For security teams
Send security findings
and prove you destroyed them.
Encrypt. Track. Destroy.
Pen-test reports, incident artifacts, and forensic packages need to reach exactly one person, leave no trace, and produce defensible evidence. CIPH4 is built for that workflow.
THE CHALLENGE
The problem
What teams in this role actually run into when secure transfer goes wrong.
01
Findings get forwarded
Sensitive findings get forwarded, archived in inboxes, and persist in Slack channels long after the engagement closes. Once a report leaves your laptop, you lose control of where it sits.
02
Chain of custody is required
Auditors and incident-response packets want provable destruction, not a screenshot of a deleted folder. A defensible destruction artifact is table stakes for any external report.
03
Your vuln management tool can't enforce destruction
Vulnerability platforms produce the finding; ticketing tools track the remediation; neither can guarantee the report itself was destroyed after it left your laptop. CIPH4 owns that layer — the encrypted transfer and the receipt your closeout file needs.
THE SOLUTION
What CIPH4 gives you
The product surface that maps to those problems, one feature at a time.
01
Revocable drops
Kill a link instantly when an investigation pivots. The moment you click revoke, the encrypted bytes are deleted from storage in the same step.
02
Threat dashboardEnterprise
Behavioral detection across every drop your team has issued: attempted enumeration, geo anomalies, rapid-access bursts, link forwarding, brute-force attempts, unusual access times, and per-creator baseline anomalies.
03
IP allow / block rulesEnterprise
Per-org allowlists and blocklists. Pin recipient access to your engagement-partner network ranges before you share the link.
04
Signed deletion receiptsEnterprise
Every Enterprise burn produces an Ed25519-signed receipt anchored to the audit chain. Drop it into your incident-response file and any auditor can verify it on our public /verify page.
05
Tamper-evident audit trail
Every event is cryptographically linked to the one before it. Tampering breaks the chain on the next continuous-verify sweep, and you find out before the auditor does.
06
Modify after sendTeams
Tighten an active drop without revoking it — drop view caps, shorten expiry, force a passphrase. Useful when engagement scope changes after the report is already out.
THE FLOW
How a typical workflow looks
A typical sequence — from intent to evidence — in three steps.
01
Create
Encrypt the report in your browser, set a view cap and a passphrase, generate a one-time link. The plaintext never reaches our servers.
02
Watch
Real-time access events stream to your dashboard the moment the recipient opens the link. Heartbeats, geo, IP — all logged.
03
Prove
Burn the drop manually or let the expiry rules trigger. Pull the Ed25519 deletion receipt for your file. Anchored to the audit chain; verifiable anytime on our public /verify page.
THE FRAMING
Where CIPH4 fits your program
How the same building blocks land against the frameworks your auditor cares about.
01
Frameworks we map
Readiness templates for SOC 2, ISO 27001, NIST 800-53, and CMMC — the four most-cited frameworks for security teams handling pen-test reports, incident artifacts, and forensic packages. Each template ships a control catalog your team populates with evidence from real engagements; the certification work and any attestation stays in your name.
02
Controls we ship
Threat detection with seven rules, per-IP allow / block lists, modify-after-send revoke, recipient identity binding, and hash-chained audit log.
03
Artifacts we generate
Signed deletion receipts for after-action reports. Tamper-evident per-drop audit timelines that drop into IR packets without manual reconstruction.
Ready to see it?
20 free links a month, no credit card. When you need single sign-on, compliance templates, or signed deletion receipts your auditor can verify — we'll talk.