'%3e%3cpath%20d='M323.153%20186.115C323.153%20261.8%20261.798%20323.155%20186.113%20323.155C110.429%20323.155%2049.0742%20261.8%2049.0742%20186.115C49.0742%20110.431%20110.429%2049.0762%20186.113%2049.0762C261.798%2049.0762%20323.153%20110.431%20323.153%20186.115ZM86.956%20186.115C86.956%20240.879%20131.35%20285.273%20186.113%20285.273C240.877%20285.273%20285.271%20240.879%20285.271%20186.115C285.271%20131.352%20240.877%2086.9579%20186.113%2086.9579C131.35%2086.9579%2086.956%20131.352%2086.956%20186.115Z'%20fill='%23F7F7F7'/%3e%3c/g%3e%3cpath%20d='M70.3112%20209.281C60.0536%20211.333%2053.2776%20221.377%2056.7232%20231.254C63.3926%20250.372%2074.2441%20267.853%2088.5769%20282.376C107.364%20301.412%20131.31%20314.535%20157.465%20320.126C183.619%20325.718%20210.838%20323.534%20235.766%20313.844C260.695%20304.154%20282.243%20287.381%20297.754%20265.593C313.265%20243.805%20322.062%20217.954%20323.059%20191.227C324.057%20164.5%20317.212%20138.065%20303.368%20115.181C289.524%2092.2978%20269.286%2073.9652%20245.149%2062.4438C226.735%2053.6538%20206.666%2049.1214%20186.418%2049.0767C175.957%2049.0536%20168.684%2058.7439%20170.102%2069.108C171.52%2079.4722%20181.122%2086.5329%20191.567%2087.1081C204.431%2087.8165%20217.095%2091.0286%20228.831%2096.6304C246.295%20104.967%20260.939%20118.232%20270.956%20134.79C280.973%20151.348%20285.926%20170.475%20285.204%20189.814C284.482%20209.153%20278.117%20227.858%20266.894%20243.623C255.67%20259.388%20240.079%20271.525%20222.041%20278.536C204.004%20285.548%20184.309%20287.128%20165.385%20283.082C146.46%20279.036%20129.133%20269.541%20115.539%20255.767C106.405%20246.511%2099.225%20235.595%2094.3454%20223.672C90.3833%20213.991%2080.5687%20207.229%2070.3112%20209.281Z'%20fill='url(%23paint0_linear_2916_4069)'/%3e%3ccircle%20cx='74.4325'%20cy='226.88'%20r='13.7211'%20stroke='white'%20stroke-width='5'/%3e%3cdefs%3e%3cfilter%20id='filter0_i_2916_4069'%20x='49.0742'%20y='49.0762'%20width='274.079'%20height='278.078'%20filterUnits='userSpaceOnUse'%20color-interpolation-filters='sRGB'%3e%3cfeFlood%20flood-opacity='0'%20result='BackgroundImageFix'/%3e%3cfeBlend%20mode='normal'%20in='SourceGraphic'%20in2='BackgroundImageFix'%20result='shape'/%3e%3cfeColorMatrix%20in='SourceAlpha'%20type='matrix'%20values='0%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%20127%200'%20result='hardAlpha'/%3e%3cfeOffset%20dy='4'/%3e%3cfeGaussianBlur%20stdDeviation='10'/%3e%3cfeComposite%20in2='hardAlpha'%20operator='arithmetic'%20k2='-1'%20k3='1'/%3e%3cfeColorMatrix%20type='matrix'%20values='0%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200%200.1%200'/%3e%3cfeBlend%20mode='normal'%20in2='shape'%20result='effect1_innerShadow_2916_4069'/%3e%3c/filter%3e%3clinearGradient%20id='paint0_linear_2916_4069'%20x1='171.128'%20y1='37.9628'%20x2='201.103'%20y2='334.269'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%230373FC'/%3e%3cstop%20offset='1'%20stop-color='%2384BCFF'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
Ranking
The vendor's agreements were benchmarked against thousands of vendor forms and are in the top 23% for customer favorability.
60% customer favorability, based on 750 plus contract signals powered by Certify.
Indicates balanced, low-risk terms favorable to the customer.
Top 23% IT contract. No structural blockers. Procurement-ready.
Risk Summary
A concise snapshot of key risks, their impact, and priority concerns.
Insurance
Insurance requirements
- Rapid7 LLC is not required to carry any form of insurance
Summary
Liability cap
- Rapid7 LLC's liability is capped at 12 months' fees
- There is no secondary cap on Rapid7 LLC's liability
- Customer's liability is capped at 12 months' fees
- There is no secondary liability cap on Customer's liability
Exceptions to the liability cap
- Claims related to violations of Customer's IP rights are excluded from the cap on Rapid7 LLC's liability
- Indemnification obligations relating to IP infringement are excluded from the cap on Rapid7 LLC's liability
- Claims related to violations of Rapid7 LLC's IP rights are excluded from the cap on Customer's liability
- At least some indemnification obligations (other than relating to data or IP infringement) are excluded from the cap on Customer's liability
Excluded damages
- One or more forms of indirect damages are excluded from Rapid7 LLC's liability
- One or more forms of indirect damages are excluded from Customer's liability
Exceptions to excluded damages
- There are no exceptions to the damages excluded from Rapid7 LLC's liability
- There are no exceptions to the damages excluded from Customer's liability
Timing of claims
- There are no limits on when claims must be brought by Customer
- There are no limits on when claims must be brought by Rapid7 LLC
Claims
- Rapid7 LLC indemnifies Customer for claims based on third-party IP infringement
- Customer indemnifies Rapid7 LLC for claims arising from violation of laws
- Customer indemnifies Rapid7 LLC for claims based on violation of Customer's representations and/or warranties in the contract
Scope of obligations
- Rapid7 LLC's IP indemnification covers all types of IP
- Rapid7 LLC's indemnification obligations are the exclusive remedy for indemnified claims
- Rapid7 LLC's indemnification does not include the obligation to provide a defense
- Rapid7 LLC's indemnification does not include the obligation to hold harmless
- Customer's indemnification obligations are limited to third-party claims
- Customer's indemnification obligations are not the exclusive remedy for indemnifiable claims
- Customer's indemnification includes the obligation to provide a defense
- Customer's indemnification includes the obligation to hold harmless
Limitations, conditions, or exclusions
- Rapid7 LLC's IP indemnity does not cover claims resulting from modifications, combinations, or use of an outdated version of the service
- There are no constraints on when Customer must notify Rapid7 LLC of an indemnifiable claim
- Conditions or exclusions to Rapid7 LLC's indemnification obligations that TermScout was unable to classify - see citation
- Customer's indemnification obligations are not subject to conditions and/or exclusions
Warranties Offered
SLAs
- Rapid7 LLC offers an SLA regarding uptime
- The specified remedy for Rapid7 LLC's violation of the uptime SLAs is credit or refunds
- The specified remedy for Rapid7 LLC's violation of an uptime SLA is the exclusive remedy
- Rapid7 LLC offers some other form of SLA
- There is no specified remedy for Rapid7 LLC's violation of the other form of SLA
Other warranties
- Rapid7 LLC warrants that the services will meet specified standards of care or conduct
- Rapid7 LLC provides warranties regarding defects, performance, and/or features
Implied warranties
- Rapid7 LLC disclaims some or all implied warranties
Data Rights
Data provided by Customer
- Rapid7 LLC does not claim ownership of any data provided by Customer
- Rapid7 LLC receives rights to use data provided by Customer for its internal business purposes
- Rapid7 LLC receives rights to use data provided by Customer to the extent it is anonymized
Data Security
Subprocessor obligations
- The contract lists or references a list of some subprocessors
- Rapid7 LLC is required to ensure that subprocessors are bound by data or privacy requirements similar to those in this contract
Security commitments
- Rapid7 LLC makes contractually binding data security commitments
Third party audits, standards, or certifications
- Rapid7 LLC commits to comply with at least one third-party data security audit, standard, or certification
- Rapid7 LLC commits to Soc 2 audits
- There are no qualifications and/or limitations to Rapid7 LLC's commitments to comply with third-party data security audits, standards, or certifications
Data breach notification policy
- Rapid7 LLC commits to notifying Customer of a security breach impacting Customer's data
Summary
Vendor's confidential information
- Customer must provide some protection of Rapid7 LLC's confidential information
Customer's confidential information
- Rapid7 LLC must provide some protection of Customer's confidential information
- Rapid7 LLC explicitly commits not to disclose Customer's confidential information, except as necessary to provide the services
- Rapid7 LLC explicitly commits not to use Customer's confidential information, except as necessary to provide the services
Mutuality
- All commitments concerning confidential information are mutual
Residuals clause
- There is no residuals clause
Warranties Offered
Compliance with documentation/specifications
- Rapid7 LLC warrants that the services will comply with certain documentation and/or specifications, but the warranty has some conditions or qualifications
Payment Terms
Late payment penalties
- There are no penalties for late payments
Payments due
- Customer's payment terms are either less than 30 days or not specified in the Agreement
Vendor's expenses
- Rapid7 LLC reserves the right to bill Customer for one or more types of expenses incurred by Rapid7 LLC
- Rapid7 LLC reserves the right to bill Customer for expenses beyond the collection of unpaid fees
Summary
Customer's termination rights
- Customer has certain rights to terminate for cause
Refunds
- Customer's termination rights include the right to a refund
Auto-renewal
- The contract has auto-renew language, but Customer may opt out
- The contract has auto-renewal language and Customer may opt out by giving less than or equal to 45 days' notice
Vendor's termination and suspension rights
- Rapid7 LLC does not receive the right to terminate the contract for convenience
- Customer has between 11 and 30 days to cure a breach before Rapid7 LLC can terminate for cause
- Rapid7 LLC may suspend Customer's access to the service for payment-related issues
Customer's IP
Licenses to Customer IP
- Rapid7 LLC receives the right to use Customer's name and/or marks publicly
Publicity rights
- Rapid7 LLC's use of Customer's name and/or marks is not subject to Customer's guidelines
Assignment of Customer IP or work product
- Customer does not assign any work product or other IP to Rapid7 LLC
Summary
Non-compete
- There are no restrictions on Customer's ability to compete as long as Customer doesn’t violate the agreement or use the services to compete
Non-solicit
- There are no restrictions on Customer's right to solicit
Exclusivity
- There are no restrictions on Customer's ability to procure similar products or services from other vendors
Vendor's assignment rights
- Rapid7 LLC's assignment rights are not addressed
Customer's assignment rights
- Customer is allowed to assign in the event of a merger or acquisition
- Customer is allowed to assign in the event of a corporate reorganization
- There are consent requirements restricting Customer's ability to assign the contract
- Consent requirements apply to Customer's assignment rights in the event of a merger or acquisition
- Consent requirements apply to Customer's assignment rights in the event of a corporate reorganization
- There are no notice requirements restricting Customer's ability to assign the contract
- There are no restrictions or conditions on Customer's right to assign to a competitor of Rapid7 LLC
Access the complete methodology and detailed breakdown by
downloading the full report for in depth insights
Why this Matters
See value, risks, and position at a glance for better decisions.
How TrustMark™ Works?
Data Extraction
Scans and converts legal text into structured data.
Objective Scoring
Clauses benchmarked against market data.
Deal Breakers
Risks and non-negotiables flagged early.
Benchmarking
Compares your contract to market standards.
Certification
Contract validated after meeting risk and score thresholds.
Based on 750 plus contract signals benchmarked against market data.
Certified Contract Reports, Explained
Verified™ contract reviews are reviews of contracts that have been carefully checked by contract experts. This review is designed to help users understand the rights and obligations associated with the General Terms and Conditions ("TAC") for Rapid7 LLC. We looked at the issues found in 'Term Sheets' and did not look for any other issues.
For more information on TermScout's contract review process, visit our methodology page.
In order to qualify for Certification, a contract must meet the following criteria:
- Achieve a TermScout rating of Balanced or Customer Favorable, and
- Be free of all designated Deal Breaker clauses.
The difference between certified Balanced and certified Customer Favorable is the TermScout favorability rating achieved by the contract. Each of these criteria is more fully described below.
A contract is balanced when it allocates risks between the parties in a roughly equal manner, as determined by TermScout's two-step, data-driven analysis. First, we use our proprietary AI to abstract over 750 defined data points from each contract we analyze. Then, we use an algorithm to objectively score that data. Because TermScout looks at the exact same set of data points and uses the exact same scoring algorithm in every contract analysis we conduct, you can now compare contracts on an apples-to-apples basis. (You can read more about the data points that TermScout analyzes in every IT contract here.)
This enables us to objectively rate contracts at both the agreement level and by key topic area (e.g., limitations of liability, indemnification, warranties, etc.) and show you which contracts are vendor favorable, which are customer favorable, and which are balanced.
Not all risks are created equal. Even if a contract shifts only a single risk to the buyer, the contract still may not merit certification if that risk is material enough. Examples of these types of Deal Breakers include exclusivity, complete disclaimers of liability, etc. Accordingly, TermScout will not certify a contract if it contains any of the following Deal Breaker clauses,² which TermScout identified by reference to market data and input from prominent buy-side and sell-side legal experts from TermScout's Innovation Advisory Council:
This makes it nearly impossible for a customer to recover from a vendor, no matter what goes wrong - even if the vendor violates other provisions of the contract.
Signing non-competes means contractually promising not to engage in a certain line of business. This is something most businesses want to avoid where possible.
Agreeing not to solicit a vendor's employees, customers, or vendors sounds reasonable, but it places challenging burdens on the customer to ensure they comply.
Agreeing not to procure similar services from other companies can severely hinder a company's ability to do business.
Privacy laws require companies to follow strict rules with respect to how they handle certain types of data. This clause presents major risks to a company's ability to comply with such laws.
It's extremely rare for a customer to need to assign IP rights to an IT vendor. Doing so can materially jeopardize a company's rights in its own IP.
Since most IT services today are delivered "as a service", customers often upload wide varieties of information onto vendors' servers. Confidentiality commitments are expected by most customers.
The goal of TermScout's reports is to provide users with the data necessary to make an informed decision about whether they can accept the terms. The data provided in TermScout's reports includes:
- Term Sheet: A full report of the key rights and obligations contained in the agreement.
- Overall Ratings: TermScout's overall impression of the favorability of the contract vis a vis the parties. These ratings are algorithmic approximations of favorability that are based on market data and the subject views of contract experts with experience in the specific type of contract.
- Rare Clause Radar: TermScout identifies and surfaces a list of the most rare and material clauses that favor your counterparty.
- Playbooks: Playbooks are a way of programming into TermScout's software a specific set of acceptance criteria for a contract type. All accounts have access to sample Playbooks for select templates, and Pro accounts have the ability to build custom Playbooks.
- Comparable Contracts: We'll show a list of contracts sorted by favorability ratings and allow for the comparison of similar contracts based on position, industry, and contract type.
- Market Data: Any right or obligation in a contract can be compared to market data for similar contract types, including data from TermScout's Contract Market Database™ of thousands of public contracts and anonymized and aggregated data from hundreds of negotiated contracts.
Certified Contract Reports contain only a subset of the above data. To access all of the data available, create a free account here and search for the desired contract in Triage.
Please note that this report focuses on the identification of terms from the contract documents listed under 'Scope of Review' and compares them against a defined set of criteria. Certain services may be subject to additional terms not available to TermScout, such as purchase orders and other deal-specific documents. You should always review the terms associated with the specific service you are using and know that TermScout's ratings generally do not cover (a) services purchased through a reseller, (b) offline variants of any of the Agreements, (c) service-specific terms that override any of the terms discussed here, or (d) free services. You also should consult your legal counsel if you have any questions about the meaning, significance or assessment of any agreement or provision.
TermScout prepared this report with an average use-case customer in mind and operated under the assumptions listed below (the "Key Assumptions"). To the extent that provisions in a contract vary based on specific circumstances that differ from the Key Assumptions, TermScout ignores those variations. Additional contract-level assumptions, if any, are disclosed in 'Notes to Customer'.
Key Assumptions
- Customer is an average "end user" of the service (i.e. not a partner, distributor, or developer).
- Customer is not a government entity.
- Customer is a US-based company and is using the service in the US.
- Customer is a paying user (i.e. not a user of free services).
- Customer is not using beta services.
- Unless otherwise noted, service-specific terms that may override or supersede the terms of the Agreement are not reviewed by TermScout.
We reviewed the TAC for Rapid7 LLC and any documents specifically listed under 'Scope of Review'. For purposes of this report, "Customer" means the party contracting with Rapid7 LLC and "Vendor" means Rapid7 LLC.
References herein to the "Agreement" are to the following documents:
- The Primary Document: General Terms and Conditions ("TAC")
- The following Secondary Document(s) expressly incorporated by reference into the Primary Document and reviewed by TermScout as part of this analysis:
TermScout did not review any documents other than those listed above. If other documents form part of this Agreement, the answers provided by TermScout may be incomplete or incorrect. TermScout's accuracy commitments only cover documents specifically identified in this section.
No additional notes to customer for this report.
Frequently Asked Questions
Find quick answers to the most common questions about our platform, process, and agreements.
Security teams often escalate agreements when audit provisions provide limited visibility into the vendor’s operational controls or heavily restrict customer verification rights. Friction increases when vendors rely exclusively on standardized reports without addressing customer-specific risk concerns or regulated environments. Enterprise buyers typically expect some combination of independent certifications, incident cooperation obligations, and reasonable audit access mechanisms. Agreements that make security oversight difficult or operationally impractical tend to slow procurement approval.
Buyers generally compare audit language against the sensitivity of the systems and data involved. Market-aligned agreements often balance operational practicality with meaningful customer assurance rights, including access to SOC reports, remediation transparency, and security review cooperation. Contracts may appear unusually restrictive when vendors prohibit follow-up questions, narrow review windows excessively, or disclaim responsibility for subcontractor oversight. Security and compliance teams increasingly expect audit structures that support ongoing governance rather than one-time procurement review.
Escalation commonly occurs when audit provisions conflict with the vendor’s broader security representations or create uncertainty around accountability. Security reviewers pay close attention to exclusions tied to shared infrastructure, subcontractors, penetration testing, and breach investigation support. Additional scrutiny may also arise if the agreement permits unilateral modification of security controls without customer notice. These signals often indicate governance limitations that could affect long-term operational oversight after implementation.
Security vendors are frequently integrated into sensitive operational environments where contractual oversight directly affects risk management and regulatory readiness. Enterprise buyers therefore view audit rights as part of broader operational governance rather than a narrow compliance exercise. Negotiation intensity often increases when customers need assurance around incident handling, control effectiveness, data segregation, or third-party dependencies. Agreements that provide clearer verification pathways generally create less friction during security and procurement review.
Check If Your Contract
Qualifies for Certification
See how your terms compare to market standards and uncover opportunities to build buyer trust and close deals faster.
Get your Certification Score Now