HogPocketHogPocket
FeaturesPricingPrivacyTermsSupport
Download Free
Legal

Privacy Policy

Last updated:

1. Introduction

Welcome to HogPocket ("we," "our," or "us"). HogPocket is an independent iOS application that allows you to view and interact with your own PostHog analytics instance directly from your mobile device. We are not affiliated with, endorsed by, or otherwise connected to PostHog, Inc.

This Privacy Policy describes what information we collect, how we use it, and the choices you have. We are committed to protecting your privacy. Because HogPocket is architecturally designed so that your analytics data never touches our servers, your privacy is built into the product itself — not bolted on afterward.

By downloading and using HogPocket, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the app.

2. Information We Collect

We collect only the minimum information necessary to provide the app's functionality and improve reliability. The categories below describe everything we collect.

2.1 API Keys (Stored Locally Only)

When you connect HogPocket to your PostHog instance, you provide a Personal API Key generated from your PostHog account settings. This key is stored exclusively on your device using platform-secure local storage (AsyncStorage backed by iOS data protection APIs). Your API key is never transmitted to our servers, never logged, and never shared with any third party other than the PostHog instance URL you specify.

If you configure multiple PostHog accounts, each account's API key is stored the same way — locally on device, isolated per account entry.

2.2 App Usage and Crash Data

To improve stability and diagnose crashes, we may collect anonymized diagnostic information including:

  • App crash reports (stack traces without personally identifiable information)
  • General feature usage patterns (e.g., which screens are visited most often)
  • Device model and iOS version (to reproduce device-specific bugs)
  • App version number

This data is anonymized and aggregated. It cannot be used to identify you personally and is used solely to improve the quality and reliability of the app.

2.3 Subscription Status

HogPocket offers a Pro subscription tier through Apple In-App Purchase. We receive confirmation of subscription status (active, expired, or in trial) from Apple StoreKit on-device, which allows us to unlock Pro features locally. We do not receive your Apple ID, payment method, or any financial details from Apple.

2.4 App Preferences and Settings

Your in-app preferences — theme settings, default account selection, notification preferences, refresh intervals, and similar options — are stored locally on your device using AsyncStorage. These are never synced to external servers.

3. Information We Do NOT Collect

We want to be explicit about what we do not collect, because transparency builds trust.

  • Your PostHog analytics data. We never access, store, process, or transmit any of the analytics events, user profiles, feature flag configurations, session recordings, or any other data held in your PostHog instance. This data flows exclusively between your device and your PostHog instance.
  • Your PostHog organization or project details. We do not collect your project names, team members, or any configuration details from your PostHog account beyond what is temporarily rendered on your device screen.
  • Your name, email address, or contact information. We do not require registration and do not collect personally identifiable contact information.
  • Location data. We do not request or collect your device's geographic location.
  • Contacts or camera data. We do not request access to your contacts, camera, or photo library.
  • Advertising identifiers. We do not use IDFA (Identifier for Advertisers) or any advertising SDK.

4. How Your Data Flows

Understanding the data flow is key to understanding your privacy guarantees. HogPocket uses a direct, serverless architecture:

Your Device ↔ Your PostHog Instance
No HogPocket server sits in between.

When you open a dashboard or query your analytics data, here is what happens:

  1. The app reads your API key from local storage on your device.
  2. The app constructs an HTTPS request directly to the PostHog API endpoint you configured (e.g., https://app.posthog.com or your self-hosted URL).
  3. PostHog's servers authenticate the request using your Personal API Key and return the requested data.
  4. The data is received and rendered on your device. It may be temporarily cached in local storage for offline access (see Section 5).
  5. No copy of the response is sent to us. We have no visibility into what data your PostHog instance returned.

This architecture means that your analytics data is as private as your own PostHog instance. Our servers are not a potential point of data breach for your analytics data, because we never hold it.

5. Local Storage

HogPocket stores several categories of data locally on your device. All of this data remains on your device and is subject to iOS's standard app sandboxing. It is deleted when you uninstall the app.

5.1 API Keys and Account Configuration

API keys and PostHog instance URLs are stored using AsyncStorage with iOS-level data protection (the data is encrypted at rest using the device's hardware encryption when the device is locked). Biometric or passcode protection on your device extends to protecting this data.

5.2 Cached Analytics Data

To support offline mode and reduce loading times, HogPocket caches the most recent API responses locally. This cache contains the same PostHog data you would see if you opened PostHog in a browser — your own analytics data. The cache is:

  • Stored only on your device
  • Subject to a configurable expiry (default: 1 hour)
  • Clearable at any time from the app's Settings screen
  • Deleted when you remove the app or sign out of an account

5.3 Notification Preferences

HogPocket uses local notifications only (powered by expo-notifications). Alert thresholds you configure (e.g., "notify me if conversion rate drops below 10%") are stored locally and evaluated on-device during the next data refresh. No push notification server is involved — no device token is registered with or transmitted to our servers.

5.4 User Preferences

UI preferences, selected default account, and other app settings are stored locally in AsyncStorage. They are not synced to iCloud or any external service.

6. Third-Party Services

HogPocket interacts with a limited set of third-party services. We have chosen these services carefully and describe their data practices below.

6.1 Apple App Store and StoreKit

Pro subscriptions are processed exclusively through Apple In-App Purchase. When you subscribe:

  • Your payment is handled entirely by Apple. We never see your credit card, Apple ID, or billing address.
  • Apple provides us with an on-device receipt confirming subscription status, which is verified locally.
  • Apple's own privacy policy applies to their collection and processing of your purchase data. Read Apple's Privacy Policy.

6.2 PostHog API

The app communicates directly with PostHog's API on your behalf. PostHog's handling of your data in their system is governed by PostHog's Privacy Policy. HogPocket does not alter or intercept this relationship — you are accessing your own PostHog account with your own API key.

6.3 Crash Reporting

We may use a privacy-respecting crash reporting SDK to receive anonymized crash reports. If we do, the SDK is configured to strip personally identifiable information before transmission, not collect device identifiers, and transmit data only over HTTPS. Any such service will be named here with a link to its privacy policy in future updates.

7. Data Security

We take the security of your data seriously and implement the following measures:

  • Encrypted local storage. API keys and cached data are stored using AsyncStorage backed by iOS data protection classes. Data is encrypted at rest when your device is locked.
  • HTTPS for all API calls. All network requests to your PostHog instance use HTTPS with TLS. The app enforces App Transport Security (ATS) and does not allow unencrypted HTTP connections to data endpoints.
  • No server-side storage of your data. Because we operate no backend server that handles your analytics data or API keys, there is no HogPocket server to compromise.
  • No third-party advertising SDKs. We do not embed advertising or social media SDKs that could extract data from your app session.
  • API key isolation. Each configured PostHog account is stored separately. A bug affecting one account cannot inadvertently expose another account's API key.

No method of data transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at support@hogpocket.app before disclosing it publicly. We take responsible disclosure seriously.

8. Children's Privacy

HogPocket is designed for product managers, developers, and analytics professionals who use PostHog in a professional or personal project context. The app is not directed at, designed for, or intended for use by children under the age of 13.

We do not knowingly collect any personal information from children under 13. If you believe a child has provided us with personal information, please contact us at support@hogpocket.app and we will take immediate steps to delete such information.

If you are located in the European Economic Area, the applicable age threshold may be higher (typically 16 in some member states) and we similarly do not knowingly collect data from minors below the applicable age.

9. Your Rights

Because most data related to your use of HogPocket lives exclusively on your device, you have direct, practical control over it.

9.1 Delete All Local Data

Uninstalling HogPocket from your device permanently deletes all API keys, cached analytics data, preferences, and notification settings stored by the app. This is the most complete form of data deletion available.

You can also clear the local cache and remove individual accounts from within the app's Settings screen without uninstalling.

9.2 GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access. You may request a copy of any personal data we hold about you.
  • Right to rectification. You may request correction of inaccurate data.
  • Right to erasure ("right to be forgotten"). You may request deletion of your personal data.
  • Right to data portability. You may request your data in a machine-readable format.
  • Right to object. You may object to processing based on legitimate interests.
  • Right to restrict processing. You may request that we limit processing of your data in certain circumstances.

Given our architecture, the primary personal data we might hold is anonymized crash/diagnostic data. To exercise any GDPR right, contact support@hogpocket.app. We will respond within 30 days.

9.3 CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Request deletion of your personal information
  • Opt out of the sale of your personal information
  • Non-discrimination for exercising your CCPA rights

We do not sell your personal information. To submit a CCPA request, contact support@hogpocket.app.

9.4 Opt Out of Diagnostic Data

If the app collects anonymized crash or usage diagnostics, you can opt out from the app's Settings screen under "Privacy & Diagnostics." Opting out will stop future diagnostic data collection; previously collected anonymized data may remain in our systems as it cannot be tied back to you.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the app's features, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a notice within the app on the next launch after the change
  • Where required by law, seek your consent before applying material changes

We encourage you to review this Privacy Policy periodically. Your continued use of PostHog Mobile after the effective date of a revised policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out:

We aim to respond to all privacy-related inquiries within 5 business days and no later than 30 days as required by applicable law.

See also: Terms & Conditions

Back to home