Which DLP tools see your data, which don't, and why it matters. We've tried to be accurate; if you find an error, open an issue on GitHub.
The single-vendor problem: great if you're all-in on one cloud, blind to everything else.
| Dimension | nanodlp | Microsoft Purview | Google Workspace DLP |
|---|---|---|---|
| Where bytes go | Stay in your environment | Microsoft cloud | Google cloud |
| SaaS coverage | Drive, M365, Slack, Dropbox, GitHub | M365 only | Drive / Gmail only |
| BAA required | ❌ No (architectural) | ✅ Yes | ✅ Yes |
| Open source | ✅ Apache 2.0 | ❌ | ❌ |
| Deployment | Single binary, 10 min | Requires Microsoft E5 tenant | Requires Google Workspace admin |
| Custom patterns | TOML overlay | Yes (regex) | Yes (regex) |
| GitHub scanning | ✅ | ❌ | ❌ |
| Pricing | Free OSS / $99/seat | Bundled with E5 (~$57/user/mo) | Bundled with Workspace |
The heavyweight enterprise install: powerful, but measured in weeks and professional services invoices.
| Dimension | nanodlp | Symantec DLP | Forcepoint DLP |
|---|---|---|---|
| Time to first scan | 10 minutes | Weeks (professional services) | Weeks |
| Deployment model | Single Rust binary | Enforce server + detection servers + agents | Multiple components |
| Memory footprint | ~5 MB per worker | Hundreds of MB | Hundreds of MB |
| Open source | ✅ Apache 2.0 | ❌ | ❌ |
| SaaS connectors | Drive, M365, Slack, Dropbox, GitHub | All major (with setup) | All major (with setup) |
| Runs on a laptop | ✅ | ❌ Requires server infrastructure | ❌ |
| Pricing | Free OSS / $99/seat | Enterprise contract (six figures) | Enterprise contract |
Nightfall is a good product. The core architectural difference: your data goes to their cloud. That's a real tradeoff, not a marketing claim.
| Dimension | nanodlp | Nightfall AI |
|---|---|---|
| Where document content goes | Stays in your environment | Sent to Nightfall's cloud for scanning |
| BAA required (HIPAA) | ❌ No (architectural) | ✅ Yes |
| Open source data plane | ✅ Apache 2.0 | ❌ Closed source |
| Subprocessor disclosure | Not required for data content | Required — Nightfall processes your data |
| Detection approach | Regex + proximity + validators | ML + regex (more flexible, less auditable) |
| GitHub scanning | ✅ | ✅ |
| Slack scanning | ✅ | ✅ |
| Pricing | Free OSS / $99/seat | Per-event pricing (can be unpredictable) |
| Runs offline / air-gapped | ✅ | ❌ Requires internet to Nightfall's API |
A note on fairness: These comparisons reflect our honest understanding of each product's architecture as of April 2026. Nightfall, Symantec, and Microsoft are all capable products with real customers. The question isn't whether they work — it's whether their data model fits your threat model. If your primary concern is data residency and vendor risk, nanodlp's architecture is structurally different. If you need ML-based classification or inline blocking, you may need a different tool (and we'll tell you that directly).