Almost every adult now has to occasionally send a file that would make them wince if it showed up on a stranger's laptop. A payslip for a mortgage broker. A passport scan for a landlord. A signed contract for a new job. A medical letter for an insurance form. This is normal, unavoidable, and — done badly — it leaves the file sitting in inboxes, cloud drives, and chat histories for years.
This post is a practical guide for the exact case of "I need to get this one file to this one person, right now, and I would like it to not be everywhere forever." It is not paranoid, it is not aimed at investigative journalists, and it does not require any software you don't already have.
First, decide what "sensitive" means for this file
There are three rough levels. Level one, awkward if leaked: a scan of a CV or a personal photo. Level two, harmful if leaked: a payslip, a bank statement, a contract, a home address on a form. Level three, seriously damaging: a passport scan, national ID, medical records, tax returns, custody documents. The right amount of care scales with the level. Level-one files can go over normal email. Level-two files deserve a little friction. Level-three files deserve real friction.
Most people misjudge downward. "It's just a payslip" — a payslip is enough information for someone to open a store card in your name in most countries. It is a level-two document.
The three most common bad ways
The first bad way is emailing the file as an attachment to a personal address (@gmail.com, @yahoo.com). The file is now stored, in the clear, in both your Sent folder and their Inbox, forever, on servers you don't control. If either account is ever breached — and personal email breaches are the most common breach — the file is in the dump.
The second bad way is a public link on a big consumer cloud drive (Dropbox / Google Drive / iCloud) with "anyone with the link can view". Those links get logged, cached, leaked in browser histories, and forwarded. Six months later you have no idea who can still access that document.
The third bad way is uploading to a random file-transfer website you found on Google. The file goes to a server, sits there for anywhere from an hour to a year depending on the service, and is protected only by URL obscurity. Multiple such services have had public breaches. If the file is level two or three, this is the worst option on the list.
The good way, for level two
Send the file as an encrypted PDF over your normal email. Almost every PDF tool, including Bluebird's PDF password protector, can add a password to a PDF in about ten seconds — the password becomes required to open the file. Email the PDF. Send the password separately over a different channel (SMS, iMessage, WhatsApp — anything that isn't the same email account). Now, if either channel is intercepted alone, the attacker has half of what they need. If your email is later breached, the file in your Sent folder is still password-protected.
This is not perfect cryptography — PDF passwords use a well-understood cipher and can be attacked offline — but it turns a two-second copy into a multi-hour brute-force job, which is enough to defeat every scenario short of a targeted attack. For a payslip or a signed lease, it is comfortably the right level of care.
The better way, for level three
Use an end-to-end encrypted messenger you both already have. Signal, iMessage between two Apple users, WhatsApp (yes, really — end-to-end encrypted media is the default), or Threema. These platforms encrypt the file on your device with a key only the recipient's device holds; the servers store the ciphertext and can't decrypt it, and by default the message can be set to disappear.
Set the message to auto-delete on a short timer (24 hours is plenty). Confirm the person received and opened it, then delete on your side too. Now the file exists on two devices for one day and on no server ever. This is genuinely the safest widely-available option for a passport scan in 2026, and it costs nothing.
If you can't use a messenger — because the recipient is a bank or a legal office that only accepts email — encrypt the file locally, upload it to a self-destructing service that supports client-side encryption (or use their SFTP portal if they offer one), and send the password over a second channel. Never use a random "drop your file here" website you found on Google for a level-three document.
Small habits that pay off
Redact before you send. If the mortgage broker needs the summary line of your payslip, they don't need your full national ID number at the top. Two minutes with a PDF redactor to blank out the fields they don't need reduces the blast radius if the file does leak.
Rotate what's in the file when you can. A passport scan you sent last year is not the same passport scan you'd send today — the photo is a year older, the machine-readable zone is the same. If the recipient asks for a scan, take a fresh photo rather than resending an old one; that way, if the old one ever surfaces, it's easier to reason about who leaked it.
Ask for the file back. On level-three documents, it is completely reasonable to ask the recipient to delete the file after they've used it, and to confirm they have. Professional services do this all the time — landlords, brokers, and HR teams should not be offended. If they are, that is useful information.
The bottom line
The right answer isn't "never share files" — you have to. The right answer is: match the friction to the sensitivity, prep the file locally before it leaves your device, and pick a channel that isn't a public link on someone else's server. Do that consistently for a year and the copies of your most sensitive documents living out there in the world will drop from dozens to a handful. That is the entire game.



