Building an analytics viewer sounds straightforward. Connect to an API, display data. But HogWatch required some deliberate architectural decisions—particularly around security—that shaped everything else.
This post is a behind-the-scenes look at those decisions: why HogWatch exists, what I prioritized, and what I deliberately left out.
Why Build a PostHog Viewer?
I use PostHog for analytics in my apps. It's excellent—open-source, privacy-conscious, genuinely useful for understanding how people use your product.
But checking analytics means opening a laptop. The PostHog dashboard is powerful but not optimized for mobile. Sometimes I want to glance at yesterday's numbers while waiting in line for coffee. Or check if that feature launch is getting traction during a meeting break.
The mobile web experience works, but it's clunky. Pinch-to-zoom, tiny touch targets, constant re-authentication. I wanted something native. Something that launches instantly and shows me my data in two taps.
HogWatch exists because I wanted to check my analytics without opening my laptop.
Design Principle: No Backend Server
This was the first and most important decision. HogWatch connects directly to the PostHog API. There is no Flowstate Industries server in between.
Why This Matters
Most mobile apps that connect to third-party services route through their own backend. Your credentials go to their server, which then calls the third-party API.
This creates risk:
- Your API key traverses their infrastructure. If their server is compromised, your key is compromised.
- They can log your data. Even if they promise not to, the architecture allows it.
- Additional attack surface. Their server becomes a target for attackers who want to harvest API keys.
- Single point of failure. If their server goes down, the app stops working entirely.
HogWatch eliminates all of this. Your PostHog API key goes directly to PostHog's servers. I never see it. It never touches my infrastructure. If my website went offline tomorrow, HogWatch would keep working.
Security: Your Credentials Stay on Your Device
Your PostHog API key grants access to your analytics data. Storing it carelessly would be irresponsible.
HogWatch stores API keys using industry-standard secure storage on your device. Your credentials are protected by iOS security features and never leave your phone.
What this means for you:
Your credentials stay local. Your API key exists only on your device—no cloud sync, no account required.
Protected when your device is locked. Your credentials are encrypted when your device is locked.
No logging or transmission. Your API key is never logged to crash reports or analytics, and never sent to Flowstate servers.
Feature Scope: Viewing, Not Creating
HogWatch is a viewer. You can:
- View dashboards and their insights
- Browse events with filters
- Search and explore data
- See real-time metrics
You cannot:
- Create or edit dashboards
- Configure event tracking
- Modify project settings
- Create feature flags
This is deliberate.
Why Read-Only?
Mobile is for checking, not configuring. Setting up analytics belongs on a desktop with a full keyboard and large screen. Mobile is for quick checks.
Reduced API key permissions. A read-only app only needs read API permissions. This limits damage if credentials were somehow compromised.
Simpler, more focused UX. Trying to replicate the full PostHog dashboard on mobile would create a cluttered, confusing experience. HogWatch does one thing well.
Fewer things to break. Write operations require more complex state management, conflict resolution, and error handling. A viewer is inherently simpler and more reliable.
Multi-Project Support
Many developers work on multiple apps or consult for multiple clients. HogWatch Pro supports unlimited PostHog projects.
Each project's credentials are stored separately and securely. Switching projects is two taps. The home screen can be customized to show metrics from your currently selected project.
This is a Pro feature because it adds complexity and serves power users. The free tier works great for someone with a single project.
Monetization: Subscription Model
HogWatch Pro is $4.99/month or $49.99/year, with a 7-day free trial.
Why Subscription?
Ongoing API maintenance. PostHog's API evolves. Endpoints change, new features appear, authentication methods update. Staying compatible requires ongoing development.
iOS updates. Each year brings new iOS versions with deprecations and new requirements. Subscriptions fund this maintenance.
Sustainable business model. One-time purchases create pressure to constantly acquire new customers. Subscriptions let me focus on serving existing users well.
What's Free?
The free tier includes:
- One PostHog project
- Dashboard viewing
- Event explorer
- Basic home screen
Pro adds:
- Unlimited projects
- Customizable home screen
- All future Pro features
Someone with a single project can use HogWatch indefinitely for free.
Important Disclaimer
HogWatch is an independent app created by Flowstate Industries. It is not affiliated with or endorsed by PostHog Inc.
PostHog is a trademark of PostHog, Inc. HogWatch simply consumes the PostHog API as documented in their public API documentation.
This distinction matters. If you have issues with the PostHog service itself, contact PostHog support. For issues with the HogWatch app, contact me at support@flowstateindustries.com.
Building Forward
HogWatch is live and evolving. The architecture—direct API connection, no backend server, secure local storage—enables a secure, reliable experience that doesn't depend on my infrastructure.
If you use PostHog and want to check your analytics from your phone, download HogWatch from the App Store. Try it for a week. Let me know what works and what doesn't.
And if you're building apps that handle user credentials: consider the direct API approach. It's more work upfront but eliminates entire categories of security concerns. Your users' credentials are their responsibility, not a liability sitting on your server.