Privacy & Telemetry

OpenLatch keeps the marketing site (openlatch.ai) deliberately quiet: there is no login, no personalised content, and no third-party trackers loaded in the page. The only telemetry the site emits is product analytics for our own funnel — which pages developers read, which install command they copy, and which links they follow into the authenticated console.

What we collect

When you visit openlatch.ai we record anonymous events through PostHog, hosted in the EU (Frankfurt) and served from a first-party origin on our own domain (openlatch.ai/ingest). Events include:

• $pageview and $pageleave — which pages you visited and for how long
• Conversion events — when you copy npx openlatch, open the docs, or click through to the console
• Web Vitals — Core Web Vitals (LCP, CLS, INP) so we can keep the site fast
• A 5% sample of session replays, with all text and form inputs masked

We never collect form input contents. We never call identify() from the website, so events stay attached to an anonymous device-level ID. We do not sell or share this data with third parties.

How to opt out

Append ?ph_opt_out=1 to any openlatch.ai URL to permanently disable analytics on this device. The opt-out is stored in localStorage and survives page reloads.

You can also block our /ingest/* path with any ad-blocker or browser privacy extension — the proxy is first-party but the path is stable.

Where data is stored

EU (Frankfurt) via PostHog Cloud EU. The request never leaves the EU because the Cloudflare Worker that fronts the proxy resolves to the nearest EU edge.

Cross-domain handoff to the console

When you click “Sign Up” or any other link to app.openlatch.ai, the anonymous identifier is appended to the URL fragment (#ph_did=…) so the authenticated console can stitch your pre-signup activity to your account after you sign up. The fragment never reaches our servers — it stays in the browser.