Skip to content

Stop sending voice transcripts and AI responses to PostHog#81

Open
sat-sat wants to merge 1 commit into
farzaa:mainfrom
sat-sat:fix/posthog-transcript-privacy
Open

Stop sending voice transcripts and AI responses to PostHog#81
sat-sat wants to merge 1 commit into
farzaa:mainfrom
sat-sat:fix/posthog-transcript-privacy

Conversation

@sat-sat
Copy link
Copy Markdown

@sat-sat sat-sat commented May 3, 2026

Problem

trackUserMessageSent and trackAIResponseReceived in ClickyAnalytics.swift
were sending the full verbatim text of every user voice transcript and every
Claude response to PostHog. For an app that captures screen and voice, users
reasonably expect that conversation content stays on their device.

Fix

Remove the transcript and response properties from the two analytics events.
The character_count property is retained in both — this preserves useful usage
metrics (response length trends, input length) without exposing any content.

Changes

  • ClickyAnalytics.swift: remove "transcript" from user_message_sent event
  • ClickyAnalytics.swift: remove "response" from ai_response_received event

@sat-sat
Stop sending voice transcripts and AI responses to PostHog
eeb5065 
User transcripts and Claude responses were being sent verbatim to
PostHog analytics, exposing private conversation content to a
third-party service. Retain character_count for usage metrics only.
@sat-sat
Copy link
Copy Markdown
Author

sat-sat commented May 3, 2026

Hey @farzaa — just curious, was there a specific reason for sending full transcripts and responses to PostHog? Given that Clicky has access to the user's screen and voice, I think keeping conversation content off third-party servers is important for user trust. If there's specific analytics signal you were hoping to get from the content, let me know and I'm happy to add something more privacy-preserving to this PR.

khaledmhirsi
khaledmhirsi approved these changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown

@khaledmhirsi khaledmhirsi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed this as the privacy-focused low-hanging PR.

This is scoped correctly: it removes the raw user transcript and raw AI response from the two PostHog events while keeping character_count, so product analytics still preserve input/output length trends without shipping conversation content to PostHog.

I checked this against PostHog's current privacy/data-collection guidance: their docs recommend preventing sensitive data before it reaches PostHog servers and call out private-by-default collection for sensitive text. This PR aligns with that shape.

Validation I ran locally on the PR branch:

  • rg -n '"transcript"\s*:|"response"\s*:' leanring-buddy/ClickyAnalytics.swift returned no matches.
  • git diff --check origin/main...HEAD passed, and the diff is exactly leanring-buddy/ClickyAnalytics.swift | 2 --.
  • swiftc -parse leanring-buddy/*.swift passed.
  • gh pr view 81 --repo farzaa/clicky --json state,isDraft,mergeable,mergeStateStatus reports open, not draft, mergeable, and clean.

Docs reference: https://posthog.com/docs/privacy/data-collection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@khaledmhirsi khaledmhirsi khaledmhirsi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sat-sat @khaledmhirsi