Yes! Cognito Forms offers HIPAA compliance to Enterprise level organizations through business associate agreements, making it easy to build medical forms for new patient registrations, appointment scheduling, online bill payment, and more.
Learn more about creating HIPAA-compliant forms.
The email providers we use support sending TLS point-to-point encrypted emails to recipients who support encryption.
While 90% of email providers (like Gmail and Outlook) are now encrypted, you will need to verify that your recipient’s email provider and servers support encrypted email delivery in order to confirm that emails you send remain encrypted. Check with your support team if you are not sure.
Please note that HIPAA, GDPR and CCPA all require senders to get consent before emailing any personal information.
The c-referrer cookie is primarily a Performance Cookie we use to track statistical information about people who visit our website.
The cookie tracks how users were referred to our website and which page they first accessed. We only store this information after users sign up to use Cognito Forms and consent to our Terms of Use and Privacy Policy.
In some cases, c-referrer also acts as a Functionality Cookie, when either the referring page or the landing page information makes these users eligible for special referral discounts on paid plans.
In all cases, this is a first-party cookie and we only save and use information in this cookie after users sign up to use Cognito Forms. We do not use this cookie for targeted advertising and only use this information to improve our product and enhance the experience for our customers.
Yes.
We complete ongoing SOC 2 Type 2 audits. This process confirms that we adhere to practices that help provide both data security and operational reliability for our customers. We also utilize Microsoft Azure servers, and Microsoft conducts its own SOC 2 compliance audits.
Paid subscribers can request a copy of our SOC 2 Type 2 audit report by contacting our customer success team.
We’ll respond within one business day to begin the process. Please note that all requesting parties are required to sign a non-disclosure agreement before receiving the report, which is standard practice when sharing such information.
Yes! We are compliant with the California Consumer Privacy Act (CCPA) and have updated our privacy policy accordingly.
Learn more about the California Consumer Privacy Act as well as our data security practices.
Per our Terms of Service, we prohibit the collection of credit card data in Cognito Forms.
However, we do offer several secure payment integrations for processing credit card payments on your forms. Two of these, Stripe and Square, offer secure and PCI-compliant card data storage via our Card-on-File feature. This feature, available on the Team plan and above, ensures that card data is transmitted directly to and saved on the processor’s servers.
When used properly, Cognito Forms servers never process, store, or transmit credit card information.
At Cognito Forms, the privacy and the security of your form data is of utmost importance to us.
From data encryption and secure transmission to data isolation and other architectural safeguards, we undergo painstaking measures to ensure your data is safe.
These include regular audits and proactive development to help ensure we stay ahead of emerging security threats. Whether in our product, processes or policies, security is always our first priority.
Some of our security measures include:
- PCI-Compliant Payment Processing
- EU-U.S. Privacy Shield Certification
- GDPR Compliance
- CCPA Compliance
- HIPAA Compliance
- TLS 1.2/SSL Encryption
- 256-Bit AES Encryption
- SOC 2 Type II Certification
Cognito Forms supports full encryption of all entry data and uploaded files at rest.
Additionally, you can mark sensitive form fields as protected. This ensures they are not inadvertently transmitted insecurely, such as through email notifications or insecure redirects/webhooks.
Learn more in our data security and data encryption.