Protecting User Data

Protecting User Data


You have full control over the data you send to Mixpanel. Here we share best practices for tracking in a privacy-friendly way.

Opting Users Out of Tracking

You can use the opt_out method in Mixpanel's SDKs to opt users out of tracking. This state is controlled by a flag that is set as a browser cookie or localStorage. Note: because this setting is stateful, it only exists on our Web/Mobile SDKs -- if you're tracking from your servers, you will need to store this opt-out setting in a database and check it before sending any track calls.


You can also configure our SDKs to opt users out of tracking by default:

mixpanel.init(YOUR TOKEN, {opt_out_tracking_by_default: true});

Disabling Geolocation

Mixpanel's Web and Mobile libraries use IP address to enrich events with geographic information like city, country, and region. Mixpanel does not store IP addresses, but rather, only uses IPs to assign geolocation properties to data upon ingestion. You can disable this using the following configuration options in each of our SDKs:

mixpanel.init("YOUR_TOKEN", {"ip": false})

Anonymizing Users

Mixpanel does not know, or need to know, any identifying information about users (like email or phone number). Mixpanel only needs to know that a set of events were performed by a particular user ID. You choose the ID and you choose how you want to send that ID to Mixpanel.

If you want to analyze aggregate user behavior without being able to drill down into any particular user, we recommend generating a hash of some unique ID of the user and using that hash as the user's ID when you call the .identify() method in our SDKs.

Blacklisting Default Properties

Our JavaScript library automatically captures default properties to help enrich your data, but you can choose to prevent the setting of default properties using the property_blacklist config option. To prevent default event properties from being sent, specify a list of properties to blacklist on library load, for example:

mixpanel.init("YOUR_TOKEN", {
  property_blacklist: ['$referrer', 'custom_property']

Was this page useful?