Privacy & Redaction

You're shipping solo, so your users' data is your responsibility too. Opsis is built with modern data-protection principles (GDPR-aligned) in mind: minimize data, redact automatically, keep artifacts private — so you can move fast without worrying.

What Opsis does NOT do

It never uploads or reads your application's source code.
It never displays your PostHog OAuth tokens — they are encrypted at rest (AES-256-GCM), kept server-side only, and never sent to your browser.
It never publishes videos/traces — artifacts are private by default.
It never sends raw sensitive values to its AI provider (Opsis AI).

Automatic redaction

Before session data is stored, displayed, or sent to the AI, all text passes through a redaction layer that masks:

Authorization headers, cookies, and API keys
Tokens (JWT, bearer, Slack xox…, phx_/phc_/sk-)
Email addresses and phone numbers
National ID numbers and card numbers
OTP and password key-value pairs

We also recommend enabling maskAllInputs: true in your PostHog session recording configuration so user input is masked at the source, before it ever reaches PostHog or Opsis.

Pseudonymization & what is imported about users

PostHog distinct_ids are hashed (SHA-256) before being stored — the Opsis dashboard never shows end-user identities.

The user-level data Opsis imports per session is deliberately coarse:

Browser, operating system, device type, and viewport size.
A coarse geo country (e.g. “Canada”), sourced from PostHog's person geo properties — never a city, region, or coordinates.
A pseudonymous (hashed) user ID — never names, emails, or raw identifiers.

Retention & deletion

Verification artifacts expire automatically after the retention window (30 days by default). Data deletion is available on request — email admin@heyopsis.com and we will delete your project's sessions, findings, runs, and artifacts.

Your responsibilities

Make sure your own application has a legal basis for recording analytics (consent banner + privacy policy) — PostHog records your users on your behalf; Opsis processes that data as a processor.

Loading docs

What Opsis does NOT do

It never uploads or reads your application's source code.

It never displays your PostHog OAuth tokens — they are encrypted at rest (AES-256-GCM), kept server-side only, and never sent to your browser.

It never publishes videos/traces — artifacts are private by default.

It never sends raw sensitive values to its AI provider (Opsis AI).

Automatic redaction

Before session data is stored, displayed, or sent to the AI, all text passes through a redaction layer that masks:

Authorization headers, cookies, and API keys

Tokens (JWT, bearer, Slack xox…, phx_/phc_/sk-)

Email addresses and phone numbers

National ID numbers and card numbers

OTP and password key-value pairs

We also recommend enabling maskAllInputs: true in your PostHog session recording configuration so user input is masked at the source, before it ever reaches PostHog or Opsis.

Pseudonymization & what is imported about users

PostHog distinct_ids are hashed (SHA-256) before being stored — the Opsis dashboard never shows end-user identities.

The user-level data Opsis imports per session is deliberately coarse:

Browser, operating system, device type, and viewport size.

A coarse geo country (e.g. “Canada”), sourced from PostHog's person geo properties — never a city, region, or coordinates.

A pseudonymous (hashed) user ID — never names, emails, or raw identifiers.