Payment security

We take several measures to ensure the security of your payment data:

  • We use Microsoft Azure; a highly available, cloud-based, and secure hosting environment. This environment is both BAA (HIPAA) and PCI (DSS) level 1 compliant, and you can find the full list of compliance offerings here.
  • Our payment processors (PayPal, Stripe, and Square) are all PCI level 1 compliant. View more about their security measures in PayPal’s documentation, Stripe’s documentation, and Square’s documentation.
  • Your user’s credit card data is never transmitted, processed, or stored by your website or by Cognito Forms. All sensitive transaction data is transmitted directly from your customer’s browser to your payment processor for secure processing.
  • All payment forms accessed through public links are over SSL, and all of our payment processors always run over SSL. If you are embedding a payment form on your website, we recommend that you obtain an SSL certificate to maximize security and provide confidence to your customers that their transaction will be secure.

If you have any questions or concerns about payment security, please contact us.