Here is what you need to know about the New Relic agent and security. For additional information, see Data security.
For more information about New Relic and Security, see the New Relic Security website.
Disclosure and audit
The New Relic agent is a publicly accessible plugin for Go, Ruby, Java, .NET, Node.js, PHP, and Python web applications. The Ruby source code is readily available. New Relic does not do any dynamic code generation over the wire, so using the agent will not introduce any code into your application without your knowledge.
The Ruby agent is an open book. While the other agents use other mechanisms for instrumenting code, their behavior within your environment is similar. If you are concerned about what New Relic's software sees and does, you could audit the Ruby agent.
In order to help us improve our product and user experience, New Relic uses third-party analytics services to better understand the behavior of users on our site. The user data that New Relic collects is used solely by New Relic and is not shared, sold, or rented to any third parties for their own use.
Hosting and data storage
New Relic is self-hosted with co-location services called Server Central in a tier 3 data center in Chicago. New Relic uses standard best practices to maintain a firewall for our servers and to protect our servers from unauthorized login.
All data is stored in a cluster of MySQL databases. Metric data is not encrypted, nor are transaction traces or errors (although they are stored in a compressed serialized format). New Relic data is backed up nightly, and an archive is stored at a secondary data center.
High Security mode
New Relic agents offer high security options to prevent sensitive data from being sent to New Relic. For more information, see High security.