New Relic takes your data privacy seriously. Our principles-based approach aims to go beyond the legal requirements for consent. We understand your concerns when you entrust us with your data, and we always strive to embrace your expectations and preferences. This document provides links to detailed information about the privacy and security measures we take to protect you and your customers' data privacy. Our monitoring tools are data-agnostic; they don't require sensitive materials, and many of them don't require any personal data. You are responsible for ensuring that your systems are appropriately set up and configured so that they don't send inappropriate personal data or sensitive materials to New Relic monitoring tools. For additional information about policies, credentials, audits, and other resources, see our New Relic security website
New Relic includes the option of HIPAA-enabled accounts for customers meeting certain requirements. To learn more, see HIPAA readiness at New Relic.
Personal data transfer (Data Privacy Framework and SCC)As of October 2023, the U.S. Department of Commerce has formally approved New Relic's certification under the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK extension to the Data Privacy Framework. The Data Privacy Framework replaces the Privacy Shield for data transfers to the U.S. The Privacy Shield was invalidated in the Schrems case
. The Schrems case reaffirmed the validity of Standard Contractual Clauses (SCC) as an appropriate legal mechanism to transfer personal data outside of the European Union. Since then, New Relic has relied on the Standard Contractual Clauses as a mechanism to transfer personal data from the EU, Switzerland and the UK (the SCC were updated in 2021). You can find more information in EU-U.S. Data Privacy Framework (DPF) & International Data Transfers
. If you want to send personal data from the EU, Switzerland, and/or the UK, we offer an appropriate data processing addendum (DPA) that makes reference to the Data Privacy Framework and/or the SCC, as applicable. In the event that the Data Privacy Framework is invalidated, the SCC will automatically apply in order to ensure that there is a valid data transfer mechanism in place to govern the transfer of that data. For more information, consult our Data Processing Addendum FAQ
Compliance with legal requirementsWe always strive to comply with all applicable laws as they take effect. This includes the European Union's General Data Protection Regulation (GDPR)
and all relevant US State laws, such as the California Consumer Privacy Act (CCPA). Our encryption at rest provides additional security while your data is at rest (FIPS 140-2 compliant
). In addition, we are authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate)
For more information about annual audits, see Regulatory audits for New Relic services.
If you have further questions, please contact your account team, or privacy@newrelic.com. Please note that we are unable to provide assistance to our customers with privacy questions via any third party platforms, including, e.g., any data privacy or data privacy compliance platforms. The only method by which we can provide assistance is as set out above.
Privacy by design and by defaultNew Relic follows "privacy by design" principles as part of our overarching security program. For example, when New Relic agents capture a webpage or referrer URL, all query parameters are stripped by default. Here are examples of how we incorporate privacy considerations into our data and security practices.
Personal data requests (GDPR, CCPA, etc.)New Relic strives to comply with all applicable laws as they take effect. This includes the European Union's GDPR and ePrivacy Directive and all applicable privacy laws, such as the California Consumer Privacy Act (CCPA) in the US. For more information about our process when responding to requests to access or delete personal data, see New Relic personal data requests.
Events and attributesYou can query events and attributes, as well as create charts and alert conditions about this data. For a complete list of all events and attributes tracked by New Relic agents, see our data dictionary. Events and attributes example: If you use the Infrastructure ProcessSample event's commandLine attribute, by default we strip options and arguments from the full command line to prevent accidental leakage of sensitive information.
Dropping data at ingest