Trust
Data handling
A source-backed inventory of what PostHog Pocket Dashboard stores, where it stores it, and how to remove it.
Storage inventory
The personal API key. It is never intentionally written to SQLite, UserDefaults, files, logs, or screenshots.
Configuration, cached JSON/query results, saved queries, saved chart definitions, dashboards, and related local records.
Widget event name, time range, refresh request, host, project ID, and project/event options. Not the API key.
Data in transit
The app uses URLSession to call the configured PostHog host. The personal API key is used as bearer authentication. Query text, filters, project identifiers, and returned analytics data therefore travel between the device and that PostHog host over the configured connection.
No app-owned relay is implemented. For a custom host, the deployment owner is responsible for DNS, TLS, reverse-proxy behavior, network logging, and the PostHog instance itself.
Caching
Response caching can be switched off. When enabled, cached responses use a local cache-duration setting from 1 minute to 24 hours. A stale result may remain useful for context, but it is not a substitute for a successful refresh when current state matters.
Deletion controls
- Use Delete API key to remove the credential from Keychain.
- Use Delete all local data to remove the SQLite cache and local definitions.
- Enable Also delete Keychain API key when deleting local data if both stores should be cleared together.
Security boundary
A personal API key can be powerful. Create a dedicated key, choose only the read scopes needed, and revoke it in PostHog when the device or workflow no longer needs access.