PostHog
Product analytics — pageviews, sessions and unique users — read-only via HogQL.
Why founders connect PostHog
PostHog gives you deep product analytics, but checking it daily just to answer 'did traffic go up or down?' is overkill. Fold pulls your daily pageview, user, and session counts into the same view as your revenue and marketing data — so you can spot correlations across channels without switching tools.
How your data flows
From PostHog to your Fold dashboard
This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.
PostHog API
Encrypted API key
Your API key is stored encrypted (AES-256) in our database. It is sent only to PostHog's API over TLS 1.3 and never logged.
Read-only API requests
3 HTTP GET calls per sync
Fold makes 3 read-only requests to PostHog's API — the exact endpoints are documented in the section below. No write requests are ever made.
Filter & aggregate
Personal data stripped before storage
The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.
Stored in your account
AES-256 at rest · row-level isolation
The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.
Shown in your dashboard
Overview · Analytics · AI Digest
The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.
Step 1 — How you connect
The exact connection flow
Here is precisely what happens when you connect PostHog to Fold, step by step.
- 1Go to your PostHog project → Settings → Project API Keys.
- 2Create a new Personal API Key — name it "Fold Analytics" and select your project.
- 3Copy the key and paste it into Fold's Settings tab, along with your PostHog project ID.
- 4Fold validates the key, runs a test HogQL query, and performs an initial sync.
- 5Revoke the key from PostHog at any time to immediately stop all access.
Step 2 — Permissions we request
Exactly what access Fold asks for
We request the minimum permissions needed. No more.
- Personal API Key (project-scoped) — read access to PostHog query API (HogQL).
- Fold queries aggregate event counts only. No user-level data or session recordings are requested.
- No write access. Fold cannot create events, modify feature flags, or alter your PostHog project.
Step 3 — API calls Fold makes
Every request we send to PostHog
These are the exact API endpoints Fold calls during each sync, and why.
POST /api/projects/{id}/query — HogQL: SELECT count() FROM events WHERE event='$pageview'
Total pageview event count for the period.
POST /api/projects/{id}/query — HogQL: SELECT count(DISTINCT distinct_id) FROM events
Unique user (distinct person) count for the period.
POST /api/projects/{id}/query — HogQL: SELECT count() FROM events WHERE event='$session_start'
Session count (number of unique sessions started) for the period.
API impact: Fold runs 3 HogQL queries per sync. Each query is a simple COUNT aggregation with a date filter and typically completes in under 500ms. This is negligible relative to PostHog's API limits.
What we store
Exactly what lands in our database
Every field we persist — with a real example and the reason it exists. Nothing more is stored.
| Field | Example value | Why we store it |
|---|---|---|
| Pageview count (day) | 3,420 pageviews on 2025-04-23 | Product traffic KPI tile. |
| Unique users (day) | 1,840 users on 2025-04-23 | Active user count metric. |
| Session count (day) | 2,110 sessions on 2025-04-23 | Engagement depth metric. |
What a daily sync actually stores
One day's record — verbatim
This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.
{
"date": "2025-04-23",
"pageviews": "3420",
"unique_users": "1840",
"sessions": "2110",
}
No customer names. No emails. No transaction IDs. Just numbers.
What we never store
Data Fold never touches
These fields are explicitly excluded. Even if the PostHog API returns them, Fold ignores and discards them before any storage step.
- Individual user distinct_id values, person profiles or person properties
- Session recording data or heatmaps
- Custom event properties or user properties
- Feature flag configurations or experiment results
- Funnel or retention data
- A/B test variant assignments
- Your PostHog project's tracking snippet or configuration
What Fold never does
Hard limits — enforced at the API level
These aren't just policies — they're technically impossible given the permissions we request. PostHog's own API enforces them.
- Create, modify or delete PostHog events, persons or groups
- Access or replay session recordings
- Read or modify feature flags or experiments
- Add or remove tracking instrumentation from your app
- Share your product analytics with any third party
- Use your product data to train AI models
Privacy note — PostHog specific
PostHog stores rich per-user behavioural data — Fold deliberately avoids all of it. We only run 3 aggregate count queries (pageviews, unique users, sessions) that return a single number each. No person profiles, no event streams, no session recordings are ever accessed.
Data retention
How long we keep it
Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.
Refresh frequency
How often we sync
Automatic sync every 24 hours. Manual refresh available from Settings.
How to revoke access
You are always in control
You can disconnect PostHog from Fold at any time — from either side. Both options immediately stop all data access.
From Fold
Settings → PostHog → Disconnect. All synced PostHog data is deleted immediately.
From PostHog directly
PostHog → Settings → Personal API Keys → Revoke the Fold Analytics key.
Open PostHog settingsSecurity standards
How your credentials are protected
AES-256 encryption at rest
Your API key is encrypted with AES-256 before being written to our database. It is never stored, logged, or returned in plaintext.
TLS 1.3 in transit
All API calls from Fold to PostHog use TLS 1.3. Your credentials cannot be intercepted in transit.
Read-only enforcement
PostHog's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.
Row-level security
Your synced data is isolated in our database with row-level security. No other Fold user can query your data.
FAQ
Questions about the PostHog integration
Does Fold access my PostHog user profiles or session recordings?
No. We run 3 HogQL aggregate queries that return a single integer each — pageviews, unique users, sessions. No individual person data, properties or recordings are accessed.
Can Fold read my feature flag configurations or A/B test results?
No. The project API key we use only permits query access. Feature flags, experiments and cohorts require different API scopes that Fold does not request.
I self-host PostHog. Does Fold work with self-hosted instances?
Yes. Enter your self-hosted PostHog instance URL when connecting. Fold's HogQL queries work identically against both PostHog Cloud and self-hosted deployments.
PostHog already has dashboards. Why use Fold?
PostHog is great for deep product analysis. Fold is a daily summary layer — it puts your PostHog traffic numbers next to your Stripe revenue, your Mailchimp subscriber growth, and your Meta ad spend so you can see the full picture in one view.
Other live integrations
See how other connections work
Ready to connect PostHog?
Start your free trial — no credit card
7 days full access. Connect PostHog and every other live integration. Cancel anytime. Your data deleted on request, immediately.