Rapid7 Trust

Transparency

You have full visibility into where your data lives, who has access to it, and how it is used.

You decide where your data lives

The Insight platform offers different regions to help you comply with your policies or preferences for the physical storage location of your data. Customers can select from five cloud regions: United States, Canada, Europe, Japan, and Australia. We will not move data from the region you select, and data is not replicated across other regions.

 

Your data is available

To offer you horizontally scalable solutions and ensure adequate partition of each customer’s data, we designed the Insight platform around secure, multi-tenant services from inception. Each organization is assigned its own relational database schema within database instances. Data residing in object stores or distributed file systems is tokenized using a unique UUID that logically separates each customer’s data.

 

Access to data

  • Rapid7 does not give any third-party direct or unfettered access to customer data except as you direct or when required by law.

  • We redirect law enforcement and other third-party requests to the customer. When we receive a government or law enforcement request for customer data, we will promptly notify you and provide you with a copy of the request, unless we are legally prohibited from doing so.

  • We do not give third parties access to encryption keys. We do not voluntarily provide any government with our encryption keys or the ability to break our encryption, and we will challenge overbroad legal demands for this data.

Rapid7 usage of your data

Rapid7 may collect certain types of data to help us improve our solutions and services. We have defined rules for what, when, and how we use this data, and you decide which data is made available to us.

Security System Data

Security System Data is collected to deliver the Insight platform. The elements collected vary by product and include data such as user, network, vulnerability, incident, asset, and log data. This data resides on the Insight platform and is what populates the dashboards and products you use. Rapid7 will never sell, rent, or trade your Security System Data.

Usability Data

In order to provide our solutions and services to you, we must collect certain usage data. This helps us ensure that our solutions and services are operating correctly and that you are having the best possible experience with our products. The types of Usability Data we collect include:

  • Device and connection data (e.g. browser type, operating system version, network speed)

  • User and system behavior (e.g. commonly used features, user activity, configuration process)

  • Product logs (e.g. web server, java, and Rapid7 generated logs for troubleshooting)

  • Organizational data (e.g. customer industry, location, number of users)

  • Other relevant machine data  

We collect data about the solutions you use and how you use them, such as how often you access our products and which features you use most frequently. This is done in an effort to improve your experience with our solutions. For example, we may use this data to highlight additional capabilities or offer tips relating to features you are already using, to make our solutions more intuitive, or to enhance the solution’s most popular features. The Usability Data collected never includes Security System Data such as user, network, vulnerability, incident, or asset data.