Unnecessary retention
A one-time send can remain in storage, backups, sync folders, and stale shares long after the recipient has the file.
Use PhotonFile Relay for a live encrypted handoff. Select the file, enable optional client-side encryption in a supported flow, share the full link with the recipient, and keep the session active until delivery completes.
Relay is for a live handoff: it moves the file while both people are present, without creating a stored download. If the recipient needs to pick it up later, use Vault.
A live transfer can protect the file in transit and, in supported flows, encrypt it on the client before it reaches the relay. The file does not need to become a permanent cloud-drive object merely to move from sender to recipient.
Stored links are useful when later access is required. They add unnecessary retention and permission work when the real job is a one-time handoff while both sides are ready.
A one-time send can remain in storage, backups, sync folders, and stale shares long after the recipient has the file.
A shared folder can expose filenames, adjacent content, or future additions beyond the one file being delivered.
Encrypted ZIP files create password distribution, compatibility, and revocation problems without solving delivery timing.
Transport encryption, client-side encryption, recipient verification, and retention answer different questions and should not be collapsed into one checkbox.
The best method depends on whether the file should disappear from the transfer path after delivery or remain available. Relay is the live, short-lived model. Vault is the persistent encrypted model.
| Method | When it works | Limitation | How PhotonFile fits |
|---|---|---|---|
| PhotonFile Relay | Both sides are ready for a live one-time handoff | The session must remain active, the full link must be protected, and client-side encryption needs a compatible PhotonFile client | Uses encrypted transport by default, with optional client-side encryption before upload in supported flows, without creating retained pickup storage |
| Encrypted ZIP by email | A small file and a recipient who can handle the archive | Password sharing, attachment limits, and no link revocation | Use Relay to avoid splitting the password and payload across an email workflow |
| Cloud-drive encrypted link | The recipient needs later pickup or ongoing access | The file becomes retained content and permissions must be managed | Use Vault when persistence is intentional. Do not force a live send into storage. |
| SFTP | Automation, scheduled jobs, or protocol requirements | Server accounts, client configuration, and key management remain operational work | Use Relay for human-driven one-time delivery and keep SFTP for integrations |
| Peer-to-peer tool | Both endpoints can connect directly and the network permits it | Peer IP exposure, NAT, firewall, or client compatibility may complicate delivery | PhotonFile uses a controlled relay path without requiring peers to expose network addresses to each other |
Confirm the person and contact channel before creating or sharing the live link.
Relay is active delivery, so schedule a window for large or sensitive files.
Remove unrelated material and use a clear versioned filename.
Use optional client-side encryption in a supported flow when the recipient environment can open the full link.
The link can contain the decryption material. Treat it as a secret and avoid broad or permanent posting.
Record the size or checksum when the recipient must prove the exact file arrived.
Relay workflow
Relay traffic uses encrypted transport between the client and service. This protects data in transit on the network path.
In supported PhotonFile Desktop and browser flows, file chunks are encrypted before upload so the relay handles ciphertext rather than plaintext file data.
Client-side encrypted links keep key material in the URL fragment. It is not sent in normal HTTP requests, but anyone with the full link may be able to decrypt.
Live state
Encrypted chunks move during the active session instead of becoming a stored delivery bucket by default.
Client control
Supported client-side flows keep decryption material with the shared link rather than a server-side key.
Recipient access
The external recipient completes the live download task without becoming a PhotonFile workspace member.
Client-side encryption does not make link handling irrelevant. The decryption material is part of the complete link, so a forwarded or exposed link can transfer access to someone else.
Verify the recipient and use a trusted channel.
Client-side encryption and encrypted transport are technical controls. Identity verification, data minimization, retention, local copies, incident response, and legal obligations still belong to the workflow.
Do not market a single encryption setting as automatic compliance.
Relay is not a delayed pickup service. When the recipient needs to download after the live session, when versions must remain accessible, or when a managed share is required, store the file intentionally in Photon Vault and create a scoped share.
A File Pass is a per-file option for an occasional large Relay transfer. It uses the same live path, is consumed only after completion, and remains available after an incomplete attempt. It does not create storage or change the recipient timing.
Common questions
Use PhotonFile Relay. Select the file, enable optional client-side encryption in a supported flow, share the full live link, and keep the session active until the recipient finishes.
No. Relay is designed for live delivery with short-lived transfer state rather than stored pickup. Use Vault when the file must remain available later.
Relay uses encrypted transport. In supported PhotonFile Desktop and browser flows, optional client-side encryption encrypts file chunks before upload so the relay handles ciphertext and the decryption key remains in the link fragment.
With client-side encryption, key material is kept in the URL fragment, which is not sent as part of normal HTTP requests. The full link is still sensitive and must be protected.
No. The recipient can receive a Relay transfer without creating a PhotonFile account.
A File Pass is a per-file option on the same live Relay path for an occasional large send. It is consumed only after a completed transfer and does not turn the session into stored delivery.
Keep going
Deliver the original media file through the live Relay path.
Keep the recipient task separate from workspace membership.
Add recipient verification, scope, retention, and post-download controls.
Product and technical references: Relay guide Ephemeral transfer model Relay technology PhotonFile FAQ File Pass pricing
Open Relay, choose optional client-side encryption in a supported flow, and keep the live handoff active until the intended recipient verifies the download.