Back to help centre

Send sensitive files securely

Three Pro features you can combine to make sure the file only ends up with the right person.

For most transfers it's enough that the link is sent to the right email address. For sensitive documents — contracts, health data, financial reports — you have three Pro features that add extra security. You can use them individually or all three together.

Password

Requires the recipient to enter a password before they can download.

How to use it: Turn on "Require password" before sending and choose a password. Make sure to share the password via a different channel than the link itself — SMS, phone call, or messaging app. Never the same email as the link.

Protects against: Links that end up in the wrong place (forwarded email, hacked inbox) can't be used without the password.

Recipient verification

Requires the person clicking the link to verify their own email address with a one-time code before they can download. Three levels:

  • Exact email — only the specific address you sent to can open. If the email is forwarded, the recipient has to verify from the original address.
  • Domain — you whitelist one or more domains (example.com, yourcompany.com). All addresses on those domains can open — useful if you send to "finance@" and want someone in the finance department to be able to open it.
  • Off — default. Anyone with the link can download.

Protects against: Forwarding the link to people you didn't send to.

Burn on delivery

The file is permanently deleted right after the first download. The link stops working.

How to use it: Turn on "Burn on delivery" before sending.

Protects against: Multiple downloads, further sharing, the file sitting on our servers longer than necessary.

Watch out: If the recipient's download is interrupted mid-way, the file may be gone without them getting the whole thing. Use this only when you actually want one-shot semantics.

Combine all three

For a truly sensitive document, turn on all three:

  1. Password — leaked link can't be used without the password
  2. Recipient verification exact — the link can't be forwarded
  3. Burn on delivery — the file can't be downloaded twice

Together these three create a transfer that's very hard to compromise without direct access to both the recipient's inbox and the password channel you used.

Other tips

  • Confirm the recipient's email address. The most common leak is a typo. Use autocomplete from the contact list if you're sending to an existing contact.
  • Choose short expiry. For sensitive transfers, set 1-3 days. Then the link stays open for a shorter time.
  • Don't write sensitive information in the message field — that text appears in plain text in the email the recipient receives.