▸Example Mixpanel call (the "before")
import Mixpanel
let mixpanel = Mixpanel.mainInstance()
// Identifies the user — distinct_id becomes joinable to email forever:
mixpanel.identify(distinctId: userId)
mixpanel.people.set(properties: [
"$email": email,
"$name": fullName,
"plan": "pro",
])
mixpanel.track(event: "Paywall Purchase", properties: ["value": price])HIPAA's Protected Health Information (PHI) classification covers any health-related data tied to identifiable individuals. Most analytics SDKs accept arbitrary parameters — making it easy to log symptom, medication, heart_rate, or cycle_day alongside a persistent user_id, which is unambiguously PHI. Consult your legal team for HIPAA specifics; Respectlytics's 5-field schema rejects health-category fields at the API.
☑Remove Mixpanel cleanly
-
1
Remove
pod 'Mixpanel'fromPodfile -
2
Remove
implementation 'com.mixpanel.android:mixpanel-android:...'frombuild.gradle.kts -
3
Remove
mixpanel-react-nativefrompackage.jsonormixpanel_flutter:frompubspec.yaml -
4
Delete any
Mixpanel.mainInstance().people.set(...)oridentify()calls — those are the people-profile entry points -
5
Replace
mixpanel.track(...)call sites withRespectlytics.track("event_name") -
6
Delete the Mixpanel project (or revoke the project token) in the Mixpanel admin once you've confirmed no more events arrive
-
7
If you used Mixpanel-driven cohort exports for marketing, plan the cutover to whatever replaces those flows
⇋Mixpanel vs Respectlytics — no phi collected
| Mixpanel | Respectlytics | |
|---|---|---|
| Accepts health-related fields (symptom, medication, etc.) | Yes (free-form parameters) | No (rejected by 5-field schema) |
| Joinable to a user identity | — see tool note above | No (session_id rotates every 2h) |
| BAA available with vendor | — typically yes, with restrictions | Out of scope — Respectlytics is designed so PHI never enters the pipeline |
| Apple Health & Fitness Privacy Label tier | Triggered if you log health fields | Not triggered by Respectlytics |
❓Frequently asked questions
What does HIPAA actually require here?
HIPAA's Privacy Rule restricts how Covered Entities and Business Associates handle PHI. The full breakdown is outside this tool's scope — consult your legal team. From a technical posture: ensuring health-related data simply doesn't enter your analytics pipeline removes the surface that HIPAA would otherwise scope.
We're a telehealth app — how do we track funnel completion without health data?
Track the action without the content. appointment_booked is an event name; the doctor specialty, diagnosis, or symptom that led to the appointment lives in your EHR or telehealth platform, never in product analytics. Your product KPIs (booking rate, completion rate, repeat-use rate) compute fine on session-grouped events without per-event health context.
Does Respectlytics sign a BAA?
Out of scope by design — Respectlytics's 5-field schema rejects health categories at the API. There's no PHI flowing to Respectlytics, so the BAA scope is empty. Consult your legal team to confirm this fits your specific compliance posture.
What about wearable / fitness app step counts and heart rate?
Those are health data even if your app isn't a medical app. Apple's HealthKit framework is the right system of record for that data — it has its own privacy model and stays on-device. Product analytics tells you whether the heart-rate feature is being used; HealthKit holds the values.