Dovetail takes customer trust to new heights with Vanta

Sydney, Australia
Data analysis

With Vanta, Dovetail took the pain out of SOC 2 compliance and reduced the time spent on audits by 92%.


Dovetail uses Vanta to continually monitor SOC 2, HIPAA, and GDPR compliance, assess vendor risk, and control user access to their own systems.


With Trust Center, potential clients can verify the company’s security credentials with a click. In the past year, Dovetail’s Trust Center has been viewed over 12,000 times.

“I'm really impressed with the rate of innovation at Vanta, particularly over the past two years. They are always looking at finding ways to save me time, and in my role, I wouldn’t be without it.”

Nathan Miller
Head of Information Security & Compliance, Dovetail

Dovetail is a company that fervently believes in the power of customer insights. Founded in Sydney in 2017 by Benjamin Humphrey and Bradley Ayers, its cloud-based customer insights platform helps businesses distill the voice of the customer, make better decisions, and build products people love.  

No matter the data format – customer feedback, interviews, support tickets, or sales calls – Dovetail turns it into needs and pain points, fast. You can store and search years of research all in the one place and then collect evidence-based findings that are easily shareable.

Dovetail has over 100 employees and offices in Sydney and San Francisco. It is trusted by more than 3,200 clients, including The New York Times, Volkswagen, Spotify, Atlassian, and Porsche.

The challenge

Security-conscious customers demand evidence first

As a company dedicated to data, Dovetail’s security posture has to be beyond reproach. Their clients need to be confident that their information – and their customers’ information – is secure. For Nathan Miller, Head of Information Security & Compliance at Dovetail, having the right security frameworks in place is a prerequisite for success as a B2B SaaS business. 

“The type of data we store for our clients is sensitive; it can even be medical data in the case of our HIPAA customers. It’s hugely important that we have the security standards they need. If we don’t have them, they’d go elsewhere.”

Back in 2020, SOC 2 Type 2 emerged as the security framework that the majority of Dovetail’s prospects wanted to see.

“I view it as the bare minimum that clients expect,” says Nathan. “I don’t think we would have been able to expand without it.”

Without the in-house expertise to go it alone with SOC 2, Dovetail needed a trust management platform that could take the pain out of getting compliant. 

The solution

A comprehensive approach to security 

Dovetail chose Vanta as their trust management platform at an early stage. Initially, they used it to get SOC 2 Type 2, and it streamlined much of the work that goes into managing and securing data.

“In previous years, it would take four quite senior people 15 hours each to get all the evidence together and go back and forth with the auditor,” says Nathan. “But last September, we got an auditor who could work in Vanta, and it took me just five hours to pull everything together on my own.”


Vanta is now embedded across the business, and they continue to discover new ways that it can help. 

Dovetail uses Vanta for all their trust management needs, including monitoring their compliance with other security frameworks such as HIPAA and GDPR. They use Vanta’s Vendor Risk Management solution to track vendor security, automatically identify risk levels, and streamline vendor security reviews.    

“Before Vanta, we didn't really have a consistent way to actually identify critical and high-risk vendors. Having the ability to track all that in a reliable way and then to do those reviews super quickly, it's just amazing,” explains Nathan. “I have peace of mind that it’s covered, and I can focus on other things.”

The company also uses Vanta to ensure the quality of their own internal security protocols.   With Access Reviews, only the right users can access crucial systems, reducing the risk of both internal misuse and external threats. Dovetail can also demonstrate the strength of their security posture to prospects and clients with the Vanta Trust Center


The impact

With Trust Center, Dovetail showcases its commitment to data protection 

Nathan Miller, Head of Information Security & Compliance, Dovetail

For Nathan, the benefits of using Vanta are considerable. For example, Dovetail has only been using Trust Center for a year, but they have already seen a tremendous response from potential customers. 

“Since the start of 2023, we’ve had over 12,000 views of our Trust Center and over 4,000 downloads. I think that shows a huge amount of value.”

Dovetail has also recently started using Vanta’s Questionnaire Automation solution to streamline how they complete questionnaires. Questionnaire Automation uses AI to analyse the company’s previous answers and existing security policies and then suggests appropriate answers to frequent queries. 

“We now have a bank of filled-out questionnaires in our Trust Center, and they have been downloaded 700 times in the past eight months. That could potentially be 700 customers who have self-served. They had security concerns, but they could help themselves to the information they needed,” says Nathan. 

Nathan’s role is a busy one. As well as security compliance, he also deals with security engineering and supports enterprise-level customers. 

“When you are tracking as many security standards as we are, there’s a lot of work that you have to do throughout the year, but Vanta automates so much of it. We don't have the luxury of having in-depth specialist people working just on compliance, and Vanta fills that gap. The amount of time that I can save with Vanta is just astronomical.”

“Doing our SOC 2 audits in Vanta has freed up so much of our time. Before, it took four senior people 60 hours of work to get it done – we’ve got that down to five hours.”

Nathan Miller
Head of Information Security & Compliance, Dovetail

“One of the great things about Vanta is that it gives us broad visibility across our business, from our cloud environment to our vendors. We are immediately alerted to any critical vulnerabilities that crop up, so we can deal with them straight away. It’s a really good single pane of glass for us.”

Nathan Miller
Head of Information Security & Compliance, Dovetail

Get compliant and
build trust, fast.

Se mettre en conformité et instaurer la confiance, rapidement.

Two wind turbines on a white background.