How to Send Confidential Documents Online Safely
Need to send sensitive files like contracts, tax returns, or medical records? Learn the safest methods to share confidential documents online without exposing them to leaks.
How to Send Confidential Documents Online Safely
You need to send a signed contract to your lawyer, a tax return to your accountant, or medical records to a new doctor. The easiest option — attaching the file to a regular email — is also the least secure. Unencrypted email attachments travel across servers in plain text, and once sent, you lose all control over who sees them.
Every year, data breaches expose millions of sensitive documents that were shared carelessly. The good news is that sending confidential files securely does not require expensive enterprise software. This guide covers practical methods anyone can use today.
Why Regular Email Attachments Are Not Safe
Most people default to email attachments because it feels natural. But standard email has fundamental security gaps.
- No encryption in transit by default: Unless both sender and recipient use TLS-enabled email providers, the message travels in plain text across the internet.
- Attachments stay forever: Once the recipient downloads the file, you cannot revoke access or delete it remotely.
- Forwarding risk: The recipient can forward your confidential attachment to anyone with a single click.
- Server storage: Email providers store copies of your attachments on their servers, sometimes indefinitely.
- Accidental recipients: Typing the wrong email address — or relying on autocomplete — sends your confidential document to a stranger.
A 2024 Verizon Data Breach Report found that email remains one of the top vectors for accidental data exposure. The convenience of "attach and send" comes with real consequences.
Types of Documents That Need Extra Protection
Not every file needs military-grade encryption, but these categories deserve careful handling.
| Document Type | Why It Is Sensitive |
|---|---|
| Tax returns & W-2s | Social Security numbers, income, employer info |
| Contracts & legal agreements | Confidential terms, signatures, financial data |
| Medical records | Protected under HIPAA (US), personal health info |
| Financial statements | Bank account numbers, balances, transaction history |
| ID documents | Passport scans, driver's license copies |
| Business plans | Trade secrets, competitive strategy |
| Employee records | Personal data, salary information |
5 Methods to Send Confidential Documents Securely
1. Use End-to-End Encrypted Email
Services like ProtonMail and Tutanota offer end-to-end encryption by default when both parties use the same service. ProtonMail also lets you send encrypted messages to non-ProtonMail users by setting a password the recipient needs to enter.
Best for: Ongoing communication with someone who also values email security.
Limitations: Both parties ideally need to use the same encrypted email provider for seamless encryption. External recipients get a limited web interface.
2. Share via a Password-Protected Link
Instead of attaching a document directly, you can upload the information to a service that generates a password-protected link. Tools like LOCK.PUB let you create a secret memo containing the document details or download instructions, protected by a password you share separately.
How it works:
- Create a password-protected memo with the sensitive content or a link to the file
- Set an expiration time (1 hour, 24 hours, 7 days)
- Send the link via email or iMessage
- Share the unlock password through a separate channel — a phone call works best
Best for: One-time document sharing where you want the content to expire automatically.
3. Use a Secure File-Sharing Platform
Cloud platforms like Tresorit, SpiderOak, or even standard tools with the right settings offer secure file sharing.
| Platform | Encryption | Max File Size | Password Protection |
|---|---|---|---|
| Tresorit | End-to-end | 5 GB (free) | Yes |
| Google Drive | In transit + at rest | 5 TB (paid) | Link restrictions only |
| OneDrive | In transit + at rest | 250 GB (free) | Expiring links (paid) |
| Dropbox | In transit + at rest | 2 GB (free) | Password on links (paid) |
Important: Standard Google Drive and Dropbox links are not end-to-end encrypted. The provider can technically access your files. For truly confidential documents, use a platform with zero-knowledge encryption like Tresorit.
4. Password-Protect the File Itself Before Sending
Before using any sharing method, add a layer of protection to the file itself.
- PDFs: Use Adobe Acrobat or Preview (Mac) to add a password
- Word/Excel: Use the built-in "Encrypt with Password" feature
- ZIP files: Create a password-protected archive using 7-Zip (AES-256 encryption)
Then send the encrypted file through your preferred channel and share the password separately — ideally over a phone call or in person.
5. Use a Secure Messaging App for Small Documents
For quick document exchanges, encrypted messaging apps offer a practical solution.
- Signal: End-to-end encrypted, supports file attachments, messages can be set to auto-delete
- WhatsApp: End-to-end encrypted, but Meta stores metadata
- iMessage: End-to-end encrypted between Apple devices
Best for: Quick, informal document sharing with someone you already message regularly.
The Two-Channel Rule
The single most effective practice for sending confidential documents is the two-channel rule: send the document through one channel and the password through a completely different one.
Examples:
- Send the encrypted file via email, share the password by phone call
- Send a LOCK.PUB link via Messenger, tell the unlock code in person
- Share a Tresorit link via email, text the access password via Signal
Even if one channel is compromised, the attacker only has half the puzzle.
Common Mistakes to Avoid
- Writing "password is 1234" in the same email as the attachment: This defeats the entire purpose of encryption.
- Using weak passwords: "password123" or "document" are trivially guessable. Use at least 8 characters with mixed case, numbers, and symbols.
- Forgetting to set expiration: A link that lives forever is a link that can leak forever. Always set an expiration when the option exists.
- Assuming "Delete" means gone: Deleting an email does not remove it from the recipient's inbox, server backups, or cached copies.
- Sharing via public Wi-Fi without VPN: Open networks make it easier for attackers to intercept unencrypted file transfers.
Quick Decision Guide
| Situation | Recommended Method |
|---|---|
| Sending a contract to a lawyer | Encrypted email + password-protected PDF |
| Sharing tax docs with your accountant | Secure file-sharing platform + two-channel rule |
| Sending medical records to a new clinic | Password-protected link (LOCK.PUB) with expiration |
| Sharing a business plan with investors | Tresorit or similar zero-knowledge platform |
| Quick photo of a document to a family member | Signal with disappearing messages |
Send It Safely
Next time you need to share a confidential document, take 60 seconds to protect it first. Create a password-protected memo link, set an expiration, and share the unlock code through a separate channel. That small effort is the difference between a secure transfer and a potential data breach.
Keywords
You might also like
How to Use Venmo, PayPal, and Zelle Without Getting Scammed
P2P payment apps make sending money easy — and scamming easy too. Learn the most common Venmo, PayPal, and Zelle scams and how to protect yourself.
Beyond Link Locking: The Complete Guide to LOCK.PUB's 7 Secret Content Types
LOCK.PUB is more than just a link-locking tool. Discover all 7 content types: URL Lock, Secret Memo, Encrypted Chat, Secret Poll, Secret Image, Secret Board, and Secret Audio.
How to Check If Your Password Has Been Leaked
Learn how to find out if your passwords were exposed in a data breach. Step-by-step guide to using Have I Been Pwned, Google Password Checkup, and what to do if your credentials are compromised.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free