Case Study: How Unit21 Stops Data Leakage to Shadow AI
Read Now
Customers
Pomelo

How LATAM's Rising FinTech Star Pomelo Protects Payment Data for Millions

Pomelo chose Nightfall AI: the only DLP solution built for how modern FinTech companies actually work.
Industry
Financial technology
Integrations
No items found.
Region
Latin America
On this page

Key Results

  • 300+ employees protected across LATAM operations
  • 8 enterprise applications secured
  • Proactive AI security intercepting sensitive data before submission to LLM platforms
  • PCI compliance confidence with comprehensive data lineage tracking
  • Automated user remediation reducing security team workload by enabling self-service data redaction

The Challenge: Rapid Growth Demands Enterprise-Grade Data Protection

Pomelo, a rapidly growing payment processor serving the LATAM market, reached a critical inflection point as digital payments transformed financial access for millions across Latin America. Pomelo's exponential growth brought intensifying regulatory scrutiny and security requirements.

As a payment processor handling sensitive financial transactions, customer payment data, and proprietary financial information, the company launched a comprehensive "security wave" initiative to reinforce their security posture and support their aggressive expansion plans.

But Ezequiel Virun, Pomelo Cybersecurity Technical Manager, discovered that traditional security tools were fundamentally inadequate for their modern threat landscape.

"Before using Nightfall, our visibility into sensitive file sharing was limited, and Nightfall helped us strengthen our data protection capabilities," says Ezequiel.

The problems were systemic:

Legacy DLP Was Actively Harmful

Pomelo's existing mail DLP solution generated too many false positives and created alert fatigue that trained their security team to ignore alerts. When they tested competing enterprise solutions, they found the DLP accuracy wasn’t good enough for what they needed as a regulated financial institution.

The Generative AI Blind Spot

Employees were adopting AI tools like gen AI chatbots to boost productivity and compete with larger competitors. But each interaction represented a potential data exfiltration event. Traditional CASB solutions couldn't see what happened on local machines before data was submitted to AI platforms.

Fragmented Coverage Across Critical Systems

Pomelo needed comprehensive DLP coverage across their entire SaaS ecosystem plus endpoints where employees worked with sensitive data daily. Point solutions created gaps. Enterprise tools were too complex to operate with their lean security team.

The Solution: AI-Native DLP Built for Modern FinTech

Nightfall provided Pomelo with a unified platform delivering real-time detection across SaaS apps, email, endpoints, and AI applications, with the accuracy, flexibility, and intelligence required for a regulated financial institution supporting rapid growth.

Use Case 1: Superior Detection Accuracy Over Enterprise Alternatives

The Problem: Pomelo had tested enterprise DLP solutions, but encountered critical limitations. Their previous mail DLP generated false positives that eroded security team efficiency and user trust. When evaluating traditional competitors Pomelo found that its DLP accuracy fell short of their needs to provide reliable protection of customer payment data information.

The Nightfall Advantage: Nightfall's AI-powered detection engine delivered less than 5% false positive rate while maintaining comprehensive coverage across financial data types, secrets, API keys, and PII. The platform's flexible policy management allowed Pomelo to customize detection rules for their specific use cases without sacrificing accuracy.

"Nightfall works really well across different integrations. It offers a lot of possibilities for customizing detections, which is very helpful for us. I'm impressed with Nightfall's functionality and the wide range of use cases it covers.”

The combination of superior accuracy, comprehensive coverage, and operational simplicity made Nightfall the obvious choice over other enterprise alternatives.

Use Case 2: Unified Platform Replacing Fragmented Point Solutions

The Risk: Growing a security stack organically means piecing together platforms one by one: one for email, another for cloud storage, a third for collaboration platforms. This fragmentation creates visibility gaps, operational overhead, and policy inconsistencies that attackers exploit.

Nightfall's Unified Approach: Nightfall's single platform provided real-time detection and protection across Pomelo's entire ecosystem.

The Impact: Instead of managing multiple consoles, policy engines, and vendor relationships, Pomelo's lean security team operates from a single platform with consistent policies and unified reporting. The flexible policy management means they can customize detection rules for different data types and applications without requiring vendor support.

"Once we started using Nightfall, it helped us by automatically classifying confidential information across various platforms and endpoints. This allowed us to proactively mitigate exposure risks and strengthen our overall security posture.”

Use Case 3: Proactive Generative AI Security

The Risk: Employees were using gen AI chatbots to analyze data, write code, and accelerate workflows. To ensure the highest standards of data protection, we have implemented proactive security controls that prevent any sensitive information, such as customer payment information, API keys, or proprietary financial data, from being shared with external AI systems.

Traditional DLP solutions can only detect data after it reaches cloud services. By that point, sensitive information has already been transmitted to the AI model and potentially incorporated into training data or exposed to unauthorized parties.

Nightfall's Protection: Nightfall's browser plugin and endpoint agent intercept sensitive data at the prompt level, before it's submitted to the AI platform. This application control and filtering capability works directly on local machines, catching risky copy/paste actions and file uploads in real-time.

The Impact: Nightfall blocks sensitive copy/paste operations which makes new AI tools safe to use. The protection scales automatically without requiring policy updates for every new platform.

The Competitive Advantage: This endpoint-level interception is something legacy DLP tools or CASBs simply can’t provide. Similar solutions lack the endpoint visibility and proactive blocking capabilities required to protect data before it reaches AI platforms.

For a growing company like Pomelo, this means employees can leverage AI productivity tools to enhance efficiency, supported by strengthened security measures and rigorous data protection controls.

“Nightfall provides a sense of empowerment to our team by automatically classifying confidential information across various platforms and endpoints.”

Use Case 4: Deep Data Lineage and Exfiltration Prevention

The Risk: Accidental data leakage are nearly impossible to investigate without understanding how sensitive data moves through an organization. 

Nightfall's Advantage: Nightfall's asset history and data lineage capabilities track files from origin to every subsequent action. The system records when a file is downloaded from enterprise app, tracks attempts to upload it to file-sharing sites like file.io, and logs copy/paste attempts into generative AI tools.

The endpoint protection doesn't just track sensitive data movement—it prevents any loss or other security incidents. Nightfall blocks file uploads and copy/paste operations containing sensitive content to prohibited domains, providing real-time defense against both malicious exfiltration and accidental exposure.

Why This Matters for Growth: As Pomelo scales across LATAM markets, this forensic capability supports insider risk programs, regulatory investigations, and executive reporting on data security posture, each one critical for enterprise partnerships and fundraising conversations.

"The data lineage feature is very powerful. It helps me sell the tool internally by showing exactly how sensitive data moves through our organization.”

Use Case 5: Empowering Users While Reducing Security Team Workload

The Problem: Legacy DLP creates a bottleneck: security teams manually investigate every alert, remediate every violation, and become the friction point between employees and productivity. For a fast-growing fintech with a lean security team, this model is unsustainable.

Nightfall's Approach: Automated user remediation allows employees to self-correct when they accidentally share sensitive data. When Nightfall detects a policy violation the Pomelo user receives an immediate notification with the option to redact or delete the message themselves.

Real Result: The self-remediation capability is now a must-have feature for Pomelo. It trains employee behavior in real-time, reduces repeat violations, and means less work for the Pomelo team to do.

The automated decision-making engine also dramatically reduced false positives, improving the triage workflow and allowing Pomelo's lean security team to focus on genuine threats rather than sorting through noise.

"Nightfall's automated decision-making has reduced false positives and improved our triage response workflow. Now we feel much more confident about our overall data security posture, without any additional workload," says Ezequiel.

Bonus Use Case: Automated Secure Email Communication

The Hidden Need: Pomelo was using third-party tools like SendSafely to encrypt sensitive email communications with external partners. This meant adding a tool to their security stack that needed to be managed, licensed, and integrated.

Nightfall's Built-In Solution: Nightfall's automated mail encryption feature secures sensitive emails and their reply threads, requiring external recipients to authenticate via a secure portal before accessing protected information.

The Value: The extra value of Nightfall addressed an existing need with a capability already included in their deployment: reducing tool sprawl and operational complexity.

The Results: Enterprise Security Without Enterprise Complexity

Immediate Risk Discovery

Nightfall detected real secrets, credentials, and payment card data within days of deployment, including risks that had existed undetected in internal systems for months or years, even while other DLP tools were deployed.

Unified Platform Simplicity

Pomelo replaced fragmented point solutions and ineffective enterprise tools with a single platform covering apps ecosystem and AI applications, all managed through intuitive policy controls and flexible customization options.

Compliance Confidence for Growth

Pomelo continuously strengthens its proactive data protection to auditors, regulators, banking partners, and enterprise customers with detailed reporting, data lineage forensics, and comprehensive coverage across cloud, SaaS, and endpoint environments: critical for PCI compliance, GDPR, and SOC 2.

Strategic Visibility for Leadership

Nightfall’s Actionable Insights Report and risk dashboards (showing Highest Risk Users and Detector activity) provide executive leadership with clear data visualization to understand risk exposure and justify security investments. 

Why This Matters for FinTech

"With Nightfall, we've  enhanced our visibility into sensitive file sharing and strengthened our ability to proactively manage exposure risks. This enables us to demonstrate robust data protection for PCI compliance without any additional workload. Nightfall has truly been a strategic technology for us.”

For payment processors and FinTech companies operating under PCI compliance, GDPR, and other regulatory frameworks across multiple jurisdictions, a single data breach doesn't just cost millions in fines. It destroys the customer trust that is the foundation of financial services and can terminate critical banking partnerships overnight.

Legacy DLP solutions were built for a world of perimeter security and on-premise email servers. Enterprise CASB platforms offer broad coverage but struggle with detection accuracy and can't see inside AI interactions happening on local machines. They generate more noise than signal, and they require dedicated security teams to operate. That doesn't work for growing fintechs competing to win on speed and efficiency.

Pomelo chose Nightfall because it's the only DLP solution that:

  • Delivers superior detection accuracy over enterprise alternatives  with <5% false positives
  • Provides unified platform simplicity across SaaS, email, endpoints, and AI applications
  • Intercepts data before AI submission, not after it's too late
  • Offers forensic data lineage to understand insider risk and accidental exposure
  • Empowers users to self-remediate, reducing security team workload
  • Scales automatically to new AI platforms without policy rewrites
  • Enables flexible customization for diverse use cases without vendor dependency

The Bottom Line

Pomelo has strengthened its compliance posture by securing AI, AI usage, controlling data flows, and achieving complete visibility across its SaaS ecosystem, all while enabling the AI-powered productivity driving their rapid growth across Latin America.

In a region where digital payments are transforming financial access for millions, and where competition requires leveraging cutting-edge technology, Pomelo chose the only DLP solution built for how modern FinTech companies actually work.

Security shouldn't slow down innovation. With Nightfall, it doesn't have to.

Read more Customer Stories

We want to allow our folks to use the power of generative AI but in a safe and approved way. Nightfall gently redirects our people to the safe gen AI sites and helps us by blocking attempts from folks putting PII or customer data into ChatGPT and other tools.
Jay Crumb
Jay Crumb
Head of Security
Read case study

"Any type of system that requires constant babysitting or manual intervention is an automatic no for us. We needed a solution that we don’t need to constantly check on. Nightfall is perfect in that regard. If we didn't have it, we would need a full-time security person just to do DLP. That's headcount we just don’t have.”
Chris Chipman
Chris Chipman
Enterprise IT Architect
Read case study

Read more Customer Stories

"Any type of system that requires constant babysitting or manual intervention is an automatic no for us. We needed a solution that we don’t need to constantly check on. Nightfall is perfect in that regard. If we didn't have it, we would need a full-time security person just to do DLP. That's headcount we just don’t have.”
Chris Chipman
Chris Chipman
Enterprise IT Architect
Chris Chipman
Read case study

"Nightfall has been instrumental in strengthening Onbe's security posture. With Nightfall, we can confidently demonstrate PCI compliance while effectively managing risk, vulnerabilities, and threats."
Theresa Branch
Theresa Branch
Information Security Governance Risk and Compliance Analyst
Theresa Branch
Read case study

We want to allow our folks to use the power of generative AI but in a safe and approved way. Nightfall gently redirects our people to the safe gen AI sites and helps us by blocking attempts from folks putting PII or customer data into ChatGPT and other tools.
Jay Crumb
Jay Crumb
Head of Security
Jay Crumb
Read case study
See All Use Cases

Schedule a live demo

Tell us a little about yourself and we'll connect you with a Nightfall expert who can share more about the product and answer any questions you have.
Not yet ready for a demo? Read our latest e-book, Protecting Sensitive Data from Shadow AI.
<1---->

© 2025 Nightfall AI. All rights reserved.

Terms of ServicePrivacy PolicySecuritySecurity
Twitter X LogoFacebook LogoLinkedIn LogoLinkedIn LogoYoutube Logo