Stop emailing
Start requesting them safely.
Magic-link document collection for recruiters and HR teams. New hires upload ID, work-eligibility, banking and signed offers through one secure link - virus-scanned, encrypted, and audit-logged. No portal login for the candidate.
14-day free trial · No charge until day 15 · Cancel anytime
Built for recruiters · staffing agencies · HR teams · onboarding specialists
I'm a…
“Every new hire emails me their SIN, a void cheque, and a photo of their ID across three separate messages.”
- One secure link collects the full onboarding package - no ATS or portal login for the candidate.
- Files virus-scanned and encrypted at rest, with an audit log of who submitted what and when.
- Reusable onboarding template so every new hire gets the same checklist in seconds.
- Send the signed offer and welcome package back through the same link.
Three steps. No software for your client.
Create a request
List the files you need. Pick from a starter template (mortgage, refinance, tax return, KYC) or build your own checklist.
Your client gets a magic link
One email, one click, no account. They see a tidy checklist on a page branded as your firm, not ours.
Files land in your dashboard
Each one is scanned for viruses, encrypted at rest, and added to the audit log so you know who sent what when.
Email wasn't built for client documents.
You already know the alternatives have problems. Here's how this stacks up against what you're probably doing today.
| Capability | Dropbox / WeTransfer | ReceiveVault | |
|---|---|---|---|
| Client needs an account | No | Often yes | No |
| Virus-scanned on arrival | No | No | Yes (ClamAV) |
| Audit log of who-sent-what-when | No | Limited | Every action |
| Branded as your firm | No | No | Yes |
| Files encrypted at rest | Provider-dependent | Yes | Yes |
| Optional end-to-end encryption | No | No | Yes (Business+) |
| Send files securely outbound | Attachment-only | Yes (separate flow) | Yes (same portal) |
| Canadian-hosted | Usually no | No | Yes, in Canada - outside US CLOUD Act jurisdiction |
The boring parts, done properly.
Virus scanning
Every upload goes through ClamAV before it lands in your dashboard. Infected files are quarantined and you get an alert.
Encryption at rest
Files live in S3-compatible object storage with server-side encryption. Optional client-side end-to-end encryption on Business+.
Full audit log
Every action gets a timestamped record with the actor: request created, link sent, file uploaded, file downloaded. Exportable.
No-account uploads
Your contact clicks a magic link and uploads. No password, no sign-up, no support email asking how to use Dropbox.
Canadian-hosted
Servers in Canada, TLS everywhere, secrets managed in environment variables, and no third-party trackers on customer-facing pages.
MFA on every account
TOTP, hardware passkeys (YubiKey / iCloud / Windows Hello), and recovery codes. Sudo gate on destructive actions.
Built for the people who send the scary stuff.
Stop chasing files over email
Send one link instead of a back-and-forth email thread. Your contact uploads everything in one place, and you get a clean, timestamped record of what arrived and when.
Addressed to one person, not the world
A request is for a single named recipient - not a public share anyone can open. Turn on one-time-code email verification and a forwarded link will not open for anyone else.
Every contact sends the same set
Build a checklist once and each person returns exactly the files you asked for. No more piecing together a dozen loose attachments per applicant or client.
No account for your contacts
The people you collect from never sign up or set a password. One link, upload, done - which means far fewer “how do I use this” replies landing in your inbox.
A defensible audit trail
Every request, upload, and download is timestamped with the actor. On a regulated file you can show exactly what was collected and when, without reconstructing it from an email thread.
Built for the sensitive stuff
Virus scanning, encryption at rest, configurable expiry, and download limits are there from the start - so the documents your clients are nervous about sending are handled carefully.
Common questions
Do candidates need to create an account?+
No. Candidates upload through a magic link, with optional one-time-code verification - no password to reuse or leak, and nothing extra to manage. Files are virus-scanned, encrypted at rest, and audit-logged.
Where are the files stored?+
On a Canadian S3-compatible object storage platform with server-side encryption. Files are never copied to third-party clouds, and they sit outside US CLOUD Act jurisdiction.
What happens to files after the request expires?+
Each request has a configurable expiry (default 30 days). After that, the magic link stops working. Files remain in your dashboard until you delete them or your retention policy removes them.
Is this HIPAA / GLBA / CCPA compliant?+
The product is built with privacy-by-design expectations in mind: minimum-necessary collection, audit logging, encryption, expiry. We are not HIPAA-certified and do not sign BAAs at this tier; for HIPAA-adjacent workflows we provide the technical building blocks (encryption, access logs, MFA) but compliance certification is your responsibility. GLBA and CCPA obligations are similarly supported but ultimately yours to attest.
Can I cancel during the trial?+
Yes. The 14-day trial is free and we don’t charge your card until day 15. Cancel any time from the billing page in your dashboard.
Can my clients reply to the magic-link email?+
Yes. Invite emails go out with your email address as the reply-to, so your client can ask a question and it lands in your inbox like a normal reply.
Try it on your next intake.
14 days free, every feature included. Cancel before day 15 and your card is never charged.