PostHog Inc.

United States

Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for up to 90 days, plus any relevant backup period. After this period, the account and related data will be removed. Customers that wish to voluntarily close their account should download their data manually or via the API prior to closing their account. If a customer account is involuntarily suspended, then there is a 30 day grace period during which the account will be inaccessible but can be reopened if the customer meets their payment obligations and resolves any terms of service violations. If a customer wishes to manually backup their data in a suspended account, then they must ensure that their account is brought back to good standing so that the user interface will be available for their use. After 30 days, the suspended account will be closed and the data will enter the “expired” state. It will be permanently removed up to 60 days thereafter, plus any relevant backup period (except when required by law to retain).

Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for up to 90 days, plus any relevant backup period. After this period, the account and related data will be removed. Customers that wish to voluntarily close their account should download their data manually or via the API prior to closing their account. If a customer account is involuntarily suspended, then there is a 30 day grace period during which the account will be inaccessible but can be reopened if the customer meets their payment obligations and resolves any terms of service violations. If a customer wishes to manually backup their data in a suspended account, then they must ensure that their account is brought back to good standing so that the user interface will be available for their use. After 30 days, the suspended account will be closed and the data will enter the “expired” state. It will be permanently removed up to 60 days thereafter, plus any relevant backup period (except when required by law to retain).

PostHog policy requires that: Data must be handled and protected according to its classification requirements and following approved encryption standards, if applicable. Whenever possible, store data of the same classification in a given data repository and avoid mixing sensitive and non-sensitive data in the same repository. Security controls, including authentication, authorization, data encryption, and auditing, should be applied according to the highest classification of data in a given repository. Employees shall not have direct administrative access to production data during normal business operations besides in the course of providing standard customer support. Exceptions include emergency operations such as forensic analysis and manual disaster recovery. All Production Systems must disable services that are not required to achieve the business purpose or function of the system. All access to Production Systems must be logged. All Production Systems must have security monitoring enabled, including activity and file integrity monitoring, vulnerability scanning, and/or malware detection, as applicable

United States, Germany

AWS

no

no

Customers contact our free support channel with request for deletion, we verify their identity and will delete it as soon as practicable and respond to the user.

yes

2024-04-18

yes

Google, Github, Gitlab, SAML

yes

no

support@posthog.com

no

no

no

no