Data privacy analysis report of newrelic
newrelic
New Relic is a leading platform in the technology sector specializing in observability and performance monitoring. Notable for its comprehensive suite of digital intelligence tools, New Relic collects a wide variety of user data for functionality, security, and analytical purposes. Key data practices include data obfuscation, encryption, retention policies, and compliance with legal standards like GDPR and CCPA.
New Relic's robust data practices, including data obfuscation, encryption, and compliance with GDPR and CCPA, underscore its commitment to maintaining the security and privacy of user information.
Who are newrelic and what is their primary business model?
New Relic is a company primarily focused on observability and performance monitoring. The principal homepage for New Relic is [www.newrelic.com](http://www.newrelic.com). The company provides a comprehensive suite of digital intelligence products that allow engineers to monitor, debug, and improve their application stacks
Among its primary offerings are New Relic One, a unified observability platform providing a single view for monitoring, logging, and tracing; New Relic Log Management, which centralizes log analysis; New Relic Performance Monitoring, offering detailed insights into serverless functions like AWS Lambda; New Relic Alerts, which provides threshold-based notifications for performance variations; and New Relic Incident Management, facilitating intelligent alerting and incident handling.
What types of data does newrelic collect from its users?
New Relic collects various types of data from its users to provide its services effectively. The collected data includes device and geographic information like IP addresses, device types, browser types, and location data at a high-level, such as country or city. The platform also collects performance data across different monitoring sectors like APM (Application Performance Monitoring), browser monitoring, mobile monitoring, and infrastructure monitoring, among other integrations
Additionally, New Relic gathers contact and financial information of users, including names, billing addresses, credit card information, email addresses, and company names. User account information is also collected for service provision, which may include data from third-party sources like survey tools, payment processors, and tools for creating certificates. Moreover, New Relic can collect profiles, contact information, and behavioral data such as mailing addresses, job titles, and phone numbers for purposes like targeted advertising and event promotion
The data collection process typically involves an agent installed within the application or host server, gathering data at the code level and sending it to the APM dashboard after a one-minute interval.
What are the specific purposes for which New Relic uses the collected data?
New Relic uses the collected data for a variety of purposes. Primarily, the data is used to deliver functionality on their sites and to provide the agreed services. This includes managing the security of their sites, physical locations, networks, and systems, and responding to user requests and inquiries
For billing purposes, New Relic generates a device ID. Technical and functional administration is another key use, ensuring that the platform runs smoothly. Personal data is also used for security purposes and is shared with third-party vendors for services like survey tools and payment processing
The platform uses geographic data derived from IP addresses for high-level insights, which are then discarded. Data analysis and troubleshooting are crucial for improving the performance and reliability of applications. Furthermore, New Relic uses technologies like Kubernetes integration and OpenTelemetry for comprehensive observability and NRQL for detailed data analysis and troubleshooting.
How does New Relic ensure the accuracy and integrity of the data it collects?
New Relic employs several methods to ensure the data's accuracy and integrity. Data obfuscation and masking are two critical features; sensitive information such as credit card numbers or Social Security numbers is either removed or masked before transmission. Data encryption is also used, particularly encryption at rest, compliant with FIPS 140-2 standards
Different types of data have varied retention periods, providing clarity on storage durations. Internal policies and procedures guide employees on data classification and handling, with mandatory security and privacy training for all staff upon hiring and annual renewals. The platform's role-based account structure offers direct control over account access, ensuring a single source of truth for operational data
Data auditing capabilities track changes to accounts and configurations, offering transparency. Security bulletins are published to inform users of vulnerabilities, remediation strategies, and software updates. Compliance with laws such as GDPR and CCPA is a priority, including achieving FedRAMP Authorization for accounts meeting specific criteria.