How to Safely Share Sensitive PDFs: Encryption, Passwords, and Expiry

PDF is the default format for sensitive documents: contracts, invoices, tax returns, medical reports, legal filings. It has an air of officialness that makes people treat it as inherently secure. It isn't. A standard PDF is just a file. Without deliberate protection, it can be opened, copied, forwarded, and indexed by search engines if it ends up in the wrong place. Here's how to actually protect one.

Also readHow to Share Sensitive Documents Online Securely →

Layer 1: Protect the PDF Itself

Password Encryption (Open Password)

An "open password" on a PDF requires anyone opening the file to enter a password first. This protects the content even if the file ends up somewhere unintended. The encryption used in modern PDFs (AES-256 in PDF 1.7 and later) is genuinely strong — the limiting factor is password quality, not the encryption algorithm.

How to set it:

• Adobe Acrobat: Tools → Protect → Encrypt → Encrypt with Password. Select "Require a password to open the document." Choose AES-256 encryption (the strongest option in the dropdown).
• LibreOffice (free): File → Export as PDF → Security tab → Set open password.
• Microsoft Word (when exporting to PDF): File → Save As → More options → Tools → General Options → Open password.
• macOS Preview (free): File → Export as PDF → Show Details → check "Encrypt" and set a password.

Password quality matters: A 6-character password is crackable in minutes with modern hardware. Use a passphrase of at least 12 characters. Something memorable but not guessable: "BlueSky-Contract-2025" is far stronger than "pass123."

Permissions Password (Editing/Printing Restrictions)

Separate from the open password, PDFs support a "permissions password" that restricts what recipients can do: prevent printing, prevent copying text, prevent editing. This is useful for final documents you want read-only. Note: permissions restrictions are weaker than open password encryption and can be bypassed with freely available tools. Don't rely on them alone for genuinely sensitive documents — combine with an open password.

Redaction for Partial Sharing

If you need to share a document but some sections should be withheld (for example, sharing a contract with redacted salary figures), use proper redaction — not just black boxes drawn over text. Black boxes drawn in Word or Acrobat using shapes or highlighting can often be removed or the underlying text copied. True redaction in Adobe Acrobat (Tools → Redact → Mark for Redaction → Apply) permanently removes the underlying content, not just covers it visually.

Layer 2: Choose the Right Transfer Method

Even a perfectly encrypted PDF becomes a liability if you send it through a channel that creates permanent, uncontrolled copies.

For Immediate Delivery: encrypted Transfer

Zapfile is the right tool for sensitive PDF delivery. The file is encrypted in transit (TLS) and at rest (AES-256) while staged on Cloudflare R2, then permanently deleted the moment the recipient downloads it. No persistent server copy. The link expires after download. Combined with a password on the PDF itself, you get two independent layers of protection: a protected transfer channel and an encrypted file on the recipient's device.

📄Related guideHow to Send Confidential Files Online Securely→

For Async Delivery: Encrypted Link With Expiry

When the recipient will download later, use a service that encrypts the file in transit and at rest, and sets a link expiry. Proton Drive shared links support custom expiry dates and optional link passwords. WeTransfer (free tier) auto-expires at 7 days. Both are significantly better than a permanent Google Drive link for sensitive PDFs.

For Email: Password-Protect First, Always

If you must send a sensitive PDF by email — and sometimes you must, because that's what the recipient expects — password-protect it before attaching. Send the password via a different channel (text message, phone call). This doesn't eliminate the email retention problem, but it means that if the email is accessed without authorization, the attachment is still protected.

Layer 3: Control Access After Delivery

Confirm Receipt

Get explicit confirmation that the right person received and opened the file. This closes the loop and triggers the cleanup step.

Revoke or Expire the Share

If you used a cloud share, revoke access after confirmed receipt. If you used a transfer tool with auto-expiry, verify the expiry date was set correctly. For encrypted transfer with auto-delete, the link expires after the recipient downloads — no action needed.

Track Who Has It

For important documents, maintain a simple record: what was sent, to whom, via what method, on what date. A shared spreadsheet or even a notes file is sufficient. Useful if a dispute arises about whether something was delivered, or if you need to do a security audit of what's out there.

What Not to Do

• Don't rely on "read-only" view links — Google Drive view-only links can be bypassed with browser developer tools. If the content is sensitive, the view-only setting is not adequate protection.
• Don't use the same password for every PDF — If one document's password is compromised, all your other protected PDFs are also compromised. Use document-specific passwords for truly sensitive files.
• Don't assume the recipient has deleted their copy — Confirmation that they've downloaded it doesn't mean they've deleted it. For ongoing confidentiality, discuss document retention expectations explicitly with recipients of sensitive documents.
• Don't print-to-PDF without checking metadata — Some software embeds author name, company, and edit history when printing to PDF. Check File → Properties in Acrobat before sending to see what metadata is embedded.

The Two-Layer Rule

My practical recommendation for any sensitive PDF: always use at least two independent layers of protection. Password on the file plus expiring link. Password on the file plus encrypted transfer. These combinations mean that a failure in one layer doesn't expose the content — the second layer holds. In regulated contexts, the FTC's data security guidance explicitly recommends encrypting sensitive data both at rest and in transit as a baseline requirement.

It takes an extra two minutes to password-protect a PDF before sending. For a document containing someone's tax details, medical records, or business financials, those two minutes are worth it every time.