At Cognito Forms, we are committed to protecting the privacy of our customers’ data, regardless of where they are located.

That is why we have enrolled in EU-U.S. Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and confirmed compliance with all current state-specific data privacy laws.

We believe that your data belongs to you, and we are here to help you keep it safe.

Why is the EU-US Data Privacy Framework important?

The EU-US Data Privacy Framework is a new agreement between the European Union and the United States that provides a legal basis for the transfer of personal data from the EU to the US. The framework was developed in response to the Schrems II ruling, which invalidated the previous EU-US Privacy Shield Framework.

Cognito Forms participated in the EU-US Privacy Shield Framework since 2018, however, the Schrems II ruling found that the EU-US Privacy Shield Framework did not provide adequate protection for the personal data of EU citizens. The framework was criticized for allowing US intelligence agencies to access EU data without sufficient safeguards.

The EU-US Data Privacy Framework addresses the concerns raised in Schrems II by introducing a number of new safeguards, including:

  • Limiting access to EU data by US intelligence services to what is necessary and proportionate to protect national security

  • Establishing a new Data Protection Review Court to investigate and resolve complaints regarding access to EU data by US intelligence services

The EU-US Data Privacy Framework is an important step forward in ensuring the safe and secure transfer of personal data between the EU and the US. It is essential for businesses that operate in both regions, and it provides EU citizens with peace of mind knowing that their data is protected.

As part of our participation in the EU-US Data Privacy Framework, we were required to update our privacy policy to replace references to the EU-US Data Privacy Shield with EU-US Data Privacy Framework. Even after this change, we continue to advise users to sign our Data Processing Addendum, encompassing the latest SCCs and UK extension as per GDPR/UK GDPR stipulations.

Changes to US state-specific data privacy laws

As of late, the privacy landscape within the US is constantly evolving, and we are committed to staying up-to-date on the latest regulations and best practices. We champion “privacy by design” and prioritize transparency with our customers about data collection and usage.

Following an internal review, we’re pleased to confirm our compliance with all existing and imminent state-specific data privacy laws, including;  the California Privacy Rights Act, Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act. Our privacy policy has been updated to reflect these alignments.

What does this mean for you?

As a Cognito Forms customer, you can be confident that your data is safe and secure, regardless of where you are located. We’re dedicated to ensuring your privacy and strictly adhere to all relevant data privacy legislation.

If you have any questions about our privacy policy or how we protect your data, please do not hesitate to contact us at

Jamie T.

Jamie T.

Jamie is co-founder of Cognito Forms, an online form builder for organizations seeking to quickly and easily connect with their customers. In his free time, Jamie loves spending time with his wonderful wife and kids, training for triathlons, camping with boy scouts, singing in the choir, and trying out the latest gadgets.