Secure file sharing

How to send encrypted files without a cloud-drive folder

Use PhotonFile Relay for a live encrypted handoff. Select the file, enable optional client-side encryption in a supported flow, share the full link with the recipient, and keep the session active until delivery completes.

Relay is for a live handoff: it moves the file while both people are present, without creating a stored download. If the recipient needs to pick it up later, use Vault.

Encryption does not require permanent storage.

A live transfer can protect the file in transit and, in supported flows, encrypt it on the client before it reaches the relay. The file does not need to become a permanent cloud-drive object merely to move from sender to recipient.

Why a cloud-drive folder is not always the right path

Stored links are useful when later access is required. They add unnecessary retention and permission work when the real job is a one-time handoff while both sides are ready.

Unnecessary retention

A one-time send can remain in storage, backups, sync folders, and stale shares long after the recipient has the file.

Overbroad permissions

A shared folder can expose filenames, adjacent content, or future additions beyond the one file being delivered.

Password-archive friction

Encrypted ZIP files create password distribution, compatibility, and revocation problems without solving delivery timing.

Mixed security models

Transport encryption, client-side encryption, recipient verification, and retention answer different questions and should not be collapsed into one checkbox.

Compare encrypted delivery methods

The best method depends on whether the file should disappear from the transfer path after delivery or remain available. Relay is the live, short-lived model. Vault is the persistent encrypted model.

Comparison of methods for sending encrypted files without a cloud-drive folder
Method When it works Limitation How PhotonFile fits
PhotonFile Relay Both sides are ready for a live one-time handoff The session must remain active, the full link must be protected, and client-side encryption needs a compatible PhotonFile client Uses encrypted transport by default, with optional client-side encryption before upload in supported flows, without creating retained pickup storage
Encrypted ZIP by email A small file and a recipient who can handle the archive Password sharing, attachment limits, and no link revocation Use Relay to avoid splitting the password and payload across an email workflow
Cloud-drive encrypted link The recipient needs later pickup or ongoing access The file becomes retained content and permissions must be managed Use Vault when persistence is intentional. Do not force a live send into storage.
SFTP Automation, scheduled jobs, or protocol requirements Server accounts, client configuration, and key management remain operational work Use Relay for human-driven one-time delivery and keep SFTP for integrations
Peer-to-peer tool Both endpoints can connect directly and the network permits it Peer IP exposure, NAT, firewall, or client compatibility may complicate delivery PhotonFile uses a controlled relay path without requiring peers to expose network addresses to each other

Prepare the encrypted handoff

  1. 1. Verify the recipient first

    Confirm the person and contact channel before creating or sharing the live link.

  2. 2. Confirm both sides can stay online

    Relay is active delivery, so schedule a window for large or sensitive files.

  3. 3. Select only the intended file

    Remove unrelated material and use a clear versioned filename.

  4. 4. Choose the encryption mode

    Use optional client-side encryption in a supported flow when the recipient environment can open the full link.

  5. 5. Protect the full link

    The link can contain the decryption material. Treat it as a secret and avoid broad or permanent posting.

  6. 6. Keep an integrity reference

    Record the size or checksum when the recipient must prove the exact file arrived.

Relay workflow

Send the encrypted file in a live session

  1. 1. Open PhotonFile Relay. Use the web or desktop client supported by the sender and recipient environment.
  2. 2. Select the file or files. Confirm the version, size, sensitivity, and recipient before starting.
  3. 3. Enable client-side encryption when desired. In supported PhotonFile Desktop and browser flows, file chunks are encrypted before upload and the decryption material is carried in the link fragment.
  4. 4. Begin the transfer. PhotonFile creates a live Relay session rather than a stored pickup folder.
  5. 5. Share the full link with the recipient. They can receive the Relay transfer without creating a PhotonFile account. The full link must remain confidential.
  6. 6. Keep the workflow active. Both sides remain connected until completion. Use eligible resume or Retry behavior after interruptions.
  7. 7. Verify and close. Confirm the file size or checksum, then end the session and handle the local source according to policy.

What the encryption layers do

TLS protects the connection

Relay traffic uses encrypted transport between the client and service. This protects data in transit on the network path.

Client-side encryption protects the payload

In supported PhotonFile Desktop and browser flows, file chunks are encrypted before upload so the relay handles ciphertext rather than plaintext file data.

The link carries access

Client-side encrypted links keep key material in the URL fragment. It is not sent in normal HTTP requests, but anyone with the full link may be able to decrypt.

Live state

Relay is short-lived by design

Encrypted chunks move during the active session instead of becoming a stored delivery bucket by default.

Client control

Optional encryption happens before upload

Supported client-side flows keep decryption material with the shared link rather than a server-side key.

Recipient access

No account is required to receive

The external recipient completes the live download task without becoming a PhotonFile workspace member.

The full link is sensitive

Client-side encryption does not make link handling irrelevant. The decryption material is part of the complete link, so a forwarded or exposed link can transfer access to someone else.

Verify the recipient and use a trusted channel.

Encryption does not prove compliance

Client-side encryption and encrypted transport are technical controls. Identity verification, data minimization, retention, local copies, incident response, and legal obligations still belong to the workflow.

Do not market a single encryption setting as automatic compliance.

Use Vault when the file must remain available.

Relay is not a delayed pickup service. When the recipient needs to download after the live session, when versions must remain accessible, or when a managed share is required, store the file intentionally in Photon Vault and create a scoped share.

Where File Pass fits

A File Pass is a per-file option for an occasional large Relay transfer. It uses the same live path, is consumed only after completion, and remains available after an incomplete attempt. It does not create storage or change the recipient timing.

Common questions

Frequently asked questions

How do I send an encrypted file without uploading it to a cloud-drive folder?

Use PhotonFile Relay. Select the file, enable optional client-side encryption in a supported flow, share the full live link, and keep the session active until the recipient finishes.

Does Relay store the file for later download?

No. Relay is designed for live delivery with short-lived transfer state rather than stored pickup. Use Vault when the file must remain available later.

What protects a Relay transfer?

Relay uses encrypted transport. In supported PhotonFile Desktop and browser flows, optional client-side encryption encrypts file chunks before upload so the relay handles ciphertext and the decryption key remains in the link fragment.

Does the decryption key go to the server?

With client-side encryption, key material is kept in the URL fragment, which is not sent as part of normal HTTP requests. The full link is still sensitive and must be protected.

Does the recipient need a PhotonFile account?

No. The recipient can receive a Relay transfer without creating a PhotonFile account.

Can I use a File Pass for an encrypted Relay transfer?

A File Pass is a per-file option on the same live Relay path for an occasional large send. It is consumed only after a completed transfer and does not turn the session into stored delivery.

Keep going

Product and technical references: Relay guide Ephemeral transfer model Relay technology PhotonFile FAQ File Pass pricing

Move the file. Do not create a storage folder.

Open Relay, choose optional client-side encryption in a supported flow, and keep the live handoff active until the intended recipient verifies the download.