UserTesting is using Nightfall to protect customer PII

UserTesting is a SaaS-based solution that captures real-time video feedback from people all over the world, giving organizations access to diverse customer perspectives so they can build exceptional digital and real-world experiences.

US, West
On this page


  • As a leading customer insights platform, trust is a core part of UserTesting's brand. The company must demonstrate this through transparent and robust security processes.
  • UserTesting was looking to build a comprehensive DLP program and needed to educate and enable employees on sanctioned behavior across cloud platforms.


  • With Nightfall in place, UserTesting's security team can see the context around which business processes contribute to data exposure risk in order to better inform future policies.
  • UserTesting can also send custom messages to individuals who violate policies in order to educate them and better align them with security standards going forward.

Building a DLP program to bake-in security from the outset

As UserTesting grew to provide valuable insights into consumer experiences for an increasing number of brands, the need to provide a high level of security when handling potentially sensitive data grew too. Data classification and protection became an essential part of UserTesting’s commitment to their customers. Nightfall’s API-driven data protection platform (DLP) enables UserTesting to meet their customers’ requirements for data security by preventing inadvertent internal sharing or proliferation of personally identifiable information (PII).

Dustin Fritz leads the team responsible for product and corporate security. As the Principal Security Architect at UserTesting, Dustin helped build the case for integrating Nightfall DLP into the organization’s security tech stack. UserTesting sees DLP not just as a box to check—the security team wanted to build a comprehensive DLP program to meet their internal security requirements: protecting customer PII and with simple and low-friction solution.

“I haven’t found another company that does data classification and protection for Slack like Nightfall does. Many vendors don’t even have Slack on their roadmap. That says a lot about Nightfall’s vision and where they're headed.”
Dustin Fritz
Principal Security Architect

Aligning closely with core values like simplicity and transparency was easy, as Nightfall integrated in minutes with UserTesting’s Slack instance and began detecting improper sharing of problematic data right away. Then, Dustin’s team confirmed that their data protection solution did not slow down the business. With Nightfall, UserTesting can prove to customers that their vendor relationship includes strict standards for data security, without getting in the way of productivity.

“We realized right away that the traditional DLP approach of blocking content without understanding the underlying business processes was not a good fit for us,” says Dustin. “Nightfall allows us to run faster and expand into different markets safely with a balanced approach to security.”

Nightfall supports a culture of security 

By spinning up a DLP program as part of their security strategy, UserTesting has been able to think more holistically about how they share data within their SaaS platform. Nightfall gives them visibility to understand their data exposure and compliance risks.

“With Nightfall, we’re able to get answers to our questions like, what's the business context for sharing this data, what users are involved, who are they sending it to, and where are they receiving it from,” Dustin says. 

Nightfall’s native data risk remediation features for Slack allows Dustin’s team to create custom rules to detect potentially problematic information that does not belong in Slack, plus his team can create alerts to help users adhere to company policies when sharing data in Slack. The security team uses these opportunities to educate everyone in the company on how to maintain a security-first culture.

“Nightfall's native remediation features are a good fit for our culture and how we operate as an organization,” says Dustin. “It fits into our existing security processes.”

UserTesting can prove that customer security comes first

Entering a partnership is a delicate balance based on trust. To set all parties up for success, security must be at top priority. Nightfall allows UserTesting to prove to their customers that they take data security seriously, by demonstrating that they protect sensitive information internally with our API-driven DLP solution.

“If we didn't have the right security protocols in place such as Nightfall DLP, we wouldn't have some of the customers that we have today,” says Dustin. “Nightfall fulfills a lot of requirements that our customers have, and it provides a tremendous value to our organization because it allows us to fulfill our commitments to our customers and keeps us aligned with our core values.”

Security is integrated into UserTesting’s internal communications infrastructure with Nightfall. By implementing a DLP program within their overall security requirements, UserTesting can protect their customer’s data and have peace of mind that they have control over data compliance risks within their internal SaaS systems.

Getting started is easy

Start protecting your data with a 5 minute agentless install.

Get a Demo