Flatfile protects PII and maintains ISO compliance with Nightfall

Flatfile simplifies the data import process for companies via their easy-to-use data onboarding platform. Users can upload data from CSV files and Excel spreadsheets directly into their applications seamlessly. By paring down the uploading process, Flatfile allows their users to work faster and more efficiently without running into typical errors when importing data.

Google Drive
US, West
On this page


  • The infrastructure team at Flatfile manages the company’s technology stack to ensure that Flatfile’s upload services perform at the high standards required for excellent customer experience.
  • This responsibility includes ensuring customer PII is always kept safe and secure and never exposed or shared improperly within Flatfile’s internal systems.
  • Existing security products felt like checkbox solutions, Flatfile needed a more robust way to prove they were monitoring and remediating incidents to comply with ISO 27001, HIPAA, PCI, and more.


  • Nightfall's machine learning detectors provided an effective solution to finding and protecting customer data accurately at scale across all critical cloud apps.

Challenge: Moving beyond simple solutions & checkbox compliance

Flatfile’s head of infrastructure Robbie Trencheny leads the team that is responsible for managing risk throughout the company’s internal IT ecosystem. That includes protecting any personally identifiable information (PII) that might make its way into Flatfile’s internal systems in the course of business. 

One of Flatfile’s main goals for data security within their internal SaaS apps is maintaining compliance in many different fields — SOC Type 1 and Type 2, ISO 27001, HIPAA, PCI Level One, and FedRAMP. The infrastructure team must maintain these compliance standards within Flatfile’s business-critical apps like Slack, GitHub, and Google Drive. Having a data loss prevention (DLP) strategy is an important step toward meeting those compliance regimes. 

“I was impressed by the connections that Nightfall offered out of the box. Other solutions didn’t make me feel as confident about how their integrations would work on the platforms we needed to protect.”
Robbie Trencheny
Infrastructure Security Team Lead

Two challenges prevented Robbie’s team from managing PII risk with DLP — either the platforms where data was stored did not include the level of protection the team needed, or the detectors and alerts within the platforms were too noisy and difficult to be configured properly. 

“Before Nightfall, we used the built-in tools within these platforms for data security, like Google's quarantine alerts,” Robbie says. “We found that they were too trigger happy and couldn’t fulfill our compliance needs.”

Nightfall's all-in-one data security functionality was made for Flatfile

Nightfall allows the Flatfile infrastructure team to configure detection to zero in on the information that’s most critical. Nightfall scans Flatfile’s SaaS systems for PII so that Robbie’s team can protect against improper exposure of sensitive information — and show that their organization is primed for the highest levels of compliance requirements.

“We use Nightfall as a preparation for our compliance qualifications,” says Robbie. “With Nightfall, we know that we won’t leak PII in our SaaS apps.”

Flatfile is built on the idea of making file and data uploads easy for their customers. So for Robbie’s team, it makes sense to deploy a data discovery and classification solution that is also simple and effective for protecting PII from exposure and meeting multiple compliance standards. Nightfall works as an all-in-one DLP solution for Flatfile, with the ability to apply one set of rules and see everything in one dashboard — all detectors, scan results, and alert actions are together in the same place for easy access and deployment. 

Focused alerting and detection provides real value

Nightfall makes protecting PII within SaaS for Flatfile even easier by helping the infrastructure team fine-tune their scans to detect information at risk. “Before Nightfall, I would get almost 200 DLP alerts from Google a week, and most were false positives,” says Robbie. “Now with Nightfall, I only get alerts for things we’re actually looking for to protect PII. We no longer have to individually configure the rule sets across different platforms. It’s a major win for us.”

Flatfile can continue growing its business with confidence that their customer information will not inadvertently be exposed within the multiple apps where they deploy Nightfall. As a platform that supports their compliance goals and secures PII throughout their SaaS environments, Nightfall provides the data protection that Flatfile needs to meet their commitment to their customers.

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo