We take several measures to ensure the security of your payment data:
- We use Microsofe Azure; a highly available, cloud-based, and secure hosting environment. This environment is both BAA (HIPAA) and PCI (DSS) level 1 compliant, and you can find the full list of security verifications here.
- Our payment processors (PayPal, Stripe, and Square) are all PCI level 1 compliant. View more about their security in PayPal's documentation, Stripe's documentation, and Square's documentation.
- Your users’ credit card data is never transmitted, processed, or stored by your website or by Cognito Forms. All sensitive transaction data is transmitted directly from your customer’s browser to PayPal, Stripe, or Square for secure processing.
- All payment forms accessed through public links are over SSL, and PayPal/Stripe/Square always run over SSL. Note: If you are embedding a payment form on your website, we recommend that you obtain an SSL certificate to maximize security and provide confidence to your customers that their transaction will be secure.
If you have any questions or concerns about payment security, please contact us.