I would like to know:
- what happens to data introduced in the forms created with Cognito: are they destroyed?
- Does Cognito keep the data in a database and for how long?
- If I want to receive the database, is it possible?
- What are the security against hackers and how is Cognito dealing with these threats?
If we want to use Cognito Forms (paid option) for business, thus with risk of having access to personal and potentially sensible data, these questions are really critical.
Best Answer
Great question!
You can find most of the answers in our help topic on data security, but I will specifically address each of your questions:
If you delete a form and/or entries for a form, this information is permanently deleted. We are researching ways to provide recovery options for accidental deletes, but this will be an "opt-in" option as our goal is to ensure it is easy to permanently delete data.
Cognito Forms stores data in a no-sql database (a document store) and this information is stored essentially forever unless you delete it or abandon it. We state in our terms that we may delete individual accounts that are abandoned. However, this largely applies to the people that try out our service and decide to do something else, as we have hundreds sign up each day and not everyone will become long term users.
You can download the full entry details at any time by exporting your entries to Excel, which provides a complete "strongly-typed" "structurally accurate" view of your data. Furthermore, you can use either our JSON endpoints or Zapier integration options to stream your entries into another system to maintain your own backups for this data. We are also working on options to not store data in Cognito Forms for those customers that just want to use our forms but do not want us to store their data.
Cognito Forms is hosted in the same datacenters that run services like Xbox.com and Office 365, and we rely on Microsoft's Azure platform for intrusion detection, physical security etc. We do not even know where the servers for Cognito Forms are physically located--just somewhere in Virginia with redundancy in the Mid-West. We carefully guard our own limited access to this production environment as stated in our security help topic. Also, we worked with Microsoft to ensure we are hosted in their high-security area reserved for applications dealing with sensitive data, and have a HIPAA BAA from Microsoft.
Finally, we will be releasing support for encrypted forms in the next couple of weeks. This will add an additional layer of security and protection by encrypting 100% of all entry data and uploaded files "at rest" and allowing form builders to mark certain fields as "protected" to prevent them from inadvertently being transmitted insecurely in email notifications, url redirects, etc. We will also prevent things like posting data to non-secure endpoints to ensure that our customers do not accidentally compromise the data they are trying to protect.