Rapid7 Trust


You have visibility into where your data lives, who has access to it, and how it is used.

Where your data lives

The Insight platform offers different regions to help you comply with your policies or preferences for the physical storage location of your data. Customers of certain Insight platform solutions can select from five cloud regions: United States, Canada, Europe, Japan, and Australia. Except as set forth in the Rapid7 Privacy Policy or applicable Agreement, we will not move data from the region you select

Your data is available

To offer you horizontally scalable solutions and ensure adequate partition of each customer’s data, we designed the Insight platform around secure, multi-tenant services from inception. Data residing in object stores or distributed file systems is tokenized using a unique UUID that logically separates each customer’s data.

Access to data

  • Rapid7 does not give any third-party direct or unfettered access to customer data, where customer data, means all data, including personal data, made available by the customer to Rapid7 for use in connection with the Rapid7 offerings, except as you direct, as stated in the applicable agreement, or when required by law.

  • Where possible, we redirect law enforcement and other third-party requests to the customer. If we receive a government or law enforcement request for customer data, we will promptly notify you and provide you with a copy of the request, unless we are legally prohibited from doing so.

  • Further, we may challenge government or law enforcement requests for customer data that we consider to be overly broad or unlawful.

Rapid7 usage of your data

Rapid7 may collect certain types of data to help us improve our solutions and services. We have defined rules for what, when, and how we use this data, and you decide which data is made available to us.

Security System Data

Security System Data is collected to deliver the Insight platform. The elements collected vary by product and include data such as user, network, vulnerability, incident, asset, and log data. This data resides on the Insight platform and is what populates the dashboards and products you use. Rapid7 will never sell, rent, or trade your Security System Data.

Usability Data

In order to provide our solutions and services to you, we must collect certain usage data. This helps us ensure that our solutions and services are operating correctly and that you are having the best possible experience with our products. The types of Usability Data we collect include:

  • Device and connection data (e.g. browser type, operating system version, network speed)

  • User and system behavior (e.g. commonly used features, user activity, configuration process)

  • Product logs (e.g. web server, java, and Rapid7 generated logs for troubleshooting)

  • Organizational data (e.g. customer industry, location, number of users)

  • Other relevant machine data  

We collect data about the solutions you use and how you use them, such as how often you access our products and which features you use most frequently. This is done in an effort to improve your experience with our solutions. For example, we may use this data to highlight additional capabilities or offer tips relating to features you are already using, to make our solutions more intuitive, or to enhance the solution’s most popular features. The Usability Data collected never includes Security System Data such as user, network, vulnerability, incident, or asset data.