SaferDrop

How to send confidential documents

Contracts, medical records, financial files: how to send sensitive documents without leaving a readable copy on anyone’s server.

Confidential documents — contracts, medical records, financial statements, IDs, legal files — need more care than a quick email attachment. The goal is simple: get the document to the right person while making sure no one else can read it and no readable copy is left behind on a server.

What counts as a confidential document

Anything that could harm someone if exposed: client contracts, patient records, payslips and tax files, identity documents, signed agreements, due-diligence material. If you'd be uncomfortable seeing it leaked, treat it as confidential.

Why the usual methods fall short

  • Email attachments aren't end-to-end encrypted and stay in inboxes and on mail servers indefinitely.
  • Cloud share links leave a readable copy on a provider's server and can be forwarded or logged long after.
  • USB sticks get lost, and the files on them are rarely encrypted.

How to send confidential documents securely, step by step

  1. Use an end-to-end encrypted transfer that encrypts in your browser and stores nothing.
  2. Generate the link — the decryption key should live only in the link's URL fragment, never on a server.
  3. Send the link and the PIN separately (e.g. link by email, PIN by phone), so one intercepted message is useless alone.
  4. Have the recipient open the link and enter the PIN — the document decrypts on their device.
  5. Done — with a peer-to-peer transfer there's no lingering copy to leak later.

For regulated work (legal, healthcare, finance)

If you handle regulated data, the technical fundamentals matter: end-to-end encryption, data minimization (collect and keep as little as possible), and no server-side copy of the content. These are exactly the building blocks SaferDrop provides. Compliance frameworks such as GDPR or HIPAA, however, depend on your full workflow and documentation — a tool supports your obligations but doesn't replace them. Choose technology that minimises exposure, then map it to your own requirements.

Checklist before you hit send

  • Is the document encrypted before it leaves your device?
  • Will any readable copy be stored on a server? (It shouldn't.)
  • Are you sharing the access code on a different channel from the link?
  • Does the link expire rather than live forever?
  • Did you double-check the recipient before sending?

SaferDrop is built so the secure path is the default. See how to send files securely for the general method, or start now — it's free for files up to 100 MB, with 2 GB and folders on Pro.

Frequently asked questions

Is email safe for confidential documents?

Generally no. Email isn't end-to-end encrypted, attachments linger in inboxes and on mail servers, and a single compromised account exposes everything. For contracts, medical or financial files, use an end-to-end encrypted transfer instead.

What's the safest way to send a contract or medical record?

Encrypt it in your browser, send it directly to the recipient so no server keeps a readable copy, and share the access code through a separate channel. That way the document is readable only by the intended recipient.

Do I need special software or an account for the recipient?

No. With SaferDrop the recipient just opens the link in any modern browser and enters the PIN — no install, no account to receive.

Does this make me GDPR or HIPAA compliant?

Strong encryption and not storing files support good data handling, but compliance depends on your whole process and paperwork — not on a single tool. SaferDrop gives you the technical building blocks (encryption in your browser, no stored copy) without making a compliance claim on your behalf; check your own obligations.

Send a file securely in seconds.

End-to-end encrypted, browser to browser, never stored. No account needed to receive.

Send a File