New Relic takes your data privacy seriously. Our principles-based approach aims to go beyond the legal requirements for consent. We understand your concerns when you entrust us with your data, and we always strive to embrace your expectations and preferences.
This document provides links to detailed information about the privacy and security measures we take to protect you and your customers' data privacy. Our monitoring tools are data-agnostic; they don't require sensitive materials, and many of them don't require any personal data.
You are responsible for ensuring that your systems are appropriately set up and configured so that they don't send inappropriate personal data or sensitive materials to New Relic monitoring tools. For additional information about policies, credentials, audits, and other resources, see our New Relic security website.
New Relic includes the option of HIPAA-enabled accounts for customers meeting certain requirements. To learn more, see HIPAA readiness at New Relic.
As of October 2023, the U.S. Department of Commerce has formally approved New Relic's certification under the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK extension to the Data Privacy Framework.
The Data Privacy Framework replaces the Privacy Shield for data transfers to the U.S. The Privacy Shield was invalidated in the Schrems case. The Schrems case reaffirmed the validity of Standard Contractual Clauses (SCC) as an appropriate legal mechanism to transfer personal data outside of the European Union. Since then, New Relic has relied on the Standard Contractual Clauses as a mechanism to transfer personal data from the EU, Switzerland and the UK (the SCC were updated in 2021). You can find more information in EU-U.S. Data Privacy Framework (DPF) & International Data Transfers.
If you want to send personal data from the EU, Switzerland, and/or the UK, we offer an appropriate data processing addendum (DPA) that makes reference to the Data Privacy Framework and/or the SCC, as applicable. In the event that the Data Privacy Framework is invalidated, the SCC will automatically apply in order to ensure that there is a valid data transfer mechanism in place to govern the transfer of that data. For more information, consult our Data Processing Addendum FAQ, or download our pre-signed DPA.
We always strive to comply with all applicable laws as they take effect. This includes the European Union's General Data Protection Regulation (GDPR) and all relevant US State laws, such as the California Consumer Privacy Act (CCPA).
Our encryption at rest provides additional security while your data is at rest (FIPS 140-2 compliant). In addition, we are authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate) for accounts that meet specific criteria.
For privacy-related details about New Relic's contractual and regulatory commitments for services, see:
For more information about annual audits, see Regulatory audits for New Relic services.
If you have further questions, please contact your account team, or firstname.lastname@example.org. Please note that we are unable to provide assistance to our customers with privacy questions via any third party platforms, including, e.g., any data privacy or data privacy compliance platforms. The only method by which we can provide assistance is as set out above.
New Relic follows "privacy by design" principles as part of our overarching security program. For example, when New Relic agents capture a webpage or referrer URL, all query parameters are stripped by default.
Here are examples of how we incorporate privacy considerations into our data and security practices.
Our role-based account structure gives you direct control over who can access or change your account settings. For more information, see Users and roles.
We publish security bulletins with detailed information about vulnerabilities, remediation strategies, and applicable updates for affected software.
To receive notifications for future advisories, use either of these options:
- Subscribe to our security bulletins RSS feed.
- Select the Watching option in our Support Forum's Security notifications community channel to receive email alerts.
The following summarizes how individual New Relic products and components ensure security, with links to additional details.