Encrypted Attachments

Email attachments don't expire

When a client emails you a signed contract, a certificate, or a private key file, that attachment sits in your inbox indefinitely. It's in their sent folder too. And probably in at least two cloud backups neither of you configured intentionally.

Files are easy to send, hard to unSend, and almost impossible to track after the fact.

How file encryption works

Every file you share or collect through doconvoy is encrypted in the browser before it leaves the sender's device. We generate a unique key for each file, encrypt the content using the same scheme as text secrets (XChacha20Poly1305), and upload the ciphertext. The key travels in the share link — not through our servers.

When the recipient opens the link, their browser fetches the encrypted file and decrypts it locally. We stored bytes we can't read. They get the file.

Two directions: sharing and collecting

Sharing files — Attach files to any secure share. The file and any text in the share are encrypted together and delivered through the same link. One link, one decryption, everything arrives.

Collecting files — Use an intake request to ask clients to upload documents. Contracts, identity documents, certificates, private key files — the client attaches and submits. Their browser encrypts before upload. You receive ciphertext you decrypt in your workspace.

What you can attach

Any file type. PDFs, images, spreadsheets, ZIP archives, PEM files, key exports. Size limits depend on your plan, but there are no format restrictions.

The same access controls apply

Files inherit the access controls of the share or request they're attached to. Email OTP, passcode, expiration, view limits — all of it applies to the file as much as to the text. You don't need to configure file security separately.