Receive files

How to receive files securely from clients

Give the client a dedicated upload surface, not access to a shared workspace. The client should be able to read your instructions, add the requested files or directories and notes, and submit them without seeing unrelated files, other clients, or internal folders.

PhotonFile Secure Inbox is built for this boundary. It provides an external upload path backed by a Secure Inbox Vault, with controls such as instructions, sender notes, access codes, human verification, expiration, and notifications.

An upload link should not be a folder invitation

The client needs one action: submit the requested material. They do not need browse rights, team membership, or access to existing Vault content.

Where ordinary client intake goes wrong

Shared folders reveal too much

A client upload folder can accidentally expose filenames, prior submissions, staff notes, or files belonging to another matter.

Email creates uncontrolled copies

Sensitive documents can remain in sent mail, inboxes, forwarded threads, mobile devices, archives, and backups.

Shared credentials erase accountability

A common FTP or portal password is hard to rotate, hard to attribute, and often survives after the engagement ends.

Vague requests collect excess data

Clients may upload entire folders or identity records when only one statement, drawing, or signed form is required.

Compare secure intake methods

Comparison of methods for receiving files securely from clients
Method Good fit Privacy boundary
Email Small, low-sensitivity documents Creates mailbox copies and attachment-limit risk
Shared drive folder Ongoing collaboration with carefully managed permissions The client may see more than the upload task requires
SFTP account Established technical partners Requires account provisioning, client software, and offboarding
Generic form upload Simple intake with controlled form fields File size, encryption, retention, and storage model may be unclear
Secure Inbox Sensitive external file and directory uploads into a controlled Vault boundary Sender can submit files without browsing existing content

Set up a client-specific Secure Inbox

  1. 1. Create a dedicated Secure Inbox Vault. Use a client, matter, or project name that makes the boundary clear to your team.
  2. 2. Write exact instructions. State which files or directories are needed, accepted formats, naming rules, deadline, and what should not be uploaded.
  3. 3. Decide what the sender must identify. Ask for a project reference or sender note without requesting sensitive data that is not needed for routing.
  4. 4. Apply intake controls. Consider an access code, human verification, expiration, and notifications based on the sensitivity and distribution of the link.
  5. 5. Send the ingress link through a trusted channel. Verify the client contact before sending it, and use a separate channel for an access code when the risk justifies it.
  6. 6. Review the submission before moving it. Confirm the files match the request, then place accepted material into the correct internal Vault or workflow.

What the client can do

  • Open the upload link
  • Read your instructions
  • Add files or directories and sender notes
  • Submit files into the inbox

What the client cannot do

  • Browse existing Vault contents
  • See unrelated client files
  • Manage your workspace
  • Turn the upload link into team access

Privacy practices for sensitive client documents

Ask for the minimum.

Request only the records needed for the current decision, transaction, or project step.

Separate intake from collaboration.

An upload task should not automatically grant ongoing folder or workspace access.

Use a reference code.

Route the submission with a matter or project ID instead of putting sensitive details in filenames or notes.

Set an internal retention owner.

Decide who reviews, moves, retains, or deletes the submission after intake.

Public links should usually have another gate

When a Secure Inbox link appears on a public site, social profile, or broadly forwarded message, strongly consider an access code and human verification. The link reaches the upload page; the additional control helps limit who can submit.

Security is a workflow, not only an upload page

Protect the PhotonFile account with verified contact information and MFA. Store Vault recovery material outside the same account or device. Review who internally can access the destination Vault, and remove access when the engagement ends.

For technical detail about Vault encryption and operational metadata, use the Vault technical security overview.

Common questions

Frequently asked questions

Can a client browse my Vault through Secure Inbox?

No. The documented Secure Inbox flow gives the sender a focused upload path without browse access to existing Vault contents.

Does the client need workspace membership?

No workspace membership is needed for the documented external upload task. The link does not turn into team access.

Can a client upload a directory?

Yes. A client can upload individual files or a directory through Secure Inbox without gaining browse access to existing Vault contents.

Should every client have a separate Secure Inbox?

Use separate inboxes when clients, matters, projects, or sensitivity levels should remain isolated. A clear boundary also improves routing and retention decisions.

Should I require an access code?

Strongly consider one when the link is public, broadly distributed, or used for sensitive documents. Send the code through a separate trusted channel when appropriate.

What instructions should I include?

List the required documents, accepted formats, naming convention, project reference, deadline, maximum practical package size, and what the client should do after a failed upload.

What happens after a client submits files?

Review the submission, confirm it matches the request, and move accepted material into the correct internal Vault or business process under your retention policy.

Keep going

Product and technical references: Secure Inbox overview Secure Inbox setup guide Vault technical security Vault pricing

Create a client upload boundary

Open Secure Inbox, create a dedicated intake Vault, write the exact request, and share the ingress link only with the client who should submit the files.