Super Forms (in normal circumstances) only stores a cookie named _sfs_id.
The value of this cookie is a unique "session ID" (not to be confused with a browser session itself), which then connects any temporary client data inside your WordPress database. This means no sensitive data is being stored on the client side (browser). The cookie is required for basic functionality such as CSRF checks to secure a request. Or to store a users form progression (if you enabled this for your form).
The default expiration of the _sfs_id cookie is set to 60 minutes but may be adjusted via a filter hooks:
$expires = apply_filters('super_cookie_expires_filter', $expires);
$exp_var = apply_filters('super_cookie_exp_var_filter', $exp_var);
For both secure and httponly paramaters the values are by default set to true. If required you can adjust this with the use of filters:
$secure = apply_filters('super_cookie_secure_filter', $secure);
$httponly = apply_filters('super_cookie_httponly_filter', $httponly);
Note that depending on how you setup your form it might be using third party cookies.
For example if you setup your form to load/use Google Fonts.
In case you are using the Popup feature to display a popup, and you enable the option Enable expiration cookie (show popup only once), Super Forms will also store a cookie named super_popup_expire_XXX, where XXX is the form ID. This only is used to store a timestamp to track the expiration.
Of course when you are using the Register/Login feature, and you enabled the form to automatically login the user it will use the default WordPress cookie for authentication purposes.