Here is what you need to know about the New Relic agent and security. For additional information, see Data security.
For more information about New Relic and Security, see the New Relic Security website.
Disclosure and audit
The New Relic agent is a publicly accessible plugin for the C SDK, Go, Ruby, Java, .NET, Node.js, PHP, and Python web applications. The Ruby source code is readily available. New Relic does not do any dynamic code generation over the wire, so using the agent will not introduce any code into your application without your knowledge.
The Ruby agent is an open book. While the other agents use other mechanisms for instrumenting code, their behavior within your environment is similar. If you are concerned about what New Relic's software sees and does, you could audit the Ruby agent.
In order to help us improve our product and user experience, New Relic uses third-party analytics services to better understand the behavior of users on our site. The user data that New Relic collects is used solely by New Relic and is not shared, sold, or rented to any third parties for their own use.
For more information, see our Services data privacy notice.
Hosting and data storage
New Relic is self-hosted with co-location services called Server Central in a tier 3 data center in Chicago and an IBM-hosted data center near Frankfurt, Germany. New Relic uses standard best practices to maintain a firewall for our servers and to protect our servers from unauthorized login.
All data is stored in a cluster of MySQL databases. Metric data is not encrypted, nor are transaction traces or errors (although they are stored in a compressed serialized format). New Relic data is backed up nightly, and an archive is stored at a secondary data center.
Access to account data by New Relic employees is limited to a necessary set of users consistent with their assigned New Relic responsibilities. Except to the extent necessary to provide subscribed services and as documented in our Services data privacy notice, customer account data is not shared with any third parties. All customer account data access is logged and regularly audited.
High security mode
New Relic language agents offer high security options to prevent sensitive data from being sent.