Secure document sharing

    Share the document. Keep control of it.

    Secure document sharing means sending contracts, records, and signed forms through private, encrypted, expiring links instead of attachments you can never take back. Sandra is built for exactly that.

    TLS 1.3 in transit and AES-256 at rest on every share. One tap adds end-to-end encryption in your browser before upload. Recipients open a clean page with no account, and the link expires on your schedule.

    No account to receive
    Expires on your schedule
    Optional end-to-end encryption
    No AI training

    The problem

    Why not just email the document?

    The moment a document leaves as an attachment, you have lost track of it. It can be forwarded in one click, saved to a personal laptop, or sit in an inbox that gets compromised two years from now. There is no expiry, no password, and no record of who opened it.

    General-purpose cloud drives move the problem to permissions. Folder access granted for one project quietly lasts forever, and the fine print of free tools often allows content analysis of what you store.

    A secure document share is different by construction: a private link, an expiry date, optional password, and visibility on the download. When the exchange is done, the door closes.

    Security controls

    What makes a document share secure?

    Six controls, active on every share. Nothing to install, nothing for recipients to sign up for.

    Expiry
    Every shared document has an expiry you set before sending. When the exchange is done, the door closes and files are deleted from transfer storage.
    End-to-end option
    Toggle E2EE and your browser encrypts the document with AES-256-GCM before upload. The key stays in the link and never reaches our servers. Every plan, including Free.
    Password
    Add a password on Pro so only the intended recipient can open the download page, even if the link is forwarded.
    Visibility
    See when a document was retrieved and from where on Pro. A confidential send should never be a guess.
    Recipients
    Clients, counterparties, and parents open a clean page in their browser. No signup, no app, no workspace invitation.
    Content policy
    Sandra never scans, profiles, or trains AI on document contents. A founding constraint, not a setting.

    After the exchange

    What about the documents you need to keep?

    Sharing links are supposed to expire. Records are not. Sandra separates the two: transfers handle the exchange, and encrypted Vault storage keeps the executed contract, the final bundle, the signed form, organized in folders and encrypted at rest with AES-256.

    The pattern that works for document-heavy teams: collect through a file request, deliver through an expiring link, archive the final version in Vault. Nothing sensitive ever lives in an inbox.

    Common questions

    Secure document sharing, answered

    More detail in the full FAQ and the Privacy Policy.

    What is secure document sharing?

    Secure document sharing means sending a document through a private, encrypted channel you control instead of an email attachment or a public folder link. In practice it combines four things: encryption in transit (TLS 1.3) and at rest (AES-256), an expiry date so the link stops working when the exchange is done, access controls such as a password, and a provider that does not read, scan, or train AI on the contents. An attachment can be forwarded anywhere and lives in inboxes for years; a secure sharing link is a door you can close. Sandra adds one more layer on request: end-to-end encryption applied in your browser before upload, so the decryption key never reaches our servers and nobody in between can open the document, including us.

    How do I share a confidential document with someone outside my company?

    Upload the document to Sandra, set an expiry, and send the private link, or enter the recipient's email and Sandra delivers it for you. The recipient opens a clean download page in their browser: no account, no app, no workspace invitation. For sensitive material such as contracts, personnel records, or financials, add a password on Pro and switch on end-to-end encryption so the file is encrypted in your browser before it is uploaded. You can see when the document was downloaded on Pro, so a confidential send is never a shot in the dark. When the link expires, the files are deleted from transfer storage and the exchange leaves nothing behind.

    Do recipients need an account to open a shared document?

    No. A Sandra link opens like a normal web page on any device. The recipient clicks, sees what you sent, and downloads. If you set a password, they enter it first. That matters for document work because your counterparties, clients, opposing counsel, parents, or suppliers will not create an account just to receive one file, and every extra step pushes people back to insecure email attachments. Accounts are only needed on the sender's side, and even senders can transfer up to 5 GB free without one.

    What happens to a shared document after the link expires?

    The files behind the link are deleted from transfer storage. Nothing lingers in a forgotten shared folder, and the link stops resolving. This is the core difference between transfer links and general-purpose cloud drives, where access granted once quietly lasts forever. Documents you need to retain, such as executed contracts or final records, belong in Sandra's encrypted Vault storage, which is separate from short-lived transfer links and keeps files until you remove them. The pattern that works: share through expiring links, archive the final version in Vault.

    Can I control and track who opens a shared document?

    Yes, at three levels. First, expiry: every link stops working on the schedule you set, from hours to permanent on Pro. Second, access: add a password so only the intended recipient can open the download page. Third, visibility: Pro plans show you when files were downloaded and from where, so you know whether the document reached the right person. For documents that must stay sealed even from Sandra, enable end-to-end encryption: the file is encrypted in your browser with AES-256-GCM and the key travels only inside the link you share.

    Is Sandra suitable for legal, HR, or financial documents?

    Yes, that is what it is built for. Files are protected by TLS 1.3 in transit and AES-256 at rest on every plan, with one-tap end-to-end encryption for documents that need to be unreadable to everyone but the recipient. Core storage runs on EU infrastructure under GDPR-oriented practices, and Sandra never scans, profiles, or trains AI on file contents; that constraint is the reason the product exists. Law firms use it for intake and privileged delivery, schools for admissions records, and finance and HR teams for payroll, contracts, and personnel files. Details are published in the Privacy Policy.

    The next document you send deserves a door that closes.

    Free up to 5 GB, no account required, no credit card. End-to-end encryption included on every plan.

    Share a document securely