Analytics

This is an instruction-only analytics guidance skill whose content and requirements are coherent with its stated purpose; it does not request secrets or install code, but it references environment variables in examples and includes implementation guidance you should review before using.

This skill is a guidance document for analytics — it appears coherent and safe as-is, but before you use its code/examples consider: (1) Decide which analytics provider you will actually use (PostHog, Amplitude, etc.) and follow that provider's best practices. (2) Do NOT put secret ingestion keys into client-side env vars; NEXT_PUBLIC_* keys are public in Next.js. Keep server-side keys and any PII-protecting logic on the backend. (3) Review your tracking plan carefully to avoid collecting personal data unnecessarily; add consent banners and retention/purge policies to meet GDPR and other laws. (4) If you self-host PostHog, secure the host and network access. (5) Test instrumentation in staging before sending production data. If you want me to, I can point out which keys are safe to expose in client code, draft a GDPR-compliant data policy, or convert the tracking snippets into a server-side-safe implementation.