PostHog is an open source project and collaborative community, as well as a company. This means that many portions of our Websites, including information you voluntarily provide, will be public-facing for the open sharing of innovative developments, ideas, and information that makes our collaborative community so great. While we are committed to open sharing, we strive to respect the privacy of individual community members and will minimize the information we collect and share. If you do not want to share your information, including personally identifiable information, with other community members and the public, please be thoughtful as to how you interact with our Websites and what information you provide through the Websites (for example, through creating a public profile, project contributions, comments, and blog posts).
We may provide additional information about our privacy practices in other places - for example, when we ask you to provide personal information in connection with a particular service or when you apply for a job with us.
What Information PostHog collects and why
Information from website visitors
Like most website operators, PostHog automatically collects i) technical information about your device including your device's internet protocol (IP) address; and (ii) information about your visit to our Websites (the referral URL, the content viewed and the content interacted with). Some of this information is collected using cookies and related technologies. See below for further information on these technologies. We collect this information to better understand how visitors use our Websites, to improve our Websites and experience for visitors, and to monitor the security of the Websites.
For logged-in users to PostHog deployments, PostHog also collects this information on our application using our own software, to help us understand how to make the deployments more useful for different categories of user.
Usage data information from self-managed PostHog instances
We may aggregate all information (including your personal information) collected from our Websites and self-managed installations for our own statistical and analytics purposes and share such aggregated information with third parties for our own promotional purposes (eg by publishing a report on trends in the usage of our Websites).
Information PostHog does not collect
PostHog does not intentionally collect sensitive or special category personal information, such as genetic data, biometric data for the purposes of uniquely identifying a natural person, health information, or religious information.
PostHog does not knowingly collect information from or direct any of our Website or content specifically to children under the age of 18. If we learn or have reason to suspect that a user is under the age of 18, we will close that account.
Lawful basis and purposes for processing your personal information
To fulfil a contract or take steps linked to a contract with you
We use your personal information to:
- administer access to your accounts;
- manage our customer relationships;
- process orders, provide our products and services and send you service related communications; and
- provide you with customer support.
We use your personal information:
- to improve and personalize your experience with us and our Websites and to tailor communications to you;
- to monitor and improve the performance of our products and services for administrative, security and fraud prevention purposes;
- for our own internal functions, management and corporate reporting, and internal research and analytics;
We may rely on your consent:
- Where you ask us to send marketing information (e.g. newsletter updates) via a medium where we need your consent under applicable law (for example email marketing in some countries);
- Where you give us consent to place cookies or similar technologies;
- On other occasions where we ask for your consent, for the purpose we explain at the time.
How PostHog uses and protects your personal information
Sharing your information
PostHog only shares your personal information with those of its employees, contractors, and affiliated organizations that (i) need to know that personal information in order to process it on PostHog's behalf or to provide services available on the Website, and (ii) that have agreed not to disclose it to others
Service Providers and partners. PostHog engages a number of service providers or partners to manage or support certain aspects of our business operations on our behalf. For instance, we currently use the following service providers who will handle your personal information:
- GitHub - open source repositories and internal project management tool
- Slack - internal communications tool
- Google Workspace - internal collaboration tools
- Mailchimp - email campaign service provider
- HubSpot - CRM database
- Clearbit - marketing data engine
- Orbit - community engagement platform
Our service providers and partners are required by contract to safeguard any personal information they receive from us and are prohibited from using the personal information for any purpose other than to perform the services as instructed by PostHog.
Legal Requirements. We may disclose personal information to government authorities or other third-parties if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a subpoena, court order or similar legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of any Website or the public, (d) protect against legal liability, (e) to investigate fraud or other unlawful activity, or (f) or as otherwise required or permitted by law.
Please note, email and IP addresses of users of a PostHog deployment may be shared with the respective users of that deployment.
PostHog takes measures reasonably necessary to protect your personal information against any unauthorized access, use, alteration, or destruction.
PostHog at its sole discretion may make use of company logos where those companies are using the software that we provide. If you have concerns over the use of your logo, please email [email protected].
International transfer of personal information
The Websites are hosted in the United States and the personal information we collect will be stored and processed on our servers in the United States. Our employees, contractors and affiliated organizations that process information for us as described above may be located in the United States or in other countries outside of your home country which may have different data protection standards to those which apply in your home country.
PostHog communications with you
If you are a registered user of the Websites and have supplied your email address, PostHog may occasionally send you an email to tell you about security, system information, new features, solicit your feedback, or just keep you up to date with what's going on with PostHog and our products. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum. There's an unsubscribe link located at the bottom of each of the marketing emails we send you so you can stop receiving such emails at any time.
If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish your request in order to help us clarify or respond to your request or to help us support other users. We will not publish your personal information in connection with your request.
Cookies, tracking technologies and Do Not Track
We may use third party tracking services, but we don’t use these services to track you individually or collect your personally identifiable-information. We may use these services to collect information about how the Website performs and how users navigate through and use the Website so we can monitor and improve our content and Website performance.
Third party tracking services gather certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, timestamp, and similar data about your use of the Website. We do not link this information to any of your personal information such as your user name.
Do Not Track
"Do Not Track" is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. PostHog does not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic tracking, which you may opt out of. Because we do not share this kind of data with third party services or permit this kind of third party data collection for any of our users, and we do not track our users on third-party websites ourselves, we do not need to respond differently to an individual browser's Do Not Track setting.
Global privacy practices and your rights
- provide clear methods of unambiguous, informed consent when we do collect your personal information and where required by applicable law;
- only collect the minimum amount of personal information necessary for the purpose it is collected for, unless you choose to provide us more;
- offer you simple methods of accessing, correcting, or deleting your information that we have collected, with the exception of information you voluntarily provide that is necessary to retain as is for the integrity of our project code as described further below; and
- provide Website users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement.
Where our affiliate within the UK processes your personal information or where we process personal information of individuals located in the EEA or the UK, you are entitled to the following rights with regards to your personal information:
- Right of access to your personal information, to know what information we hold about you.
- Right to correct any incorrect or incomplete personal information about yourself that we hold.
- Right to restrict/suspend our processing of your personal information.
- Right to complain to a supervisory authority if you believe your privacy rights are being violated. In the UK, this will be the Information Commissioner.
Additional rights that may apply to you in certain instances:
- Right of data portability (if our processing is based on consent or a contract and the processing carried out by automated means);
- Right to withdraw consent at any time (if processing is based on consent). If you ask to withdraw your consent, this will not affect any processing which has already taken place at that time.
- Right to object to processing (if processing is based on legitimate interests)
- Right to object to processing of personal data for direct marketing purposes
- Right of erasure of your personal data from our system (“right to be forgotten”) if certain grounds are met
These rights may be limited, for example if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
Where we collect personal information to administer your accounts or your contract with us or to comply with our legal obligations, this is mandatory and we will not be able to manage our relationship with you without this. In all other cases, the provision of requested personal information is optional, but this may affect your ability to participate in certain certain Website-related activities or being able to access and use certain features and services, where the information is needed for those purposes.
Data retention and deletion
If you already have an account on the Websites, you may access, update, alter, or delete your basic user profile information by logging into your account and updating profile settings.
We use Workable, an online application provided by Workable Software Limited, to assist with our recruitment process. We use Workable to process personal information as a data processor on our behalf. Workable is only entitled to process your personal data in accordance with our instructions.
Information we collect from applicants
Information we collect from you
We collect and process some or all of the following types of information from you:
- Information you provide when you apply for a role, including contact details such as name, email address, physical address, telephone number
- Information relating to your employment history such as resumé/CV, employment history, qualifications and skills
- If you contact us, we may keep a record of that correspondence
- A record of your progress through any hiring process that we may conduct
- Details of your visits to Workable’s Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Workable’s Website and the resources that you access.
Information we collect from other sources
- Workable provides PostHog with the ability to link the data you provide to us, with other publicly available information about you that you have published online, such as on LinkedIn, GitHub or other public social media profiles.
- Workable allows PostHog to search various databases which may include your personal data (include your CV or Resumé), to find possible candidates to fill our job openings. Where we find you in this way, we will obtain your personal data from these sources.
- We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally.
How we use applicant information
We only collect and use your personal information for the following purposes:
- To communicate with you about the role you have applied for and to manage the recruitment process
- To consider your application for potential future job opportunities
We will never use a candidate's personal information for marketing purposes.
Lawful basis and purposes for processing applicant personal information
If you are a national of countries in the European Economic Area (EEA), United Kingdom, or Switzerland, we collect and process your personal information on the following legal bases set out by applicable law:
Consent: We may ask you for your consent to process your personal information. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.
Legitimate Interest: We process certain personal information for our legitimate interests. These legitimate interests include, for example, running our recruitment process and managing applicants.
Compliance with Legal Obligations: In some cases, we may have a legal obligation to process your personal information, such as to meet our legal requirements or in response to a court or regulatory order. We also may need to process your personal information to protect vital interests, or to exercise, establish, or defend legal claims.
International data transfer of applicant data
Your personal information may be processed in the United States, the country where you have applied for a job, or any other country where PostHog has team members or operations.
PostHog may transfer, store, or process your personal information in a country outside your jurisdiction, including countries outside the European Economic Area (“EEA”), Switzerland, and the United Kingdom. If we transfer personal information from the EEA, Switzerland, or United Kingdom to a country outside it, such as the United States, we will enter into EU standard contractual clauses with the data importer, or take other measures to provide an adequate level of data protection.
In particular, your data may be accessible to i) Workable’s staff in the USA or ii) may be stored by Workable’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the United Kingdom and EEA. A Data Processor Agreement has been signed between Workable Software Limited and its overseas group companies, and between Workable Software Limited and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
How long we keep applicant personal data
We will hold all the data for 24 months. Prior to that, your personal information will be deleted if:
- You delete your personal information; or
- You write to us asking us to delete your personal information.
Your rights and choices as an applicant
Please see the section on Global Privacy Practices and Your Rights above.
Contacting PostHog about your privacy
The relevant data controller for any personal information processed in connection with our Websites or self-managed installations is PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114. If you apply for a job with us, the relevant data controller is the country-specific PostHog entity which will be your employer.
If your query is in connection with a job application, please email us at [email protected]
We have appointed an EU and UK representative who can also be contacted at [email protected].
If you have questions or concerns about the way we are handling your personal information, or would like to exercise your privacy rights, please email us with the subject line "Privacy Concern" at [email protected].
In most cases, we will respond within 30 days of receiving your message but please note for promptest response, we recommend emailing us.