Q1) What happens technically when a user enters a username and password into the simulation login form and clicks submit?
If capture credentials is enabled, it will be stored on the server in an encrypted format. If not, it will never leave the user's browser.
Q2) What technical controls are in place to ensure that any data entered into the form does not leave the user's browser or device?
We have controls in place on the frontend that remove these credentials and only send an indication to the server that someone has submitted them. (If 'capture credentials' is not explicitly enabled).
