Confidential documents require more than just hitting "send." Whether you are sharing a legal contract, a financial statement, a medical record or an employee file, the transfer method you choose determines whether that document stays confidential.
This guide covers the practical steps for sharing confidential documents without exposing them to unnecessary risk.
What Makes a Document Confidential?
A document is confidential if unauthorized access could cause harm. Common examples:
- Legal - contracts, court filings, attorney-client communications, settlement agreements
- Financial - tax returns, bank statements, investment records, salary information
- Medical - patient records, lab results, insurance claims, prescriptions
- Business - trade secrets, strategic plans, M&A documents, customer lists
- Personal - identification documents, Social Security numbers, immigration papers
Why Email Is Not Safe for Confidential Documents
Standard email is the worst way to share confidential documents:
- Attachments are not encrypted end-to-end (the email provider can read them)
- Emails persist in both sender and recipient mailboxes indefinitely
- Attachments can be forwarded to unintended recipients with one click
- Email servers are high-value targets for hackers
- There is no way to revoke access after sending
The 5-Step Process for Sharing Confidential Documents
Step 1: Enable End-to-End Encryption
Go to easysend.co and toggle "End-to-End Encryption" before uploading. This encrypts your documents in your browser using AES-256-GCM. The server never sees the unencrypted content.
Step 2: Set a Strong Password
Choose a password of at least 12 characters. Mix uppercase, lowercase, numbers and symbols. This password derives the encryption key via PBKDF2 with 100,000 iterations. A weak password undermines the entire encryption.
Step 3: Upload and Share the Link
Drag your documents onto the page. They are encrypted before leaving your device. Copy the share link and send it to the recipient via your normal communication channel (email, chat, client portal).
Step 4: Send the Password Separately
This is the most important step that people skip. Send the password through a DIFFERENT channel than the link. If you emailed the link, text the password. If you sent the link via Slack, call them with the password. Two-channel sharing means an attacker would need to compromise both channels.
Step 5: Verify Receipt and Let Files Expire
Enable download notifications to receive an alert when the recipient accesses the documents. Once confirmed, let the files auto-expire (3 days on free tier) or delete them manually. Confidential documents should not remain accessible longer than necessary.
Additional Security Layers
Password Protection (Without Encryption)
For documents that are sensitive but not highly confidential, password protection adds an access gate without full encryption. The server verifies the password using bcrypt hashing before showing the download page.
Download Tracking
EasySend provides view counts and optional email notifications when files are downloaded. This creates an informal audit trail showing when the recipient accessed the documents. For regulated industries, this helps demonstrate compliance with data handling requirements.
Custom Vanity URLs
For professional document delivery to clients, Premium users can create clean URLs like easysend.co/smith-contract-2026. This looks more professional than a random code and makes it clear what the recipient is downloading.
Industry-Specific Considerations
- Legal professionals - attorney-client privilege requires confidential transfer. E2E encryption with auto-expiry. Never use unencrypted email for privileged documents.
- Accountants - tax returns contain Social Security numbers. Always encrypt. Send password via phone call, not email.
- Healthcare - HIPAA requires encryption for PHI in transit. E2E encryption with zero-knowledge architecture means no BAA is needed with EasySend because the service never accesses PHI.
- Finance - investment records and bank statements need encryption plus access controls. Use both password protection and E2E encryption.
Common Mistakes to Avoid
- Sending password and link in the same message
- Using weak passwords (123456, "password", company name)
- Leaving confidential documents accessible indefinitely
- Sharing via unencrypted email and assuming it is safe because "nobody will intercept it"
- Not confirming the recipient received the documents