Rapid7’s Subprocessor List
The below is a current list of Rapid7’s subprocessors. Rapid7 has authorized these subprocessors to process personal data in order to enable Rapid7 to provide its products and services. Rapid7 performs commercially reasonable due diligence on the data security and protection practices of its subprocessors. Pursuant to Rapid7’s Data Processing Addendum, you may object to the appointment of any subprocessor on reasonable grounds relating to the protection of your data by emailing privacy@rapid7.com.
Subprocessor | Use Case | Personal Data Types Collected | Location of Processing | Further Information |
|---|---|---|---|---|
Amazon Web Services (AWS) | Cloud Hosting | Personal data captured in scan data, admin, and user data, and product and offering data | Australia, Canada, Germany, Ireland, Japan, United States | Data processor for customer security data |
Ask-AI | Customer Support | Customer ticket information which includes customer names and email addresses | United States | AI tool that permits support engineers to leverage generative AI capabilities to deliver faster response times and resolutions for customers |
Cisco | Network Security and Identity Management | Logs, tags, and markers associated with users in Rapid7's environment | United Kingdom, United States | Network security and identity management that permits network posturing |
Datadog | Monitoring Analytics | IP addresses, browser information, and user profile information | United States | Tool to improve, monitor, and understand usage of the Rapid7 Insight Platform |
Freshworks | Customer Communications and Ticketing System | Personal data from Okta including employee data, titles, and email addresses | United States | Freshworks, which includes Freshservice and Freshdesk helps streamline customer communications and ticketing as well as the use of various applications |
IronScales | Email Security | Email data which can include names, email addresses, titles and addresses | United States | Provides visibility into inbound email and enhances Rapid7's ability to detect, prevent, and respond to phishing threats more effectively |
Gong | CRM | Employee and customer PII such as names, email addresses, and phone numbers captured from channels like calls, emails, and web conferencing | United States, EU | Revenue intelligence platform that helps Rapid7 analyze customer interactions to improve sales performance, coaching, and deal management by providing insights that can help Rapid7 understand customer behavior and improve team productivity |
Google Cloud | Cloud Hosting | Employee PII and Customer PII such as names, email addresses, and IP addresses | United States, EU | Enterprise platform which provides a variety of workspace productivity tools and services to Rapid7 through Google Workspace (SaaS) and Google Cloud Platform (IaaS) |
Klarity | Contract Management | Customer names, signatory names, titles, and customer addresses | United States | Tracks contractual obligations with customers and vendors |
Marketo | Program/campaign management | Customer PII such as names, titles, and email addresses | United States | Tool for program and campaign management and as a lead database to coordinate email sends to prospects and customers |
Okta | Identity and Access Management | Employee data and customer data | United States | Permits single-sign-on to Rapid7 systems and applications by our employees and customers (who have a separated Okta instance that is integrated with iPIMS) |
OpenAI | AI Language Model Services | Text inputs provided by users and customers, which may include personal data or customer information for customer support, content creation, and data analysis | United States | Enhances Rapid7 services by providing advanced natural language processing capabilities to improve efficiency and customer experience |
Pendo | Product Analytics | User names and account information | United States | Used to communicate downtimes, new features, and releases with customers |
Plextrac | Central Authentication Service | Customer names and email addresses | United States | Reporting and dashboarding of CAS results and data for vulnerability management and penetration testing |
Salesforce | CRM | Customer and user names, titles, phone numbers, email addresses, and physical addresses | United States | CRM for account and contracts management, opportunity management and forecasting, customer support, managed services, and order management |
6sense | Acount-Based Marketing (ABM) | Names, titles, email addresses, phone numbers, geolocations, cookies, device data, and IP addresses of customers, prospects, and visitors to Rapid7's web properties | United States | Platform that provides Rapid7 insights into potential buyers to enable targeted marketing and sales efforts |
Slack | Internal Communication and Messaging | Workspace and account information, usage information, cookie information, third-party services information, contact data, audio and video metadata | United States | Messaging tool for departmental messaging and cross collaboration across the company |
Snowflake | Data Store | Customer and user names, email addresses, phone numbers, and product usage | United States | Data lakehouse and data store to ingest and transform data from various source applications to build analytics and support core business processes |
Tableau | Cloud Security | Customer and user names, email addresses, phone numbers, and product usage | United States | Business intelligence tool for internal usage reporting |
Zoom | Video conferencing | Names, titles, email addresses, phone numbers, IP addresses, and device information of employees, customers, prospects, and any individual who interacts with Rapid7 agents or employees via Zoom | United States | Cloud-based video conferencing platform that enables Rapid7 to hold meetings, webinars, and other online interactions. It offers features like video and audio conferencing, screen sharing, chat, and recording capabilities |
In addition to the subprocessors listed above, the following entities are a part of the Rapid7 group, and accordingly may also function as subprocessors.
Subprocessor | Location |
|---|---|
Rapid, Inc. | United States |
Rapid7 LLC | United States |
Rapid7 International Group | United Kingdom |
Rapid7 International Group Limited | United Kingdom |
Rapid7 International Holdings Limited | United Kingdom |
Rapid7 Ireland Limited | Ireland |
Rapid7 Netherlands B.V. | Netherlands |
Rapid7 Singapore PTE. LTD. | Singapore |
Rapid7 Japan KK | Japan |
Rapid7 Germany GMBH | Germany |
Rapid7 Canada, Inc. | Canada |
Rapid7 Australia Pty Ltd. | Australia |
Rapid7 Spain SL | Spain |
Rapid7 France SAS | France |
Rapid7 Sweden AB | Sweden |
Rapid7 India Technologies Private Ltd. | India |
Rapid7 Czech Republic S.R.O | Czech Republic |
IntSights Cyber Intelligence Ltd. | Israel |
If you have any questions regarding this page please reach out to us at privacy@rapid7.com.