Here is what you need to know about the New Relic APM agent and security. For more information about New Relic's security measures, see our security and privacy documentation, or the New Relic Security website.
Disclosure and audit
The New Relic APM agent for C, Go, Java, .NET, Node.js, PHP, Python, and Ruby is a publicly accessible plugin for web applications. The Ruby source code is readily available. New Relic does not do any dynamic code generation while communicating with your app, so using the agent will not introduce any code into your application without your knowledge.
The Ruby agent is an open book. While the other APM agents use other mechanisms for instrumenting code, their behavior within your environment is similar. If you are concerned about what New Relic's software sees and does, you could audit the Ruby agent.
In order to help us improve our product and user experience, New Relic uses third-party analytics services to better understand the behavior of users on our site. The user data that New Relic collects is used solely by New Relic and is not shared, sold, or rented to any third parties for their own use.
Hosting and data storage
New Relic is self-hosted with co-location services called Server Central in a tier 3 data center in Chicago and an IBM-hosted data center near Frankfurt, Germany. New Relic uses standard best practices to maintain a firewall for our servers and to protect our servers from unauthorized login.
All data is stored in a cluster of MySQL databases. Metric data is not encrypted, nor are transaction traces or errors (although they are stored in a compressed serialized format). New Relic data is backed up nightly, and an archive is stored at a secondary data center.
Access to account data by New Relic employees is limited to a necessary set of users consistent with their assigned New Relic responsibilities. Except to the extent necessary to provide subscribed services and as documented in our Services data privacy notice, customer account data is not shared with any third parties. All customer account data access is logged and regularly audited.
High security mode
New Relic language agents offer high security options to prevent sensitive data from being sent.