Rapid7 Insight Platform Terms of Service

Terms and Conditions referenced on this page will only apply to any Rapid7 product or service purchased prior to March 1, 2023.


Last updated August 2022

Rapid7 LLC or Rapid7 International Limited (as applicable, “Rapid7”) is willing to provide certain services to you as the individual, the company, or the legal entity (referenced below as “You” or “Your” or “Customer”) that enters into a written quotation, work order, statement of work or similar document with Rapid7 that references these terms and conditions (hereinafter, this “Agreement”) only on the condition that you accept all of the terms of this Agreement. Read the terms and conditions of this Agreement carefully before purchasing any services from Rapid7. This is a legal and enforceable contract between You and Rapid7. By entering into a written quotation, statement of work or similar document with Rapid7 that references the agreement below, you agree to the terms and conditions of this Agreement. If you enter into a separate written agreement with Rapid7 for the services, then the terms of that separate written agreement shall apply and this Agreement shall have no effect.


1.1 Content means all data made available by Customer to Rapid7 for use in connection with the Service. This data may be stored within the Customer’s environment, within the Rapid7 environment, or a combination of both.

1.2 Documentation means the documentation for the Service generally supplied by Rapid7 to assist its customers in their use of the Service, including user and system administrator guides, manuals and the software functionality specifications.

1.3 Order Form means Rapid7’s order form or other ordering document signed or referenced by Customer and Rapid7 or its authorized reseller which identifies the specific Service ordered, the Volume Limitations, and the price agreed upon by the parties.

1.4 Service means the subscription service identified on an Order Form and further described herein.

1.5 Subscription Term means the term identified on an Order Form during which Customer has a subscription to the Service. 

1.6 Volume Limitations means the capacity indicated on the Order Form, including, as applicable, unique assets, applications, number of scans, number of billable cloud resources, gigabytes, or workflows.


2.1 Access to Service.

(a) During the Subscription Term, Rapid7 grants Customer a non-exclusive, non-transferable, non-sublicensable right to use and access the Service: (i) solely for Customer’s internal business purposes; (ii) within the Volume Limitations; and (iii) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on the Order Form.

(b) Access to the Service may require software to be downloaded or installed locally on Customer systems. If applicable, Customer must allow the downloaded and locally deployed software to integrate with such programs and devices necessary to provide data to the Service. In the event Customer decides to transmit its data without encryption, the Customer assumes all risks for failure to encrypt.

(c) In the event that the Service is used in excess of the Volume Limitations, following a reasonable notification period by Rapid7, Customer shall be liable for, and Rapid7 reserves the right to invoice for, the fees for such excess usage at Rapid7’s then current list rates, or as otherwise set forth on the Order Form, notwithstanding the limitation on liability in Section 6.2 of this Agreement.

2.2 Restrictions. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Service, or merge the Service into another program; (ii) resell, rent, lease, or sublicense the Service or access to it including use of the Service for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Service; nor (iv) access the Service in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Service. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the Service, all information and analysis regarding the vulnerability must be disclosed through the Rapid7 contact form, found at www.rapid7.com/disclosure/.

2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Service available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition, “control” means the direct possession of a majority of the outstanding voting securities of an entity.

2.4 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Service, or which it targets, scans, monitors, or tests with the Service.

2.5 Evaluation Licenses. If Customer’s access to the Service is for a trial or evaluation only, then the Subscription Term shall be thirty days, or the term specified on the Order Form. Customer may not utilize the same Service for more than one trial or evaluation term in any twelve month period, unless otherwise agreed to by Rapid7. Rapid7 may revoke Customer’s trial or evaluation access at any time and for any reason. Warranty, availability, and support obligations of Rapid7 shall not be applicable to any evaluation or trial license.


3.1 If Customer is purchasing the Service through a Rapid7 authorized reseller, then the fees shall be as set forth between Customer and reseller and the applicable fees shall be paid directly to the reseller and Section 3.2 shall not apply.

3.2 Customer agrees to pay the fees, charges, and other amounts in accordance with the Order Form. All fees are nonrefundable, unless otherwise stated herein. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Rapid7's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Rapid7 as applicable, will receive the Order Form payment amount as agreed to net of any such taxes. Customer shall provide to Rapid7 written evidence that such withholding tax payment was made.


4.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.

4.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process, or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.


5.1 Service Warranty. Rapid7 warrants that, during the Subscription Term: (i) the Service will conform, in all material respects, with the applicable Documentation; and (ii) it will not materially decrease the overall functionality of the Service. For any breach of the above warranty, Rapid7 will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Service to conform to the warranty. Customer will provide Rapid7 with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. If Rapid7 is unable to restore such functionality, Customer may terminate the applicable Order Form and receive a pro rata refund of the fees paid for the terminated portion of the then-current Subscription Term. Rapid7 makes no warranty regarding third party features or services. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.


5.3 Orchestration Disclaimer. Customer is responsible for implementing appropriate internal procedures and oversight to the extent it utilizes the configuration of workflows and processes, including but not limited to containment actions, quarantine actions, kill processes, and similar functionalities (“Orchestration and Automation Functionality”). EXCEPT FOR THE WARRANTY IN SECTION 5.1, THE ORCHESTRATION AND AUTOMATION FUNCTIONALITY IS MADE AVAILABLE BY RAPID7 ON AN “AS-IS” BASIS TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. Rapid7’s Orchestration and Automation Functionality is not designed, intended, or licensed for use in hazardous environments or other applications where a malfunction could cause property damage or personal injury, and Rapid7 specifically disclaims any liability in connection with any such use. Customer assumes all risks in using third-party products or services in connection with the Orchestration and Automation Functionality.





7.1 Term. This Agreement will continue in effect until otherwise terminated in accordance with Section 7.3 below. The Subscription Term will automatically renew for an additional one year term at the rate listed on the applicable Order Form unless (i) otherwise indicated on the Order Form or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the anniversary date. In connection with any renewal term, Rapid7 reserves the right to change the rates, applicable charges, and usage policies and to introduce new charges, upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the then-current Subscription Term.

7.2 Suspension of Service.

(a) In the event that Customer is using the Service to engage in illegal activity, and/or Customer’s use of the Service is causing immediate, material and ongoing harm to others, Customer agrees that Rapid7 may suspend Customer’s access to the Service, and shall promptly notify Customer of such suspension (which may be made by email or telephone). In the event that Rapid7 suspends Customer’s access to the Service, Rapid7 will use commercially reasonable efforts to limit the suspension to the offending portion(s) of the Service and work with Customer to resolve the issues giving rise to the suspension of Service. Customer agrees that Rapid7, acting in good-faith, shall not be liable to Customer or any third party for any suspension of the Service under this Section 7.2.

(b) In addition to the foregoing, Rapid7 also reserves the right to suspend Customer’s access to the Service upon notification, without having to terminate this Agreement or any Order Form, if Customer is more than thirty days late with respect to any payments due hereunder. Upon such suspension, Customer shall still be liable for all payments that have accrued prior to the date of suspension and that will accrue throughout the remainder of the Subscription Term. Rapid7 will not be obligated to restore access to the Service until Customer has paid all fees owed to Rapid7.

7.3 Termination. Notwithstanding the foregoing, either party may terminate this Agreement or any Order Form: (i) immediately in the event of a material breach of this Agreement or any such Order Form by the other party that is not cured within thirty days of written notice thereof from the other party or, if such breach is incapable of cure, immediately upon written notice; or (ii) immediately if the other party ceases doing business or is the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding, that is not dismissed within sixty days of filing. Either party may also terminate this Agreement upon no less than thirty days’ prior written notice to the other party for any reason if at such time there are no outstanding Subscription Terms then currently in effect. All rights and obligations of the parties which by their nature are reasonably intended to survive such termination or expiration will survive termination or expiration of this Agreement and each Order Form. Except as expressly provided herein, termination of this Agreement by either party will be a nonexclusive remedy for breach and will be without prejudice to any other right or remedy of such party.

7.4 Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Order Form, Rapid7 shall no longer provide the applicable Service to Customer and Customer must cease using the Service and send no further Content to Rapid7. Termination of this Agreement or an Order Form shall not relieve Customer of its obligation to pay all fees that have accrued or have become payable by Customer hereunder. Customer agrees that following termination of Customer’s account and/or use of the Service, Rapid7 may immediately deactivate Customer’s account and that following a reasonable period not to exceed 90 days, shall be entitled to delete Customer’s account and all Content from the Service.


8.1 Content. Customer retains ownership of all right, title, and interest in and to all Content, and Customer is solely responsible for all Content. Rapid7 does not guarantee the accuracy, integrity, or quality of such Content. Except as provided in this Agreement, Customer shall be solely responsible for providing, updating, uploading, and maintaining all Content. Rapid7 may use Content solely as necessary to: (i) provide the Service to Customer; (ii) in an anonymized and aggregated form that does not or cannot be used to identify Customer or any Content, to generate statistics and produce reports; and (iii) collect data and analytics about use of the Service in order to continue to improve the development and delivery of the Service.

8.2 Rapid7 Service. Rapid7 retains ownership of all right, title, and interest in and to all intellectual property in and about the Service.

8.3 Customer Obligations. Customer shall not: (i) upload or otherwise transmit, display, or distribute any Content to the Service that infringes any trademark, trade secret, copyright, or other proprietary or intellectual property rights of any person; (ii) upload or otherwise transmit to the Service any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment; or (iii) interfere with or disrupt the Service.


9.1 By Rapid7. Rapid7 will indemnify, defend, and hold harmless Customer from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim that Rapid7’s technology used to provide the Service infringes or misappropriates any patent, copyright, trade secret, or trademark of such third party. Notwithstanding the foregoing, in no event shall Rapid7 have any obligations or liability under this Section arising from: (i) use of any Service in combination with materials not furnished by Rapid7; or (ii) any content, information, or data provided by Customer or other third parties. If the Service is or is likely to become subject to a claim of infringement or misappropriation, then Rapid7 will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Service; (ii) replace or modify the Service to be non-infringing and substantially equivalent to the infringing Service; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Rapid7, then Rapid7 may terminate Customer’s rights to use the infringing Service and will refund pro-rata any prepaid fees for the infringing portion of the Service. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 9.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SERVICE OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.

9.2 By Customer. Customer will indemnify, defend, and hold harmless Rapid7 from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim regarding Customer's: (i) use of the Service in violation of this Agreement or applicable law; or (ii) breach of the representations and warranties made in Sections 2.4 and 11.2 of this Agreement.


10.1 Downtime. Subject to this Agreement and the Service Level Agreement located at https://www.rapid7.com/legal/sla/, Rapid7 shall use commercially reasonable efforts to provide the Service twenty-four hours a day, seven days a week throughout the Subscription Term. Customer agrees that from time to time the Service may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Rapid7 may undertake from time to time; or (iii) causes beyond the control of Rapid7 or which are not reasonably foreseeable by Rapid7, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Rapid7 shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Rapid7 shall have no obligation during performance of such operations to mirror Content or to transfer Content. Rapid7 shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the Service in connection with Downtime, whether scheduled or not.

10.2 Support Services. Rapid7 shall provide support during any Subscription Term, or else as otherwise set forth on the applicable Order Form subject to Rapid7’s support policy, located at https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-customer-support-guidebook.pdf.

10.3 Product-Related Professional Services. Unless otherwise provided on an Order Form or SOW, Customer is responsible for installing and configuring any Service. Rapid7 may provide Customer certain professional services, such as installation, configuration, consulting, training, and external scanning, if and as specified on an Order Form or a separate SOW executed by the parties (“Professional Services”). Professional Services will be invoiced upon execution of the SOW. All changes to an SOW must be approved by both parties in writing. Rapid7 shall have sole discretion in staffing the Professional Services and may assign the performance of any portion of the Professional Services to any subcontractor; provided that Rapid7 shall be responsible for the performance of any such subcontractor. Customer will have a non-exclusive, non-transferable license to use any deliverables or other work product developed by Rapid7 in the performance of the Professional Services, which are delivered to Customer, upon Customer's payment in full of all amounts due for such deliverables or work product. Rapid7 retains ownership of all information, software, and other property owned by it prior to this Agreement or which it develops independently of this Agreement and all deliverables and work product compiled or developed by Rapid7 in the performance of the professional services.

10.4 Professional Services Rescheduling. To the extent Customer purchases Professional Services, Customer may reschedule the Professional Services up to ten business days prior to the start of the Professional Services at no cost. If Customer reschedules the Professional Services with less than ten business days’ notice, Customer will forfeit the portion of the Professional Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Professional Services after they have begun, Customer will forfeit five days of Professional Services, or the number of days remaining on the Professional Services, whichever is fewer. Customer will also be responsible for any expenses incurred by Rapid7 due to such rescheduling. If performance of the Professional Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an SOW, Customer will forfeit the duration of such delay from its Professional Services time.


11.1 Personal Data. To the extent that Rapid7 processes personal data about any individual in the course of providing the Service, Customer agrees to Rapid7’s Data Processing Addendum, located at www.rapid7.com/legal/dpa/.

11.2 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Rapid7 to collect and process Content from Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.

11.3 Data Security. Rapid7 shall implement appropriate technical and organizational measures to protect Content from accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of or access to Content. Such measures may include, as appropriate (a) the encryption of Content; (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services; (c) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of Content.


12.1 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in North America) or London, England (for customers located outside North America) all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying Order Form(s) constitutes the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Rapid7's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall enure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; (j) terms in an Order Form have precedence over conflicting terms in this Agreement, but have applicability only to that particular Order Form; and (k) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

12.2 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.

12.3 Relationship of the Parties. Rapid7 and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties, or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.

12.4 US Government Restricted Rights. US Government Restricted Rights. This Section applies to all acquisitions of the Service by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Service are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Rapid7 provides the Service, including any related technical data and/or professional services in accordance with the following: If a right to access the Service is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Rapid7’s customers as such rights are described in this Agreement. If a right to access the Service is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Rapid7’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Rapid7 to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Rapid7. This Section 12.4 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Service.

12.5 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.

12.6 No Reliance. Customer represents that it has not relied on the availability of any future version of the Service or any future product or service in executing this Agreement or purchasing any Service hereunder.

12.7 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Rapid7 must be sent to notices@rapid7.com.

12.8 Publicity. Customer acknowledges that Rapid7 may use Customer’s name and logo for the purpose of identifying Customer as a customer of Rapid7 products and/or services. Rapid7 will cease using the customer’s name and logo upon written request.

12.9 Compliance with Law. Each party agrees to comply with all applicable federal, state, and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.

12.10 Links and Third Party Content. Customer agrees that Rapid7 shall not be responsible for applications, services, software, or other products supplied by a third party (excluding those delivered as part of the Service) that Customer chooses to use with or integrate with the Service, even if such third-party service interoperates with a Service.