Secure file sharing for business

    Secure file sharing for business. In writing.

    Secure file sharing for business means moving client and internal files through a channel your company controls: encrypted, expiring, access-controlled, and auditable. This page lists what you should require, and exactly what Sandra does.

    No account for your clients and partners. Links that expire when the work is done. Shared workspaces with roles for the team. And never any scanning, ads, or AI training on your files.

    TLS 1.3 in transit
    AES-256 at rest
    Optional end-to-end encryption
    EU infrastructure

    The problem

    Every tool says it is secure

    The word costs nothing. Meanwhile the files actually leave through whatever is closest: an email attachment nobody can recall, a consumer drive link that never expires, a folder shared with a contractor in 2024 and never reviewed since.

    A business does not need another promise. It needs a short list of requirements it can hand to whoever reviews tools, and answers precise enough to check.

    So here is that list, nine requirements, with Sandra's answer to each, stated exactly as the product works today.

    The requirements

    What a business should require

    Nine questions your IT or compliance reviewer will ask, and the answers, ready to forward.

    In transit
    TLS 1.3 on every upload and download.
    At rest
    AES-256 on stored files, transfers and Vault alike.
    End-to-end option
    AES-256-GCM applied in your browser before upload. The decryption key travels in the link fragment and is never sent to our servers. One tap, on every plan including Free.
    Retention
    Every transfer link expires on a schedule you set. Expired files are deleted from transfer storage; records you keep belong in encrypted Vault storage.
    Access control
    Password-protected links on Pro. Role-based access and shared workspaces on Business, so the company owns the workflow.
    Delivery proof
    Download visibility on Pro: when a file was retrieved and from where. A client delivery is never a guess.
    Data residency
    EU infrastructure for core storage, with GDPR-oriented practices published in the Privacy Policy.
    Content policy
    No scanning, no profiling, no ads, and no AI training on your files. A founding constraint of the product, not a setting.
    Client friction
    Recipients and uploaders never need an account. A link opens in the browser, on any device, and works.

    For the team

    One way to share, for the whole company

    The real risk in business file sharing is rarely the tool; it is the five personal habits around it. One person emails attachments, another uses a private drive account, and when someone leaves, their links leave with them.

    On Business plans, the company works in shared workspaces with role-based access and team billing. Files, requests, and client folders belong to the organization. Everyone delivers the same way, with the same expiry and password rules, up to 2 TB per transfer.

    When a teammate moves on, the work stays in the workspace. That is the difference between a tool the team uses and a workflow the business owns.

    Common questions

    Asked before the switch

    More detail in the full FAQ and the Privacy Policy.

    What is secure file sharing for business?

    Secure file sharing for business means moving client and internal files through a channel the company controls, instead of personal email attachments and consumer drive links. In practice it requires encryption in transit (TLS 1.3) and at rest (AES-256), links that expire when the exchange is over, access controls such as passwords and team roles, proof of delivery, and a provider that does not analyze or train AI on file contents. The difference from consumer file sharing is accountability: a business needs to know where a file went, who opened it, and when access ended, and it needs to justify the tool choice to a compliance reviewer. That is why requirements you can verify matter more than a 'secure' badge on a homepage.

    What should a business require from a file sharing tool?

    Nine requirements cover most reviews: encryption in transit and at rest; an end-to-end option for files that must stay unreadable to the provider; expiring links so access ends when the work does; password protection; visibility on downloads; a data residency answer (where files are stored and under which law); a content policy in writing (no scanning, no ads, no AI training); low friction for external recipients, because every extra signup pushes people back to email; and team controls so the company owns the workflow rather than personal accounts. Sandra publishes its answer to each of these on this page, stated exactly as the product works, so a reviewer can verify rather than trust.

    Do clients and partners need an account to receive or send us files?

    No, in either direction. A delivery link opens as a normal download page in the browser; a file request opens as a normal upload page. Clients, suppliers, and partners click, see what you sent or what you need, and act; if you set a password, they enter it first. This matters commercially, not just technically: counterparties will not create an account to receive one contract, and every extra step pushes the exchange back to insecure email attachments. Accounts are only needed on your side of the exchange.

    How does Sandra work for a team?

    On Business plans, the company works in shared workspaces with role-based access and team billing, so files, requests, and client folders belong to the organization rather than to someone's personal account. Everyone sends the same way: private links with expiry, optional passwords, and download visibility, with transfers up to 2 TB and 2 TB of encrypted Vault storage for the records that must stay. When a teammate leaves, the work stays in the workspace. That standardization is usually the real win for a business: one delivery flow the whole team follows instead of five personal habits.

    Is Sandra GDPR compliant and where is our data stored?

    Core storage runs on EU infrastructure and Sandra follows GDPR-oriented practices, published in the Privacy Policy. Files are encrypted in transit with TLS 1.3 and at rest with AES-256, and end-to-end encryption is available on every plan for files that must stay unreadable even to Sandra. Just as important for a European business: Sandra never scans, profiles, serves ads from, or trains AI on file contents. That constraint is the founding reason the product exists, not a configuration you have to find and switch off.

    How much does secure file sharing cost for a small business?

    You can start free: transfers up to 5 GB with expiring links, no credit card, and end-to-end encryption included. Pro is €15 per month and adds 1 TB transfers, password protection, download analytics, permanent links, and 500 GB of encrypted Vault storage; for a solo professional or a very small business, Pro is usually enough. Business starts at €29 per seat per month for the first five seats, then €15 per seat, and adds shared workspaces, role-based access, team billing, and 2 TB transfers and Vault. You can cancel from settings at any time and your plan stays active until the end of the billing period.

    Hand the checklist to your reviewer. Then try the product.

    Free up to 5 GB, no account required, no credit card. Business workspaces from €29 per seat.

    Start sharing securely