These providers process data only on our instructions and under contractual confidentiality and security commitments. A current sub-processor list is available on request.
  • Legal and safety. We may disclose information if we believe in good faith that disclosure is required by law, legal process, or to protect the rights, property, or safety of our users, our Customers, or others.
  • Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

5. Data Location and Storage

Customer Content and account information are stored in managed database and object-storage services operated by Supabase in the United States. Certificates generated by the Service may be persisted to object storage for audit purposes. Information may be processed in other locations where we or our sub-processors operate, subject to appropriate safeguards.

6. Security

We use administrative, technical, and organizational measures designed to protect information, including:

  • encryption of data in transit using industry-standard TLS;
  • encryption of data at rest as provided by our database and storage provider;
  • row-level security (RLS), server-resolved tenant scoping, and explicit tenant filters on every query to enforce isolation between Customers;
  • hashed password storage and forced password change on first login;
  • server-side verification of resource ownership on writes and regeneration of certificates from authoritative database values (not from client-supplied inputs);
  • rate-limiting of sensitive endpoints to prevent abuse; and
  • an audit log of material actions, surfaced to platform administrators.

No system is perfectly secure. We cannot guarantee the security of information transmitted to or stored in the Service.

7. Retention

We retain Customer Content for as long as the Customer’s account is active or as needed to provide the Service. On termination of the Customer’s account, we will delete Customer Content within sixty (60) days, except that (a) residual copies may persist in standard backup media for a limited retention cycle, and (b) we may retain information to comply with legal obligations, resolve disputes, and enforce our agreements. Account and audit records are retained for so long as needed for security and compliance purposes.

Customers can request export or deletion of specific records at any time through their administrator. Customers are responsible for exporting and retaining copies of training records, certificates, and other Customer Content as needed for their legal, regulatory, insurance, employment, and business recordkeeping obligations.

8. Your Rights and Choices

Depending on where you reside, you may have rights to access, correct, delete, or restrict processing of personal information, to object to processing, or to receive a portable copy of your information.

  • Employees of a Customer. If your employer uses Training Tracker to record your training completions, please contact your employer directly to exercise those rights. We will support our Customers in responding to such requests as processor.
  • Account holders. If you have a Training Tracker login, you can ask your Customer administrator to update or deactivate your account, or contact us at support@mysafetytracker.com.

9. International Transfers

If you access the Service from outside the country in which our servers are located, your information may be transferred across borders. Where required, we rely on appropriate transfer mechanisms, such as standard contractual clauses, to protect information in transit between jurisdictions.

10. Children

The Service is intended for use by organizations tracking training of their personnel and is not directed to children under 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us and we will take appropriate steps to delete it.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify Customer administrators through the Service or by email. Continued use of the Service after the effective date of an updated Policy constitutes acceptance of the updated Policy.

12. Contact Us

Questions or requests about this Policy may be directed to support@mysafetytracker.com or by mail to Clever Solutions, Inc., P.O. Box 2591, La Mesa, CA 91943, United States.