ConvertKit

ConvertKit

ConvertKit (now Kit) is an email marketing and creator monetization platform used by bloggers, podcasters, and online course creators. Scripts embed subscriber signup forms and landing page CTAs, capturing email addresses with tagging data. Automation rules segment subscribers based on sign-up source and email engagement.

Back to Vendor Library

Overview

ConvertKit (rebranded Kit in 2024) is an email marketing and creator monetisation platform founded in 2013 by Nathan Barry and headquartered in Boise, Idaho. It is purpose-built for bloggers, podcasters, newsletter writers, course creators, and online educators — the "creator economy" segment. ConvertKit provides embeddable subscriber signup forms, hosted landing pages, automated email sequences, and a commerce layer for selling digital products and paid newsletters. As of 2024, ConvertKit serves over 600,000 creators and manages billions of email sends annually.

What This Script Does

The ConvertKit script loads from f.convertkit.com and renders embeddable signup forms and call-to-action widgets. Forms may appear as inline page embeds, slide-in overlays, or modal popups depending on the creator's configuration.

Cookies and identifiers set:

  • ck_subscriber_id — First-party cookie set on the host domain when a visitor submits a ConvertKit form or arrives via a ConvertKit email link; links the browser session to the ConvertKit subscriber record; expiry 1 year. This is the primary identifier for automation and tagging.
  • ck_session — Session cookie tracking the current visit for form display logic (e.g., suppressing repeat popups); expires at session end.
  • Local storage key convertkit_form_shown — Records which form IDs have already been displayed to prevent repeat prompting within a session.

Script filenames and CDN: ck.js loaded from f.convertkit.com; form configuration fetched from api.convertkit.com/v3/forms/<form-id>/; submission POSTed to api.convertkit.com/v3/forms/<form-id>/subscribe.

Per-submission data collected:

  • Email address (required field)
  • Optional additional fields: first name, custom fields defined by the creator
  • Source URL and referrer at time of form submission
  • UTM campaign parameters for signup attribution
  • Tag assignments based on the form or landing page the visitor subscribed through
  • ConvertKit sequence assignment (which email automation flow is triggered)

Tracking pixels in emails: ConvertKit emails include tracking pixels (open.convertkit.com) and click-redirect links (click.convertkit.com) that report open rates and click-throughs back to the creator's analytics dashboard. These operate in the email context rather than on the host website, but link clicks return the viewer to the host site with referral attribution.

Consent & Compliance

ConvertKit scripts are classified under the marketing category. The form widgets collect personal data (email addresses) and transmit them to a third-party US-based marketing service for list management and automated email campaigns. Under GDPR Article 6(1)(a), this requires explicit prior consent — both for the cookie-based subscriber identification and for the email marketing processing itself. The form submission itself constitutes the consent moment for the email subscription, but the ck_subscriber_id cookie that links subsequent browsing to the subscriber record requires separate ePrivacy consent. ConvertKit participates in the EU-US Data Privacy Framework, enabling compliant data transfers. Under CCPA/CPRA, email collection and marketing automation constitute processing of personal information that must be disclosed with opt-out rights.

Should You Block This Without Consent?

Yes. ConvertKit scripts collect personal data for email marketing and set cookies that identify subscribers across visits. Block the ConvertKit script until marketing consent is granted. The signup form's visual presentation does not require the script; only the data capture and transmission does.

Visit website

Consent Categories

Marketing

Also Known As

ConvertKitKitconvertkit formerly kitcreator email consentemail signup form GDPRnewsletter automation privacy

Industries

Business and Consumer ServicesMarketing and Advertising

Tracked Domains (2)

f.convertkit.comMarketing
cdn.convertkit.comMarketing

Frequently Asked Questions

Does ConvertKit require consent before its form scripts load?

Yes. ConvertKit scripts set a ck_subscriber_id cookie linking subsequent browsing to the subscriber record and collect email addresses for marketing campaigns. Under GDPR, this requires prior opt-in consent. The form's visual appearance can remain, but data capture and subscriber identification cookies require marketing consent first.

What cookies and data does ConvertKit set on a website?

ConvertKit sets ck_subscriber_id (1-year cookie linking the browser to the subscriber record), ck_session (session cookie for form display logic), and stores convertkit_form_shown in localStorage. On form submission, it collects email, optional custom fields, source URL, UTM parameters, and tag assignments, posting to api.convertkit.com.

How does ConsentStack handle ConvertKit on a website?

ConsentStack classifies ConvertKit as marketing and blocks the ck.js script until the visitor grants marketing consent. This prevents the ck_subscriber_id tracking cookie from being set before consent. Once consent is obtained, ConsentStack releases the script so signup forms render and subscriber data flows to the ConvertKit platform as intended.

Related Vendors

Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
LinkedIn Ads
LinkedIn Ads
LinkedIn Ads is LinkedIn's advertising platform for B2B marketing and professional audience targeting. Conversion tracking scripts and pixels fire on advertiser websites to measure sign-ups, downloads, and purchases driven by LinkedIn ad campaigns. Sets cookies for audience matching, retargeting list building, and cross-device attribution reporting.

Manage consent for ConvertKit

ConsentStack automatically detects and manages ConvertKit trackers so your site stays compliant with global privacy regulations.

Get started