# Privacy controls - Docs

PostHog offers a range of controls to limit what data is captured by product analytics. They are listed below in order of least to most restrictive.

## EU-cloud hosting

PostHog offers hosting on EU cloud. To use this, sign up at [eu.posthog.com](https://eu.posthog.com).

If you've already created a US cloud instance and wish to migrate ticket, you must raise a [support ticket in-app](https://us.posthog.com/home#supportModal) with the **Data pipelines** topic for the PostHog team to do this migration for you. This option is **only available to customers on the boost, scale or enterprise** as it requires significant engineering time.

## IP data capture

You can control whether client IP addresses are captured or discarded at both the organization and project levels. This helps ensure consistent privacy controls across all environments.

### Organization-level defaults

Organizations can set a default IP data capture policy that automatically applies to all new projects. This eliminates the need to manually configure IP data capture settings for each new environment.

-   **EU organizations**: Automatically default to IP data capture disabled for GDPR compliance
-   **US organizations**: Can manually configure the default setting based on their privacy requirements
-   **New projects**: Automatically inherit the organization's IP data capture default setting
-   **Existing projects**: Are not affected by organization-level changes - they retain their current configuration

Configure this setting in **Settings** > **Organization** > **General** under the **IP data capture default** setting.

### Project-level configuration

Individual projects can override the organization default by configuring their own IP data capture setting. This is useful when you have specific privacy requirements for a particular project or environment.

Configure at the project level in **Settings** > **Project** > **General** under the **IP data capture configuration** setting.

## Disable sensitive information with autocapture

If you're using [autocapture](/docs/product-analytics/autocapture.md), PostHog automatically attempts to prevent sensitive data capture. We specifically only collect the `name`, `id`, and `class` attributes from input tags.

If there are specific elements you don't want to capture, add the [`ph-no-capture`](/docs/product-analytics/autocapture.md#preventing-sensitive-data-capture) class name.

HTML

PostHog AI

```html
<button class='ph-no-capture'>Sensitive information here</button>
```

## Sanitize properties on the client

You can sanitize properties on the client side by setting the `before_send` [config](/docs/libraries/js/config.md) option. This is a function that enables you to modify the properties before they are sent to PostHog. You can even reject events by returning `null`. For example:

Web

PostHog AI

```javascript
posthog.init('<ph_project_token>', {
    api_host: 'https://us.i.posthog.com',
    defaults: '2026-01-30',
    before_send: function(event) {
        if (event.properties['$current_url']) {
            event.properties['$current_url'] = null;
        }
        return event;
    }
});
```

## Use the property filter app

You can use the [property filter app](/docs/cdp/property-filter.md) to prevent PostHog from certain properties on events. For example, you can configure the app to remove all GeoIP data from events.

We've also put together a [tutorial](/tutorials/property-filter.md) to help you get started with the app.

## Cookieless tracking

It's possible to use PostHog without cookies. Instead, PostHog can use in-memory storage. For more details on how to do this, read our tutorial on [how to set up cookieless tracking](/tutorials/cookieless-tracking.md).

## Complete opt-out

You can completely opt-out users from data capture. To do this, there are two options:

1.  Opt users out by default in your PostHog initialization config.

PostHog AI

### Web

```javascript
posthog.init('<ph_project_token>', {
    opt_out_capturing_by_default: true,
});
```

### iOS

```swift
let config = PostHogConfig(apiKey: "<ph_project_token>", host: "https://us.i.posthog.com")
config.optOut = true
PostHogSDK.shared.setup(config)
```

### Android

```java
val config = PostHogAndroidConfig(
    apiKey = <ph_project_token>,
    host = https://us.i.posthog.com
)
config.optOut = true
PostHogAndroid.setup(this, config)
```

### React Native

```jsx
posthog.init('<ph_project_token>', {
    opt_out_capturing_by_default: true,
});
```

2.  Opt users out on a per-person basis.

PostHog AI

### Web

```javascript
posthog.opt_out_capturing()
```

### iOS

```swift
PostHogSDK.shared.optOut()
```

### Android

```java
PostHog.optOut()
```

### React Native

```jsx
posthog.opt_out_capturing()
```

Similarly, you can opt users in:

PostHog AI

### Web

```javascript
posthog.opt_in_capturing()
```

### iOS

```swift
PostHogSDK.shared.optIn()
```

### Android

```java
PostHog.optIn()
```

### React Native

```jsx
posthog.opt_in_capturing()
```

To check if a user is opted out:

PostHog AI

### Web

```javascript
posthog.has_opted_out_capturing()
```

### iOS

```swift
PostHogSDK.shared.isOptOut()
```

### Android

```java
PostHog.isOptOut()
```

### React Native

```jsx
posthog.has_opted_out_capturing()
```

### Community questions

Ask a question

### Was this page useful?

HelpfulCould be better