See what sensitive data lives in your Box account

Generate a free report of the sensitive data (like PII, PHI, and credentials) that's in your Box files & folders.
Your organization can store high volumes of business-critical information in Box. This includes PII, credit card information, credentials, and more. This can pose security risk like data leakage and compliance risks around PCI, HIPAA, and more.
With our Box scanner, scan your entire Box account for sensitive data, using Nightfall's proprietary detection engine. This app is powered by the Nightfall Developer Platform.
Get Started — or — Read our FAQs

Get started in 5 minutes

Step 1: Connect to Box

Nightfall connects to your Box account via OAuth and requests only the minimum required permissions. This service is read-only, however Box requires write permissions for apps to fetch file contents. You can revoke this access at anytime. Once connected, you'll be ready to complete the remaining steps.

Connect to Box
Step 2: Your Email

You'll receive your scan results here as a CSV attachment.

Step 3: Configure Detection

This step is optional, but recommended. If you leave it blank, Nightfall will use a default detection rule, scanning for likely Credit Card Numbers, US Social Security Numbers, and API Keys. Setting your own detection rule will allow you to leverage the full power of Nightfall's best-in-class detection engine. Customize your detection settings with over 100+ pre-built detectors (spanning PII, PHI, PCI, and much more), custom detectors, exclusion/context rules, and more. Learn more about our detection engine in our Help Center.

Nightfall API Key

Create an API key on your Nightfall dashboard here.

Detection Rules

Your Detection Rules specify what you want Nightfall to detect, e.g. credit card numbers. Create a Detection Rule on your Nightfall dashboard here and copy over its UUID. Specify up to 10 Detection Rules, one per line.

By submitting this form, you agree to our Terms & Conditions and Privacy Policy.


Nightfall is the industry's first cloud-native data protection platform. Nightfall uses machine learning to discover, classify, and protect sensitive data like PII, PHI, and credentials. Nightfall integrates natively with cloud apps like Slack, GitHub, Google Drive, Confluence, and Jira, as well as provides a set of APIs for embedding best-in-class content inspection technology anywhere.

The report is sent via email as a CSV export. The report shows exactly what types of sensitive data are found and where in your Box instance, so you can easily track it down. The fields include the item type (e.g. File), Box ID, Box permalink, the Detector (e.g. Credit Card Number), detection confidence (e.g. Very Likely), the character locations of the sensitive data, and more. The email will also contain a high level summary of the scan.

No, Nightfall does not retain your data. That is why this service sends results to you as a CSV attachment via email instead of a hosted dashboard. Once this email is sent to you, there is no retention on Nightfall's end about your Box instance.

Yes, there are certain limitations as a free utility. This utility will scan up to 500 items (e.g. files) or 500 MB of data. Files over 20 MB won't be scanned. We output the first 100 sensitive findings in the report.

Please email us or schedule a meeting to discuss running a complete scan & outputting a full report, as well as more of Nightfall's full platform capabilities.