Archiet + PostHog — product analytics that won't get you a GDPR finding

What gets generated

Frontend SDK initialisation

// frontend/src/lib/analytics.ts
import posthog from "posthog-js"

export function initAnalytics() {
  if (!process.env.NEXT_PUBLIC_POSTHOG_KEY) return
  posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY, {
    api_host: process.env.NEXT_PUBLIC_POSTHOG_HOST || "https://eu.i.posthog.com",
    autocapture: false,           // explicit per-event tracking only
    capture_pageview: false,      // we capture pageviews manually after consent check
    session_recording: {
      maskAllInputs: true,
      maskTextSelector: "[data-mask]",
    },
    persistence: "memory",        // no cookies until consent
    sanitize_properties: scrubPII,
  })
}

Consent gating

A <ConsentGate> component wraps the analytics initialiser. PostHog only initialises after the user has accepted analytics cookies (the cookie banner is generated as part of GDPR overlay).

Identity stitching

After login, the user's anonymized ID is sent via posthog.identify(). The pre-login anonymous events are stitched to the identified user. On logout or account deletion, posthog.reset() is called and the PostHog identity is severed.

Right-to-erasure

When a user deletes their account, the generated app/services/data_export_service.py includes a step that calls PostHog's delete-person API to remove the user's events (or at least anonymise them depending on your PostHog plan).

Feature flags

PostHog's feature flags are wired with both server-side evaluation (Python SDK on backend) and client-side evaluation (JS SDK on frontend). Server-side is the source of truth for sensitive flags; client-side is for UI variants.

Session recording

Off by default. When enabled, every input is masked unless explicitly tagged data-mask="false". URLs with PII (e.g. /users/123/profile) are sanitized to /users/{id}/profile before being sent.

What ships in docs/

• docs/decisions/ADR-0016-product-analytics-posthog.md — PostHog vs Mixpanel vs Amplitude, with rejected alternatives discussed
• docs/compliance/posthog-gdpr-notes.md — consent flow, identity-stitching boundaries, right-to-erasure flow
• docs/setup/eu-data-residency.md — using eu.i.posthog.com for EU users

Environment variables generated

NEXT_PUBLIC_POSTHOG_KEY=phc_...
NEXT_PUBLIC_POSTHOG_HOST=https://eu.i.posthog.com    # or https://us.i.posthog.com
POSTHOG_SERVER_KEY=phx_...                            # server-side feature flags

PostHog documentation references

• JS SDK
• Identifying users
• Session recording
• Feature flags
• GDPR compliance

Internal links

• Analytics dashboard use case for the in-product analytics counterpart
• for/martech

CTA

Try it — free plan, no credit card. archiet.com.

Generate a codebase with PostHog wired plus the consent gate and identity stitching, decide if it's the analytics shape your DPO would accept.