Intercom DLP (Data Leak Prevention) Scanner for Data at Rest

Uncover Hidden Risks in Your Intercom Data

Easily discover and identify sensitive information such as access keys, credentials, secrets, PII, and PCI embedded in your Intercom chat conversations. No more manually combing through conversation history.
Support channels can be a trove of valuable yet risky data, from access tokens to personal identification details to credit card numbers. Such data not only puts you at risk of unauthorized access and data breaches but can also expose you to compliance issues surrounding PCI, HIPAA, and more.
Harness the power of Nightfall's Intercom DLP Scanner for Data at Rest: Secure your customer support ecosystem by leveraging Nightfall's advanced detection engine. Our scanner automatically inspects the data at rest in your Intercom instance to pinpoint sensitive data that you've amassed overtime, providing you with a comprehensive inventory of risk.
Get Started — or — Explore our FAQs

Get started in 5 minutes

Step 1: Connect to Intercom

Nightfall connects to your Intercom Workspace via OAuth and requests only the minimum required read-only permissions. You can revoke this access at anytime. Once connected, you'll be ready to complete the remaining steps.

Connect to Intercom
Step 2: Your Email

You'll receive your scan results here as a CSV attachment.

Step 3: Pick Detection Rule

What are you looking for? Note that the default detection rules are configured to detect with low strictness, i.e. the minimum confidence level is set to Possible.

Use your own detection rules by specifying your Nightfall API key and Detection Rule IDs.

Nightfall API Key

Create an API key on your Nightfall Dashboard. If you don't have an account, sign up.

Detection Rules

Your Detection Rules specify what you want Nightfall to detect, e.g. credit card numbers. Create a Detection Rule on your Nightfall Dashboard and copy over its UUID. Specify up to 10 Detection Rules, one per line.


Nightfall is the industry's first cloud-native data protection platform. Nightfall uses machine learning to discover, classify, and protect sensitive data like PII, PHI, and credentials. Nightfall integrates natively with cloud apps like Slack, GitHub, Google Drive, Confluence, and Jira, as well as provides a set of APIs for embedding best-in-class content inspection technology anywhere.

The Nightfall Developer Platform is a set of APIs developers can use to build data classification and protection into any application or service. This utility is powered by the Developer Platform. It's free to get started with the Developer Platform. Sign up or read the API Docs.

The report is sent via email as a CSV export. The report shows exactly what types of sensitive data are found and where in your Intercom instance, so you can easily track it down. The fields include the item type (e.g. File), Intercom ID, Intercom permalink, the Detector (e.g. Credit Card Number), detection confidence (e.g. Very Likely), the character locations of the sensitive data, and more. The email will also contain a high level summary of the scan.

No, Nightfall does not retain your data. That is why this service sends results to you as a CSV attachment via email instead of a hosted dashboard. Once this email is sent to you, there is no retention on Nightfall's end about your Intercom instance.

Without inputting your own Nightfall API key, this free utility will have the following limitations: up to 500 items (e.g. files) or 500 MB of data will be scanned, and the first 100 sensitive findings will be outputted in the report.

These limitations don't apply if you input your own Nightfall API key, so we recommend doing so. In other words, with your own API key, you'll be able to run a complete scan. You can create an API key on your Nightfall Dashboard.

If you don't have an account to create an API key, you can sign up for the Nightfall Developer Platform for free (no credit card required). Learn more about the Developer Platform in the API Docs.

The max size for individual files for this publicly-available scanner is 20 MB. The service may filter high volumes of noise in the event that your detection rules may benefit from further tuning, and scans may terminate early if they are generating a very high volume of results, so that you can fine tune your detection rules prior to re-running the scan and consuming data volume. Similarly, results may be truncated to respect the max file size of email attachments and so files are openable.

If you would like to run a scan that exceeds the limitations outlined above or you have any questions, please email us at or schedule a meeting. We're happy to help!