SendSafely FAQ

Yes. SendSafely offers native integrations for both Microsoft Outlook and Gmail, allowing users to securely send encrypted files and messages directly from their inboxes. These integrations provide a seamless way to apply end-to-end encryption to sensitive content without changing existing email workflows.

Yes. SendSafely provides a robust REST API and client libraries that allow developers to integrate secure file transfer and encrypted messaging into their own applications and workflows. Whether you're building internal tools, support automation, or customer-facing portals, the SendSafely API offers the flexibility and security needed for enterprise-grade solutions. Pre-built SDKs and Code Samples in Python, Java, .NET and Node.js jump-start integration with examples for secure file uploads, downloads, and recipient management.

Yes. SendSafely provides powerful tools that let you embed secure file transfer functionality directly into your website or customer-facing portal, without compromising on security or user experience. The below options are ideal for organizations that need to collect documents, support files, or sensitive information from external users securely.

1. Dropzone Embed Widget

• What It Is: A prebuilt, customizable HTML secure upload widget you can embed on any webpage.

• Use Case: Collect files from external users (e.g., customers, clients, applicants) without requiring them to create an account. Files are encrypted in the browser before upload, and access is restricted to your team.

2. Custom Portal Integration (via API)

• What It Is: Full control over the user experience using SendSafely’s REST API and SDKs.

• Use Case: Seamlessly embed SendSafely into an existing web app or client dashboard. Automate workflows (e.g., ticket creation, file intake, document delivery) while preserving full end-to-end encryption.

SendSafely integrates seamlessly with leading enterprise platforms—including Salesforce, Freshdesk, Zendesk, and Intercom—to enable secure, end-to-end encrypted file sharing within your existing workflows. These integrations allow teams to exchange sensitive files with customers without ever leaving the tools they already rely on. For customers, the experience is seamless and fully branded, ensuring trust and ease of use.

With SendSafely, sensitive data such as PHI, PII, and confidential attachments are encrypted end-to-end and remain completely outside the infrastructure of platforms like Zendesk. Advanced security features—including automated file expiration, granular access controls, and detailed audit logging—help organizations meet stringent compliance requirements under HIPAA, GDPR, CCPA, and more.

Yes. SendSafely can be securely integrated into automated workflows powered by AI agents, allowing bots to handle sensitive file or data requests, such as IDs or PII — all while preserving end-to-end encryption and data privacy. Whether you're automating ticket triage, onboarding, compliance collection, or customer service, SendSafely ensures that sensitive files never touch untrusted infrastructure or AI memory.

SendSafely enables secure, end-to-end encrypted data exchange within AI-powered chatbot workflows. Whether you're building with Intercom, Salesforce, Freshdesk, Zendesk, or another solution, our tools ensure that no sensitive data is ever exposed to your chatbot vendor—or to us.

We offer multiple flexible options for AI integrations:

• Native Intercom Fin and Zendesk Messenger Integrations: Seamlessly collect sensitive documents (e.g. IDs, financial forms) within the chat interface. All data remains end-to-end encrypted—SendSafely never sees it.
• Universal Chatbot Connector: Our connector can be hosted in your AWS environment and integrated with any chatbot platform that supports API calls, including Ada, Amazon Connect, and other AI assistants. Perfect for KYC and onboarding workflows.
• SendSafely Actions: Automate downstream tasks performed on collected files like ID verification, OCR, and archival workflows—all triggered by file uploads.
• Robust REST API: Build secure, programmatic flows to create packages, retrieve submissions, or trigger events from any chatbot or AI interface.

Yes. SendSafely supports workflow automation through a powerful feature called SendSafely Actions. SendSafely Actions are configurable, low-code workflows that execute automated actions in response to specific events within your SendSafely environment. These are especially useful for managing high-volume or repetitive file exchange tasks with minimal manual intervention. The possibilities for automation and integration are endless, but a few popular use cases are listed below:

• Anti-Virus Scanning - Scan all inbound files with your organization's AV solution and delete quarantined files if a threat is found.
• Data Loss Prevention - Scan all outbound files with your organization's DLP solution so that files containing restricted content can be blocked from access.
• Document Archival - Archive a copy of every file sent through your SendSafely portal for compliance purposes.
• ID Scanning and File Renaming - Scan uploaded identification documents and rename each file with a self describing name and/or unique Identifier.
• Document Analysis - Analyze the content of documentation uploaded to a SendSafely Dropzone and route a copy to the appropriate SendSafely Workspace.

Action’s point and click interface is designed for non-technical admins, built directly into the platform’s admin console. With SendSafely Actions, you can streamline secure workflows, reduce manual overhead, and respond to file events instantly—all without compromising privacy or control.

SendSafely is widely used across regulated industries like legal, financial services, and healthcare to securely transmit sensitive data while maintaining strict compliance with data protection regulations such as HIPAA, GDPR, CCPA, and PCI DSS. Its end-to-end encryption, zero-knowledge architecture, and flexible integration options make it ideal for workflows that demand security, privacy, and auditability.

Legal Industry Use Cases

• Client Document Intake: Securely receive contracts, identity documents, and case files without exposing data to email or cloud storage risks.

• Discovery and Litigation File Exchange: Share large volumes of sensitive files between legal teams, opposing counsel, or courts with full encryption and access control.

• Privileged Communication: Protect attorney-client communications from unauthorized access or interception, even by third-party platforms.

Financial Services Use Cases

• KYC / AML Document Collection: Collect sensitive personal and financial documents from clients securely—e.g., IDs, utility bills, income verification.

• Tax & Financial Reporting: Safely distribute tax documents, investment reports, and audit packages while ensuring regulatory compliance (e.g., SEC, FINRA).

• Loan or Investment Applications: Automate secure collection of application packages from external clients or internal advisors using embedded dropzones or APIs.

Healthcare Use Cases

• HIPAA-Compliant File Transfer: Exchange patient records (PHI), lab results, or insurance documents without risking protected health information exposure.

• Medical Intake and Referrals: Enable patients and referring providers to submit forms and files securely, without requiring accounts or custom portals.

• Telehealth and Specialist Coordination: Send diagnostic files, test results, or care plans between healthcare providers with full encryption and auditability.

SendSafely provides comprehensive audit logs and reporting tools that give administrators full visibility into file transfers, user activity, and security events across the organization. These logs are essential for ensuring compliance with regulations like HIPAA, GDPR, and CCPA, and for maintaining operational transparency and accountability.

Yes. SendSafely is designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA) and is widely used by healthcare providers, insurers, and health-tech companies to securely exchange protected health information (PHI). SendSafely offers Business Associate Agreements for Covered Entities and Business Associates on the SendSafely Business and Enterprise plans.

Yes. SendSafely is designed to help organizations meet the requirements of both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Its core architecture—built around end-to-end encryption and zero-knowledge data handling—aligns naturally with the privacy and security principles outlined in these regulations.

SendSafely uses a client-side key generation and splitting model that provides strong end-to-end encryption without requiring users to manage keys directly.

• Client Secret: A 256-bit random value generated locally in the sender’s browser. This value is embedded in the URL fragment of the secure link the sender shares with the recipient.
• Server Secret: A 256-bit random value generated and stored by SendSafely’s server. It is only delivered to the recipient after successful identity verification.
• Combined Key Derivation: The final 256-bit AES encryption key is derived using the OpenPGP Iterated and Salted String-to-Key (S2K) method by combining the Client Secret and Server Secret. This happens entirely in the recipient’s browser.

Result: Neither SendSafely nor its infrastructure has access to the full decryption key.

How Recipients Get the Key

Senders share the SendSafely secure link with their recipients using a third party mechanism such as slack, email, support ticket etc. When a recipient opens the secure link:

• Their browser retrieves the Server Secret from SendSafely.
• It then combines it with the Client Secret embedded in the secure link URL fragment.
• The file is decrypted locally in the recipient’s browser, maintaining end-to-end encryption.

Key Management Benefits

• Zero-Knowledge Security: SendSafely cannot decrypt or access the content of any message or file—even with full backend access.

• No User Burden: Users never have to manually manage or store keys—everything is handled transparently and securely in the browser.

• No Need for PKI or External Key Servers: Unlike traditional systems that rely on public key infrastructure (PKI), SendSafely eliminates complexity by managing encryption within its client-server key split model.

Feature	SendSafely Approach
Key Generation	Client-side (in browser)
Key Storage	No full key stored anywhere
Key Delivery	Split across Client and Server
Decryption	Happens in recipient’s browser
Manual Key Management	❌ Not required

SendSafely’s infrastructure is hosted on Amazon Web Services (AWS)

Default Hosting Location

United States with a backup in the European Union. By default, SendSafely operates its services and data storage in the U.S. East (Northern Virginia) AWS region with a back up in EU West (Dublin) AWS region. This location applies to standard customers unless otherwise specified.

Optional Regional Hosting (Business and Enterprise Plans)

For Business and Enterprise customers with specific data residency or regulatory needs, SendSafely offers dedicated regional hosting options, including:

• United States (US) – AWS regions in Virginia and Oregon

• European Union (EU) – AWS regions in Ireland or Frankfurt
  Supports GDPR-aligned data residency requirements.

• Australia – AWS Sydney region
  Common for organizations operating under the Australian Privacy Act.

• Custom AWS Region S3 Hosting
  Business and Enterprise customers may also configure SendSafely to use their own AWS S3 buckets for encrypted file storage in a region of their choosing.

Yes. SendSafely gives you full control over file access by allowing you to set expiration dates and revoke access to sent items at any time. These features minimize the risk of unauthorized access. In addition, you can further control file access with the following advanced security features:

• Access Limits: Limit the number of times recipients can view or download files.
• View-Only Mode: Restrict downloads and allow in-browser preview only.
• Watermarking: Overlay recipient email on sensitive PDF and Images, adding an additional layer of security and traceability.

Yes, SendSafely offers a two-week Pro trial for individuals. During this trial period, users can access:

• Up to 2GB of file size per transfer
• Up to 5 recipients per package
• 30-day link expiration
• 25 packages per month
• 100 downloads per package

Organizations interested in SendSafely's business features—such as custom branding, Single Sign-On (SSO), API access, and advanced administrative controls—can request a free trial of the Enterprise plan. To initiate this, contact the SendSafely sales team at sales@sendsafely.com or visit sendsafely.com to request a demo.

SendSafely offers flexible plans designed to meet the needs of individual users, growing teams, and security-conscious enterprises. Each plan includes feature sets tailored to different user types and organizational requirements.

Individual Plans

Free Plan

• Best for: Occasional users or personal use
• Includes:
  • 50MB transfer bandwidth/month
  • 1 file and 1 recipient per transfer
  • 10 downloads per file
• Cost: Free forever

Basic Plan

• Best for: Sole practitioners and professionals
• Includes:
  • 250MB transfer bandwidth/month
  • 99 files and 10 recipients per transfer
  • 25 downloads per file
  • Access to advanced features such as Personal Upload URL and Outlook Plug-in
• Cost: Paid monthly (visit pricing page for details)

Pro Plan (Free Trial Available)

• Best for: Sole practitioners and professionals needing higher limits
• Includes:
  • Up to 100GB file size per transfer
  • 100 recipients per package
  • 100 downloads per file
• Cost: Paid monthly (visit pricing page for details)

Team & Business Plans

Team Plan

• Best for: Small teams or departments
• Includes:
  • Custom Branding
  • Admin dashboard and user management
  • Secure Dropzones for file intake
  • Shared workspaces for collaboration
  • Basic integrations (Outlook, Gmail)

Business Plan

• Best for: Medium-to-large organizations with more complex workflows
• Includes all Team features, plus:
  • Increased platform bandwidth
  • API access
  • Advanced Admin reporting
  • Geographic data storage options
  • Ticketing Platform Integrations

Enterprise Plan

• Best for: Regulated industries or organizations with custom security/compliance needs
• Includes all Business features, plus:
  • Flexible enterprise licensing
  • Maximum platform bandwidth
  • SendSafely Actions for workflow automation
  • Advanced audit logging and security features
  • Dedicated onboarding and enterprise support

SendSafely’s pricing is primarily based on a per-user subscription model, not per transfer. This means you are billed based on the number of active users in your organization rather than the number of file transfers you send. API pricing is available for automation use cases. Please contact sales@sendsafely.com for more details.