Rapid7 Privacy Policy

TRUSTe Privacy

Last Updated: June 30, 2017

Our quest to accelerate insight for security and technology practitioners requires collecting and processing an enormous amount of data. Ensuring your data is used only in a manner consistent with your expectations is a responsibility we take very seriously, and we back the privacy guidelines below with layers of security to safeguard your data.

What kinds of information do we collect?

Information you provide directly to us

For example, we collect information you provide in order to access our solutions, use our sites, subscribe to our content, or register for an activity associated with Rapid7. This may include, but is not limited to, your name, email address, telephone number, and mailing address

If you make a purchase from Rapid7, become one of our vendors, or otherwise establish a relationship with us that involves financial transactions, we collect information about those transactions. This may include, but is not limited to, your credit or debit card information, account and authentication information, tax identifiers, and other billing, delivery, and contact details.

How you interact with us and our solutions

We collect information about the solutions you use and how you use them, such as how often you access our products and which features you use most frequently. 

On our sites, we collect information using cookies and other tracking technologies. Please see our full Cookies, Widgets, and Other Tracking Technologies Policy.  

Information to deliver our solutions and services,

including:

  • Device and network data
  • User and system behavior
  • Application logs
  • Organizational information
  • Other relevant machine data  

Information from third-party partners

We receive various types of information from third-party partners on some occasions, such as when we jointly offer services or sponsor events. We also collect data from third parties that relate to active or historic threats, vulnerabilities, and risks around the world. This can include data like hostnames, IP Addresses, email accounts, and usernames. 

Information collected through various research initiatives

We conduct many types of research activities, including initiatives like Project Sonar, which periodically scans the internet to gain insights into global exposure to common vulnerabilities.

Human resources information 

We collect the human resources information of our employees. 

Return to top

How do we use this information?

To deliver, improve, and develop our offerings

We are able to deliver our solutions and services, understand the behavior of attackers, and better help our customers keep their environments safe by using collected informationThis may include basic metadata, but we do not access sensitive customer information, such as user, network, vulnerability, incident, or asset information, unless you have requested we do so to investigate issues with our solution or carry out a service.

To communicate with you

We use your information to communicate with you about our solutions, services, features, surveys, newsletters, offers, promotions, and events, and to provide other news or information about Rapid7 and our partners. We also use your information to respond to you when you contact us.

To conduct aforementioned research

The vast majority of the data we collect through our research initiatives like Project Sonar is publicly available. It is collected to educate and enrich the security community.

Return to top

How is this information shared?

We do not sell your personal information to third parties.

Information may be shared:

With organizations participating in or promoting research

Other information related to the research we conduct may be shared with various organizations, including academic institutions or publications, but only when this information is public and/or non-identifiable.

With third-party vendors, consultants, service providers, or other business partners

Some third parties may provide services on our behalf and may require access to your information to carry out that work, including billing, customer support, etc. These service providers are authorized to use your personal information only as necessary to provide the services in scope.

We may share your information with third-party business partners, for instance, for the purpose of enhancing our products and services. If you do not want us to share your personal information with these companies, contact us at privacy@rapid7.com.

We do not sell any customer, user, or research data to third parties.

In the case of a merger, sale, financing, or acquisition

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will subsequently be notified via email and/or via a prominent notice on our sites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Return to top

How do we respond to legal requests?

Unless prohibited from doing so by a contractual agreement, we will share personal information with companies, organizations, or individuals outside of Rapid7 if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to: 

    • Protect against harm to the rights, property, or safety of Rapid7, our customers or the public.
    • Meet any applicable law, regulation, legal process, or enforceable governmental request.
    • Detect, prevent, or otherwise address fraud, security, or technical issues.

Return to top

How do we operate our global services?

Rapid7 may share information internally across our parent, subsidiary, and affiliate companies or with third parties for the purposes defined in this policy. Information collected within the European Economic Area (“EEA”) may, for example, be transferred to countries outside of the EEA for the purposes as described in this policy.

For more information please see Rapid7 LLC and the EU-U.S. Privacy Shield.

Return to top

How will we notify you of changes to this policy?

We may update the Rapid7 Privacy Policy to reflect changes to our information practices. If we make any change in how we use your personal information we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Return to top

How can you manage or delete information about your organization?

Correcting and updating your information

Upon request, Rapid7 will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by emailing us at privacy@rapid7.comWe will respond to your request within a reasonable timeframe.

Communications opt-out

We may use your information to send you a newsletter or other marketing communications. You may choose to stop receiving our newsletter or marketing communications at any time by following the unsubscribe instructions included in the newsletters or communications. Alternatively, you can opt-out of receiving such newsletters and communications by contacting us at privacy@rapid7.com.

Customer data

If you opt to end your engagement with Rapid7, you have the opportunity to collect and transfer any data that is possible to export. If you request that Rapid7 delete all of your data, the request will be processed within 14 days.

Data retention

We will retain your information for as long as your account is active, or as needed to provide you products and/or services. If you wish to cancel your account or request that we no longer use your information to provide our offerings, contact us at privacy@rapid7.com. We will retain and use your information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

Return to top

How can you contact Rapid7 with questions or concerns?

Mailing Address:

Rapid7, 100 Summer Street, 13th Floor, Boston, MA 02110-2115

Phone:

1.617.247.1717

Email:

privacy@rapid7.com

Return to top