Technical Information
Below you can read information about how Zuko works from a technical standpoint, including information about our tracking javascript and cookies used. If anything is not clear or you have any further questions, please get in contact with us, or look at
docs.zuko.io fore more information.
How Zuko works
Zuko works by tracking your site visitors when they:
- View your form
- Interact with your form’s fields
- Successfully complete your form
Zuko tracks these events by adding a tracking JavaScript to your web page. Zuko does not track your visitor’s data that they enter into your form, but simply that they
are entering data and
how they are interacting with the form.
- The Zuko javascript in 8 kb in size, and hosted in a globally available CDN (AWS) with two edge locations in the UK (Manchester and London). Our code is compressed to reduce size further.
- We do not rely on any third party libraries.
- Our target load time for the Zuko javascript is under 100ms, in almost all cases it loads under 40ms.
- Behaviour data is transmitted in the background, so the website user experiences no slow-down.
- Updates to our tracking JavaScript are infrequent.
- All changes to Zuko go through a rigorous testing and deployment process.
We do not track, or store any personally identifiable information.
From the data that we collect, we calculate the metrics that enable you to discover the issues that your visitors encounter whilst interacting with your forms. This data is made available through the Zuko app.
Events that Zuko tracksZuko tracks the following standard event types on your fields:
- change
- click
- input
- paste
- keydown
- focusin
- focusout
Cookies
Zuko uses a single cookie in order to provide it's insight:
Name: zukoVisitorId
Duration: 99 years
Description: Zuko uses a first party cookie for each of your site visitors to track completions and subsequent form fills
Notes: Zuko does not use third party cookies and Zuko does not collect personally identifiable information.
Where do you host your data?
We are fully hosted on AWS in the EU-WEST region which means all of our data is in Ireland.
How do you protect us from malicious use of your tracking code?
Access to the tracking code is protected behind 2 factor authentication on our AWS account. Within our organisation only the people who need access to the code do their job have access to the code. All development-changes to the tracking code are tracked and attributed to an engineer. All engineers are employed with 2 recent work references and are personally interviewed by a company director.
As a client you have the option to host our tracking code yourself, this could be an option to consider with regards adhering to your internal compliance.
Is your network secure?
Everything we run on AWS is within a VPC. In our VPC we use public subnets minimally only to allow firewall protected access where required - namely from our AWS load balancers and SSH access for our engineers via a bastion server.