Any data you have with Cognito Forms is protected with data encryption at rest accessed exclusively over HTTPS.
Data Encryption adds a second layer of encryption using organization-specific encryption keys and encrypting cached data in your browser. It also enables you to protect fields, preventing data from being unintentionally transmitted out of your Cognito Forms account.
When to use Data Encryption
You must encrypt any form and protect any field that contains sensitive information, such as: Social Security numbers, Driver’s license numbers, and other personally identifiable information.
You can encrypt and protect any field type on your forms, including uploaded files and sections. All of your data will still be easily accessible to you, but safe from malicious outside attacks.
Once enabled, encryption will only apply to entries after you enable it, not to existing entries. Additionally, data encryption does not affect how other features work with your form. Please note that, even with encryption enabled, you are prohibited from collecting and storing credit card information, except as supported by Cognito Forms for processing online payments using secure third-party payment processors.
If you have signed a BAA with Cognito Forms to enable HIPAA compliance, you cannot turn encryption off. When downgrading to a plan that doesn’t support data encryption, your form data will no longer be encrypted.
Enabling data encryption
To encrypt your form entry data:
- Select the form you want to encrypt, and open the form builder.
- In the Form Settings on the left hand side, select Encrypt Entry Data? to place an additional encryption layer on all of the form’s entry data.
- Save your form.
The form data is now more secure, requiring JSON posts and confirmation redirects to be over SSL.
Protecting fields
You can protect a section on your form to automatically protect every field within it. Protecting a field ensures that the collected entry data does not display in:
- Email notifications
- Generated documents (unless you select the Protected fields option under Include? in the Manage Document Templates menu)
- Not available messages for Workflow Link Sharing/Save & Resume/Public Links
- Field labels, help text, and the Use with Person Field? settings
Please note that protected fields do display in JSON webhook payloads.
To protect a field:
- Ensure that data encryption is enabled in the form settings.
- Open the field you want to protect, and select the Protect Field? option at the bottom of the field settings.
- The field will display a lock icon, indicating that it is protected.
Collecting passwords
To securely collect passwords through your Cognito Forms:
- Ensure that data encryption is enabled in the form settings.
- Add a Textbox field to your form, and select Password as the field type. Password fields are always set to Protected.
- Now, when someone types in their password, the characters are masked from view. To view the password within your Cognito Forms account, view the individual entry on your form’s Entries page.