This document describes how New Relic protects the security of your data. For more information about our security measures, see our data privacy documentation and the New Relic Security website.
Data for New Relic accounts are isolated so that users can only see the data for accounts they own (or have been given permission to see). New Relic also has certain rights regarding customers' data, described in the Terms and Conditions page on the New Relic website.
In order to help us improve our product and user experience, New Relic uses third-party analytics services to better understand the behavior of users on our site. The user data that New Relic collects is used solely by New Relic and is not shared, sold, or rented to any third parties for their own use. For more information, see our Services data privacy notice.
Data transmission and firewalls
The New Relic agent communicates with two hosts:
collector-nnn.newrelic.com, where nnn is a numerical value
Typically the numbered host is fixed for your account, and it appears in
For required changes when you want to create firewall rules to allow the agent to communicate, see Networks. For more information about security measures for your data in transit to New Relic or at rest in our storage, see Data encryption.
Hosting and data storage
New Relic is self-hosted with co-location services called Server Central in a Tier 3 data center in Chicago, Illinois and an IBM-hosted data center near Frankfurt, Germany, as well as cloud storage through Amazon Web Services. We use standard best practices to maintain a firewall for our servers and to protect our servers from unauthorized login.
All data is stored in a cluster of MySQL databases. New Relic data is backed up nightly, and an archive is stored at a secondary data center.
Access to account data by New Relic employees is limited to a necessary set of users consistent with their assigned New Relic responsibilities. Except to the extent necessary to provide subscribed services and as documented in our Services data privacy notice, customer account data is not shared with any third parties. All customer account data access is logged and regularly audited.
HTTP parameters disabled by default
By default, New Relic agents disable collection of HTTP request parameters, such as the query string of a URL. This is an automatic safeguard to protect potentially sensitive data. New Relic collects and displays HTTP parameters only when you explicitly enable them in your agent configuration file.