For legal teams
Send privileged documents
and prove they're gone.
Encrypt. Witness. Destroy.
NDA exchanges, deal documents, regulator submissions, M&A diligence packets. Everything you send is encrypted in your browser. Everything you destroy comes with a receipt opposing counsel can independently verify.
THE CHALLENGE
The problem
What teams in this role actually run into when secure transfer goes wrong.
01
Forwarding chains are out of your hands
Once an attachment leaves your outbox, the chain is gone. Sensitive documents end up in non-privileged inboxes, archived in personal Drives, and forwarded to people who were never on the original distribution.
02
Deletion theater isn't a defense
"Please delete this email after review" doesn't survive a discovery interview. Deletion theater is not a defense; cryptographically provable destruction is.
03
Your DMS and VDR weren't built for this
Document management systems hold matter files; virtual data rooms host structured diligence; neither produces a destruction artifact a court will accept as evidence of disposal. The privileged-transfer-with-defensible-destruction case sits in the gap between them, and CIPH4 owns that gap.
THE SOLUTION
What CIPH4 gives you
The product surface that maps to those problems, one feature at a time.
01
Passphrase plus single-view defaults
Passphrases hashed in the recipient's browser before they reach our servers, delivered out-of-band; one view burns the link. Use both for documents privileged on receipt.
02
Recipient identity bindingTeams
Force the recipient to verify their email via a single-use magic link before they can decrypt. Defeats forwarding even when the original link leaks.
03
Modify after sendTeams
Tighten view caps, shorten expiry, or add a passphrase to an already-shared link. Useful when an engagement scope changes after the document is out.
04
Signed deletion receiptsEnterprise
Every Enterprise burn produces a cryptographically signed receipt anchored to the tamper-evident audit log. Drop into your file. Opposing counsel can verify it on our public /verify page.
05
Per-drop audit timeline
Every event on a drop — created, viewed, burned, revoked — is recorded in a tamper-evident, timestamped audit log. Pull the timeline into a discovery response without manual reconstruction.
06
Real-time access notification
See the exact moment opposing counsel opens the document. Live dashboard update and email notification on every plan; tamper-evident webhook delivery on Enterprise.
THE FLOW
How a typical workflow looks
A typical sequence — from intent to evidence — in three steps.
01
Compose
Drop the document into a new link, set passphrase + one view, deliver the passphrase out-of-band (phone, separate channel).
02
Observe
Watch the open event arrive in real time. Open events, IP address, and approximate location are logged to the tamper-evident audit log the moment the recipient decrypts.
03
Document
When the link burns — by single-view exhaustion, manual revoke, or expiry — pull the signed deletion receipt. File it with the matter.
THE FRAMING
Where CIPH4 fits your program
How the same building blocks land against the frameworks your auditor cares about.
01
Frameworks we map
GDPR Article 17 (right to erasure), CCPA, and jurisdiction-specific privilege rules.
02
Controls we ship
Passphrase plus single-view defaults, recipient identity binding, modify-after-send, and a per-drop audit timeline.
03
Artifacts we generate
Cryptographically signed deletion receipts. Proof destruction occurred at a specific moment, verifiable on our public /verify page.
Ready to see it?
20 free links a month, no credit card. When you need single sign-on, compliance templates, or signed deletion receipts your auditor can verify — we'll talk.