Effective date: February 20, 2020
What Information does Nightfall Collect?
Information You Provide to Us
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may email you about your use of the Services or send you marketing emails if you have selected to receive them. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. You may select not to receive communications from us at the time you provide your information or anytime by emailing us at firstname.lastname@example.org.
Information Collected Automatically
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.
We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.
Will Nightfall Share Any of the Personal Information it Receives?
We do not rent or sell your Personally Information in personally identifiable form to anyone. However, we may aggregate and share de-identified Personal Information with third parties as described in this section:
Information that’s been de-identified. We may provide de-identified data to our partners in aggregate to help them understand how often and in what ways people use our Services, so they can optimize their integrated services. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.
Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. For example, we may use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. Note that an “agent” may also be considered a “partner” in certain circumstances, and would be subject to the terms of the “Information that’s been de-identified” section in that regard.
Business Transfers: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
Is Personal Information about me secure?
Your account is protected by a password for your privacy and security. If you access your account via a third-party site or service, you may have additional or different sign-on protections via that third-party site or service. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Personal Information can I access?
Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
- name and password
- email address
- profile information, including information you have uploaded to the site
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Information to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at firstname.lastname@example.org.
Additionally, California residents may request to know, twice in any 12-month period, what Personal Information we maintain about you, how this information was attained, and our business purpose for maintaining it. We will honor all valid requests for your access to or deletion of your personal data. However, you may be required to verify your identity before we are able to respond to your request.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
You may be able to add, update, or delete information as explained above. Some non-personal information may remain in our records after your deletion of personal information from your account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
Where is my information stored?
We, and our third-party service providers, process and store your Personal Information in the United States. This means it may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
What if I have questions about this policy?
“It just works. We look forward to extending our use of Nightfall.”
“Nightfall has it all – easy to stand up and deploy and with the right feature set to do what we need.”
“Nightfall has allowed us to automate the detection and response of DLP.”
“Nightfall has given me a better handle on sensitive information.”
“Nightfall’s ease of setup and accuracy of identified data are both on point.”
“We had our Nightfall Enterprise DLP up and running in less than 321 seconds.”
“Working with Nightfall gives our customers confidence that we take data protection very seriously.”
“We saw that Nightfall was the best fit for our needs. Nightfall allows us to address our compliance and security requirements.”
“Our programmers can sleep better at night. Now we can spend our time developing enterprise applications instead of custom solutions to lint our code for secrets.”
“With Nightfall, we can manage any kind of behavior within Slack that becomes a problem.”
“Nightfall has dramatically dropped the time that we spend developing and executing our security fundamentals.”
“Nightfall Enterprise meets our needs with HIPAA compliance, and it gave us the tools to see when any violations would occur automatically.”
“I knew I could go to my bosses with Nightfall and get a yes.”
“A security breach that violates HIPAA can cost my business a lot of money and legal issues. Nightfall provides my business tremendous cost savings.”
“Nightfall helps us avoid costly and intrusive audits. We can prove that we are following best practices with HIPAA in Slack.”
“The practical results that come from Nightfall make me feel confident in the solutions we’ve built to protect our customer data.”
“Our business has a million moving parts, including hardware services. If a company can take one thing off of our plate, it’s a huge value add. Nightfall has been great for us with that.”
“Nightfall uses AI to simplify rule management. The promise that we would not have to write regexes was really alluring to us. So far, Nightfall has kept that promise.”
“I like the ease of integration. I like the tools within Slack for quarantining and review. It’s a straightforward tool. It does what it says.”
Nightfall integrates directly with all your
SaaS, APIs, and data infrastructure.
How do I deploy Nightfall?
Nightfall integrates with services via their APIs, and is fully cloud hosted. Nightfall is the industry's first cloud-native DLP platform.…Read More
How long does it take to deploy Nightfall?
For most systems it takes on the order of minutes to deploy. Because Nightfall is cloud-native and integrates directly via…Read More
How does Nightfall classify data?
Nightfall uses machine learning to classify data. Our deep learning-based classifiers are trained on massive volumes of data to yield…Read More
What types of data does Nightfall classify?
Nightfall classifies over 100+ types of sensitive data, including forms of personally identifiable data (PII), protected health information (PHI), payment…Read More
Does Nightfall scan unstructured data?
Yes, Nightfall scans unstructured data and parses text from 100+ file types. For example, this could be data like customer…Read More
How does Nightfall integrate with Slack?
Nightfall integrates directly with your Slack organization or workspace as a Slack bot. Installing the bot takes just one click…Read More
How does Nightfall yield time savings for my team?
Nightfall saves time by automating data detection, classification, and remediation. First, Nightfall installs in minutes, so you won't need IT…Read More
How does Nightfall help with compliance?
Compliance regimes like GDPR, CCPA, HIPAA, and PCI-DSS require effective management & protection of customer data to keep consumers safe.…Read More
Nightfall vs. Legacy DLP: What’s the difference?
Traditional data loss prevention (DLP) platforms focus primarily on securing data on endpoints (devices like laptops, phones, servers) or networks.…Read More
Latest from the Blog
What is Social Engineering?
Social engineering attacks are on the rise — here’s what you need to know about the most common forms of social engineering and how to defend your data.Discover More
A Guide to VPN Security
Learn what is a VPN and how it can benefit your business, as well as the difference between a software-defined perimeter and other security tools.Discover More
Nightfall simplifies data security & HIPAA compliance for SimpleHealth
SimpleHealth must ensure PHI is secure when sharing files and messages on Slack. Nightfall provides the HIPAA compliance coverage they need with cloud-native DLP.Read Now
5 Identity and Access Management Best Practices
Identity and access management is a crucial part of your data security. Here are some best practices and IAM tools to implement at your business.Discover More
The 2021 Security Playbook for Remote-first Organizations
The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges. Start off 2021 right by reviewing the seven most crucial areas of security for emerging remote-first organizations.Read More
CISO Insider S1E6 — CISO Insider Season 1 recap
Catch up on CISO Insider with our Season 1 recap episode, featuring the best quotes and highlights from our first five episodes in season 1. We gathered insights, lessons, and other valuable soundbytes from infosec leaders at Sisense, Compass, LifeOmic and Caterpillar Financial.Read Now
ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021
With remote work continuing into 2021, the year presents unique security challenges that organizations will need to address. Review our discussion with Sisense's Chief Security & Trust Officer, Ty Sbano on how to secure best of breed SaaS platforms this year.Read More
Business Continuity: How to Plan for the Worst
If the last year has taught us anything, “hope for the best and plan for the worst” should be the ...Discover More
CISO Insider S1E5 — “There’s no one way to be a CISO” with Ross Young
Caterpillar Financial Services Corporation Chief Information Security Officer Ross Young joins CISO Insider to share his insights from a career in both the public and private sectors, like how to develop shared goals and alignment within a security organization, why soft skills and people skills are essential for building relationships, and how introspection can make great managers.Read Now
Cloud DLP and Regulatory Compliance: 3 Things You Must Know
Learn about the most common data compliance regimes and how a cloud DLP tool can help you meet compliance and security requirements.Discover More
Looking ahead to infosec’s biggest challenges in 2021
In January, we hosted two more infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke. On the Nightfall blog, we research key topics for infosec leaders right now: how data loss prevention impacts the bottom line of every business, why you need to protect data in Confluence, and the differences between network, endpoint, and cloud DLP.Read Now