Shared folders reveal too much
A client upload folder can accidentally expose filenames, prior submissions, staff notes, or files belonging to another matter.
Give the client a dedicated upload surface, not access to a shared workspace. The client should be able to read your instructions, add the requested files or directories and notes, and submit them without seeing unrelated files, other clients, or internal folders.
PhotonFile Secure Inbox is built for this boundary. It provides an external upload path backed by a Secure Inbox Vault, with controls such as instructions, sender notes, access codes, human verification, expiration, and notifications.
The client needs one action: submit the requested material. They do not need browse rights, team membership, or access to existing Vault content.
A client upload folder can accidentally expose filenames, prior submissions, staff notes, or files belonging to another matter.
Sensitive documents can remain in sent mail, inboxes, forwarded threads, mobile devices, archives, and backups.
A common FTP or portal password is hard to rotate, hard to attribute, and often survives after the engagement ends.
Clients may upload entire folders or identity records when only one statement, drawing, or signed form is required.
| Method | Good fit | Privacy boundary |
|---|---|---|
| Small, low-sensitivity documents | Creates mailbox copies and attachment-limit risk | |
| Shared drive folder | Ongoing collaboration with carefully managed permissions | The client may see more than the upload task requires |
| SFTP account | Established technical partners | Requires account provisioning, client software, and offboarding |
| Generic form upload | Simple intake with controlled form fields | File size, encryption, retention, and storage model may be unclear |
| Secure Inbox | Sensitive external file and directory uploads into a controlled Vault boundary | Sender can submit files without browsing existing content |
Request only the records needed for the current decision, transaction, or project step.
An upload task should not automatically grant ongoing folder or workspace access.
Route the submission with a matter or project ID instead of putting sensitive details in filenames or notes.
Decide who reviews, moves, retains, or deletes the submission after intake.
When a Secure Inbox link appears on a public site, social profile, or broadly forwarded message, strongly consider an access code and human verification. The link reaches the upload page; the additional control helps limit who can submit.
Protect the PhotonFile account with verified contact information and MFA. Store Vault recovery material outside the same account or device. Review who internally can access the destination Vault, and remove access when the engagement ends.
For technical detail about Vault encryption and operational metadata, use the Vault technical security overview.
Common questions
No. The documented Secure Inbox flow gives the sender a focused upload path without browse access to existing Vault contents.
No workspace membership is needed for the documented external upload task. The link does not turn into team access.
Yes. A client can upload individual files or a directory through Secure Inbox without gaining browse access to existing Vault contents.
Use separate inboxes when clients, matters, projects, or sensitivity levels should remain isolated. A clear boundary also improves routing and retention decisions.
Strongly consider one when the link is public, broadly distributed, or used for sensitive documents. Send the code through a separate trusted channel when appropriate.
List the required documents, accepted formats, naming convention, project reference, deadline, maximum practical package size, and what the client should do after a failed upload.
Review the submission, confirm it matches the request, and move accepted material into the correct internal Vault or business process under your retention policy.
Keep going
Design operational intake for multi-file and multi-gigabyte submissions, retries, and notifications.
Apply recipient verification and deliberate retention when sending information back out.
Remove shared credentials and client software from human-driven upload workflows.
Product and technical references: Secure Inbox overview Secure Inbox setup guide Vault technical security Vault pricing
Open Secure Inbox, create a dedicated intake Vault, write the exact request, and share the ingress link only with the client who should submit the files.