Rapid7 Trust

Frequently Asked Questions

Frequently Asked Questions

  • Who can access our data?

    We strive to ensure that the fewest people possible have access to your data, and only on an as-needed basis.

    Support, Software Developers, and Operations Engineers have access to data to support application development and troubleshooting. Additionally, Rapid7 collects Usability Data to help us improve our solutions and services and Security System Data to deliver the Insight platform. For more details on these data types, please visit our Transparency page.

    Sales and Solution Engineers only have access to your Security System Data if you choose to use a production environment for a proof-of-concept.

    Sales, Marketing and other customer support teams have access to contact information, sales data, and Usability Data for product support and product analytics.

  • Will Rapid7 share our data?

    Rapid7 does not give any third-party direct or unfettered access to customer data except as you direct or when required by law.

    We redirect law enforcement and other third-party requests to the customer. When we receive a government or law enforcement request for customer data, we will promptly notify you and provide you with a copy of the request, unless we are legally prohibited from doing so.

    We do not give access to platform encryption keys. We do not voluntarily provide any government with our encryption keys or the ability to break our encryption, and will challenge overbroad legal demands for this data.

    To learn more about how Rapid7 handles data, please view our Privacy Policy.

  • Can we perform our own assessment of Rapid7 systems?

    In compliance with our Terms of Service, customers are not permitted to perform assessments of our networks or applications.

    Rapid7 undergoes third party network and application penetration testing on an annual basis to ensure our products and corporate IT environments are secure. We are happy to provide letters of attestation from the external firm summarizing the results of this effort and Rapid7’s steps for remediation.

  • Will you fill out our security questionnaire?

    Rapid7 is more than happy to help you with your due diligence needs. We work very hard to provide high quality information about our security program, the security of our products, and Rapid7 procedures for keeping customer data secure. Rapid7 has now introduced a “Documentation First Approach Process”. This approach will simply ensure that all our customers and prospects have all the applicable security artifacts they need to kick off their review of Rapid7 without delay from our OneTrust Profile. Publicly available documents can be downloaded here

    If you require additional access to download Rapid7 SOC2 Type II report and other vital documents, kindly contact your Rapid7 account representative and they will submit a ticket on your behalf to have access provisioned for you. This will allow you to create a OneTrust account and give you access to the platform for 5 business days to download all applicable documents. If you still have questions after reviewing our documentation, we are happy to address them. Kindly contact your account representative via email with your additional questions.

  • What is Rapid7’s data privacy policy?

    You can find our full Privacy Policy at http://kql3.us1788.com/privacy-policy/

  • Is a third-party audit report (SOC2 Type II) available?

    Yes, these reports can be downloaded on Rapid7 OneTrust Private Profile. Please contact your Rapid7 account representative and they will submit a ticket on your behalf to have access provisioned for you. This will allow you to create a OneTrust account and give you access to the platform for 5 business days to download the SOC2 Type II report and any other applicable security artifact for your review. If you still have questions after reviewing our documentation, we are happy to address them. Kindly contact your account representative via email with your additional questions.