Feature
Access Controls
Control exactly who can access your secrets and under what conditions. Passcodes, email OTP, allow lists, deny lists, expiration rules, and view limits — layered to fit your workflow.
Email OTP verification
Require recipients to verify their email address with a one-time code before accessing the secret.
Passcode protection
Add a passcode layer that recipients must enter separately from the link itself.
Allow lists
Restrict access to specific email addresses or domains only.
Deny lists
Block access from specific email addresses or domains.
Expiration rules
Set a hard expiration date and time after which the link becomes inactive.
View limits
Automatically deactivate a link after a specified number of views.
Encryption isn't enough on its own
End-to-end encryption means we can't read your secrets. But a link without access controls can still be opened by anyone who receives it — whether or not they were the intended recipient.
Access controls are the layer between "encrypted and stored" and "actually secure for this specific situation."
Email OTP verification
The recipient enters their email address and receives a one-time code. They verify it before the decryption happens. This ties access to a specific identity — not just anyone with the URL.
Good for: credential handoffs to specific individuals, client intake forms, any share where you know exactly who should see it.
Passcode protection
Add a 6-character passcode that recipients must enter separately from the link. You share the code through a different channel.
The logic: if the link is intercepted, the attacker still needs the passcode. Two factors, two channels.
Good for: high-sensitivity handoffs, sharing within teams where you want belt-and-suspenders protection.
Allow and deny lists
Restrict access by email address or domain. An allow list opens the share only to those addresses or domains (up to 20 entries). A deny list blocks specific addresses or domains.
Good for: team-internal shares, client-specific forms, blocking access from known problematic addresses.
View limits
Set a maximum number of times a link can be opened — between 1 and 100. The link deactivates automatically after the limit is reached.
A view limit of 1 creates a true one-time link: used once, then gone.
Good for: any handoff where you want exactly one person to access the secret, and no more.
Expiration dates
Set a hard deadline. After that date and time, the link stops working — regardless of how many times it was accessed.
Good for: time-sensitive credentials, temporary access grants, anything that shouldn't remain accessible indefinitely.
Layering controls
These controls work independently and can be combined. Some examples:
- One-time handoff to a specific person: email OTP + 1 view limit
- High-security share: passcode + email OTP + expiration
- Team-only access: domain allow list + expiration
- Vendor intake: email OTP + expiration date
You only need the controls that match the situation. A share to a trusted colleague is different from a credential handoff to a new contractor — treat them differently.
Join agencies, consultants, and remote teams who handle sensitive information securely. 3-day trial per workspace. No credit card required.
Explore Access Controls