Below you can read information about how Zuko works from a technical standpoint, including information about our tracking JavaScript and cookies used. If anything is not clear or you have any further questions, please get in contact with us, or look at docs.zuko.io for more information.

How Zuko works
‍Zuko works by tracking your site visitors when they:

- View your form
- Interact with your form’s fields
- Successfully complete your form

Zuko tracks these events by adding JavaScript tracking to your web page. Zuko does not track your visitor’s data that they enter into your form, but simply that they are entering data and how they are interacting with the form.

- The Zuko JavaScript is 15 kb in size (only 6 kb transferred), and hosted in a globally available CDN (AWS). Our code is compressed to reduce size further. 
- We do not rely on any third party libraries. 
- Behaviour data is transmitted in the background, so the website user experiences no slow-down (see our speed test data here). 
- Updates to our tracking JavaScript are infrequent.
- All changes to Zuko go through a rigorous testing and deployment process.
- We do not track, or store any personally identifiable information. 

From the data that we collect, we calculate the metrics that enable you to discover the issues that your visitors encounter whilst interacting with your forms. This data is made available through the Zuko app.

Events that Zuko tracks
Zuko tracks the following standard event types on your fields:
- change
- click
- input
- paste
- keydown
- focusin
- focusout

Cookies
‍Zuko uses a single cookie in order to provide it's insight:
Name: zukoVisitorId
Duration: 1 year
Description: Zuko uses a first party cookie for each of your site visitors to track completions and subsequent form fills
Notes: Zuko does not use third party cookies and Zuko does not collect personally identifiable information.

For further details on our how we use cookies please see our Cookies Statement.

Where do you host your data?
We are fully hosted on AWS in the EEA region (Republic of Ireland).

How do you protect us from malicious use of your tracking code?
Access to the tracking code is protected behind 2 factor authentication on our AWS account. Within our organisation only the people who need access to the code do their job have access to the code. All development-changes to the tracking code are tracked and attributed to an engineer. All engineers are employed with 2 recent work references and are personally interviewed by a company director.
‍
As a client you have the option to host our tracking code yourself, this could be an option to consider with regards adhering to your internal compliance.

Is your network secure?
Everything we run on AWS is within a VPC. In our VPC we use public subnets minimally only to allow firewall protected access where required - namely from our AWS load balancers and SSH access for our engineers via a bastion server.