I would doubt Machform collects data form your public web forms.
The recording of IP is for your reference not Appnitro's.
The only data they would have is your sign-up information when you purchased the product, that is stored in their member management area of their website. I guess that's as secure as anything else that's stored online. Appnitro are not in the habit of emailing newsletters etc, they post update announcements to their product on this forum, not through email lists.
Regarding use of cookies .... I am guessing the Save and Send later or the (new) Edit Submitted Entry would use cookies in order to recognise which submitted entry is the specific users; it sends an email to that user, it has to have some way of knowing the link is legitimate, in order to open the submission and I think something like that would probably be done with cookies - even if temporary, and would likely expire after a specified time.
The administration side of Machform is only as secure as you make it - use strong passwords, and use 2-factor authentication etc.
Machform has functions to comply with EU's GDPR laws (retention/collection of personal data etc). Make sure you're using the latest version to get all these features.
Not sure I've answered all your questions - but anything else you should direct to Machform directly via a support ticket from your Members account (as the forum is not an official support source).