PostHog offers a range of controls to limit what data is captured by product analytics. They are listed below in order of least to most restrictive.
EU-cloud hosting
PostHog offers hosting on EU cloud. To use this, sign up at eu.posthog.com.
If you've already created a US cloud instance and wish to migrate ticket, you must raise a support ticket in-app with the Data pipelines topic for the PostHog team to do this migration for you. This option is only available to customers on the team or enterprise plan as it requires significant engineering time.
Disable sensitive information with autocapture
If you're using autocapture, PostHog automatically attempts to prevent sensitive data capture. We specifically only collect the name
, id
, and class
attributes from input tags.
If there are specific elements you don't want to capture, add the ph-no-capture
class name.
<button class='ph-no-capture'>Sensitive information here</button>
Sanitize properties on the client
You can sanitize properties on the client side by setting the before_send
config option. This is a function that enables you to modify the properties before they are sent to PostHog. You can even reject events by returning null
. For example:
Use the property filter app
You can use the property filter app to prevent PostHog from certain properties on events. For example, you can configure the app to remove all GeoIP data from events.
We've also put together a tutorial to help you get started with the app.
Cookieless tracking
It's possible to use PostHog without cookies. Instead, PostHog can use in-memory storage. For more details on how to do this, read our tutorial on how to set up cookieless tracking.
Complete opt-out
You can completely opt-out users from data capture. To do this, there are two options:
- Opt users out by default in your PostHog initialization config.
posthog.init('<ph_project_api_key>', {opt_out_capturing_by_default: true,});
- Opt users out on a per-person basis.
posthog.opt_out_capturing()
Similarly, you can opt users in:
posthog.opt_in_capturing()
To check if a user is opted out:
posthog.has_opted_out_capturing()