New Relic takes your data privacy seriously. Our principles-based approach aims to go beyond the legal requirements for consent. We understand your concerns when you entrust us with your data, and we always strive to embrace your expectations and preferences.
This document provides links to detailed information about the privacy and security measures we take to protect you and your customers' data privacy. Our monitoring tools are data-agnostic; they don't require sensitive materials, and many of them don't require any personal data.
You are responsible for ensuring that your systems are appropriately set up and configured so that they don't send inappropriate personal data or sensitive materials to New Relic monitoring tools. For additional information about policies, credentials, audits, and other resources, see our New Relic security website.
New Relic includes the option of HIPPA-enabled accounts for customers meeting certain requirements. To learn more, see HIPAA readiness at New Relic.
The Schrems case ruling invalidates Privacy Shield. However, it explicitly reaffirms the validity of Standard Contractual Clauses (SCC) as an appropriate legal mechanism to transfer personal data outside of the European Union. You can find more information in How the Demise of Privacy Shield Affects Your New Relic Account.
If you want to send personal data from the EU, we offer an appropriate data processing agreement (DPA) with SCC to govern the transfer of that data in accordance with the Schrems decision. For more information, consult our Data Processing Addendum FAQ, or download our pre-signed DPA (PDF|697 KB).
We always strive to comply with all applicable laws as they take effect. This includes the European Union's General Data Protection Regulation (GDPR) and all relevant US State laws, such as the California Consumer Privacy Act (CCPA).
Our encryption at rest provides additional security while your data is at rest (FIPS 140-2 compliant). In addition, we are authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate) for accounts that meet specific criteria.
For privacy-related details about New Relic's contractual and regulatory commitments for services, see:
For more information about annual audits, see Regulatory audits for New Relic services.
New Relic follows "privacy by design" principles as part of our overarching security program. For example, when New Relic agents capture a webpage or referrer URL, all query parameters are stripped by default.
Here are examples of how we incorporate privacy considerations into our data and security practices.
Our role-based account structure gives you direct control over who can access or change your account settings. For more information, see Users and roles.
We publish security bulletins with detailed information about vulnerabilities, remediation strategies, and applicable updates for affected software.
To receive notifications for future advisories, use either of these options:
- Subscribe to our security bulletins RSS feed.
- Select the Watching option in our Explorers Hub's Security notifications community channel to receive email alerts.
The following summarizes how individual New Relic products and components ensure security, with links to additional details.