Some forms may contain confidential information – even something basic like where a person lives.
What measures do Cognito Forms take to ensure that data stored within its site is secure?
Cognito-forms – What measures does Cognito Forms take to ensure Privacy/ Security Level for Completed Forms/ User Data
cognito-formsprivacySecurity
Related Topic
- Cognito-forms – What does the Cognito Forms “entry limit” cover
- Cognito-forms – Mathematics and decimal places
- Cognito-forms – What plan level is required to use PayPal with Cognito Forms
- Cognito-forms – “If then” calculations based on value
- Cognito-forms – Pulling up and re-using historic data after a payment is made
Best Answer
EDIT: Cognito Forms now supports full encryption of all entry data and uploaded files at rest. Furthermore, you can mark sensitive fields as protected to ensure they are not inadvertently transmitted insecurely, such as through email notifications or insecure redirects/webhooks.
Learn more about Cognito Forms security at: https://www.cognitoforms.com/support/74/entries/data-security
Excellent question! I am a developer for Cognito Forms and am glad to answer this.
First, we need to document this as a separate page in our help documentation to make this very clear, but we do discuss our security a bit at the bottom of the How to Setup Payment page. To expand upon this, here is what we do to protect the security of our customer's data:
Cognito Forms is always accessed over HTTPS 100% of the time for all users.
Cognito Forms is hosted securely on the Microsoft Azure cloud platform, which is PCI (DSS) Level 1 AND HIPAA compliant, and we have a HIPAA BAA with Microsoft.
Access to our production environment is limited to two individuals, requiring two-factor authentication to deploy updates or access a secure system for limited troubleshooting.
We do not look at entry data for our customers unless requested to through an official support request. The details of our concern over data privacy are detailed in the Cognito Privacy Policy.
Customer data is carefully segregated at the lowest architectural level in Cognito Forms to ensure that data for one organization cannot be accessed by another.
We partner with Stripe for credit card processing so that secure payment information is never transmitted or stored by Cognito Forms. We also take measures to prevent malicious scripts on sites we are embedded in from stealing this information.
The Cognito Forms architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.
Production access credentials for storage and encryption tokens used to encrypt sensitive organization data are stored in an Azure credential store and are not stored within our own development environments.
Finally, all text data stored by Cognito Forms is sanitized to prevent JavaScript injection attacks, which someone might attempt to leverage by submitting JavaScript as entry data to maliciously access other entry data by compromising our customers browsers when managing entries.
What we have not done yet, but plan to, is to allow our customers to indicate that a form, or portions of a form, contain sensitive data that must be treated as carefully as possible, such as HIPAA, PCI, or PII data. We could easily support encrypting the data, but this feature must and will go further to ensure this sensitive data is never emailed or otherwise transmitted in an insecure way (ie, we will help our customers ensure the data is protected). Since this is not yet in place, we discourage the storing of sensitive information that should be encrypted at rest, such as Social Security and driver's license numbers, medical patient data (HIPAA), etc.
As you can see, we have definitely thought a lot about the security of Cognito Forms. At the same time, we know that there are constant threats and we need to continue to refine our processes to ensure the safety of our customer's data in Cognito Forms.