Privacy controls

PostHog offers a range of controls to limit what data is captured by product analytics. They are listed below in order of least to most restrictive.

EU-cloud hosting

PostHog offers hosting on EU cloud. To use this, sign up at eu.posthog.com.

If you've already created a US cloud instance and wish to migrate ticket, you must raise a support ticket in-app with the Data pipelines topic for the PostHog team to do this migration for you. This option is only available to customers on the boost, scale or enterprise as it requires significant engineering time.

IP data capture

You can control whether client IP addresses are captured or discarded at both the organization and project levels. This helps ensure consistent privacy controls across all environments.

Organization-level defaults

Organizations can set a default IP data capture policy that automatically applies to all new projects. This eliminates the need to manually configure IP data capture settings for each new environment.

  • EU organizations: Automatically default to IP data capture disabled for GDPR compliance
  • US organizations: Can manually configure the default setting based on their privacy requirements
  • New projects: Automatically inherit the organization's IP data capture default setting
  • Existing projects: Are not affected by organization-level changes - they retain their current configuration

Configure this setting in Settings > Organization > General under the IP data capture default setting.

Project-level configuration

Individual projects can override the organization default by configuring their own IP data capture setting. This is useful when you have specific privacy requirements for a particular project or environment.

Configure at the project level in Settings > Project > General under the IP data capture configuration setting.

Disable sensitive information with autocapture

If you're using autocapture, PostHog automatically attempts to prevent sensitive data capture. We specifically only collect the name, id, and class attributes from input tags.

If there are specific elements you don't want to capture, add the ph-no-capture class name.

HTML
<button class='ph-no-capture'>Sensitive information here</button>

Sanitize properties on the client

You can sanitize properties on the client side by setting the before_send config option. This is a function that enables you to modify the properties before they are sent to PostHog. You can even reject events by returning null. For example:

Web
posthog.init('<ph_project_token>', {
    api_host: 'https://us.i.posthog.com',
    defaults: '2026-01-30',
    before_send: function(event) {
        if (event.properties['$current_url']) {
            event.properties['$current_url'] = null;
        }


        return event;
    }
});

Use the property filter app

You can use the property filter app to prevent PostHog from certain properties on events. For example, you can configure the app to remove all GeoIP data from events.

We've also put together a tutorial to help you get started with the app.

Cookieless tracking

It's possible to use PostHog without cookies. Instead, PostHog can use in-memory storage. For more details on how to do this, read our tutorial on how to set up cookieless tracking.

Complete opt-out

You can completely opt-out users from data capture. To do this, there are two options:

  1. Opt users out by default in your PostHog initialization config.

posthog.init('<ph_project_token>', {
    opt_out_capturing_by_default: true,
});

  1. Opt users out on a per-person basis.

posthog.opt_out_capturing()

Similarly, you can opt users in:

posthog.opt_in_capturing()

To check if a user is opted out:

posthog.has_opted_out_capturing()

Community questions

Was this page useful?

Questions about this page? or post a community question.