Security
CauseTrack is built to support safety and incident-management workflows with role-based access, audit history, retention controls, exports, and established third-party infrastructure providers. This page describes the current product posture at a high level. It is not a certification statement.
Product controls
- Role-based access for organisation admins, managers, investigators, and reporters
- Invite-only organisation membership
- Audit logging and exportable audit history
- Attachment storage caps and usage tracking by plan
- Retention controls by plan
- Health and monitoring integrations through external providers
Infrastructure providers
CauseTrack currently uses Clerk for authentication, Neon for database hosting, Cloudflare R2 for file storage, Resend for transactional email, Sentry for error monitoring where enabled, and Stripe, Paddle, or Lemon Squeezy for billing depending on configuration.
Compliance positioning
CauseTrack supports OSHA and RIDDOR-style incident documentation workflows, but CauseTrack does not currently claim formal certification or legal compliance for frameworks such as GDPR, SOC 2, ISO 27001, HIPAA, OSHA, or RIDDOR.
Security contact
For security questions, vulnerability disclosure, or customer security reviews, contact the team via security@causetrack.com.