Use Case
Secure Document Sharing
Store personal KYC documents once. Share with banks, lawyers, PSPs, and compliance vendors through expiring links, without sending passport copies over WhatsApp again.
How It Works
Four Steps to Controlled Sharing
From upload to vendor access, every step keeps plaintext on your side of the browser.
Upload Once
Add ID, proof of address, and source-of-wealth documents. They are encrypted in your browser before upload. We only store ciphertext.
Delegate to Your Team
Add ops or legal teammates as delegates. They create share requests and manage workflows, but never see your documents, keys, or vendor secrets.
You Approve
When a delegate prepares a share request, you approve it. This generates a one-time vendor secret emailed directly to the vendor. Your team never sees it.
Vendor Access
Vendors verify email via OTP, enter the secret, and view documents. Every view and download is watermarked with a unique reference ID and logged in your audit trail.
Team Delegation
Your team runs the workflow while you keep sole control of the keys
Useful when ops or legal handle document requests on your behalf, without widening who can read them.
Delegates can
- Create share requests for specific vendors
- Select which documents to include
- Set expiry and purpose notes
- Revoke links on your behalf
Delegates cannot
- Decrypt or view document contents
- See vendor secrets or encryption keys
- Approve shares without your action
- Generate cryptographic material
You always
- Approve every share before it goes out
- Hold the vault password and KEK
- See the full audit trail
- Revoke access instantly
Built In
Watermarking and Audit on Every Access
Every document that leaves the vault carries a watermark and an audit entry, applied automatically on every access.
Watermarking
Each view and download gets visible and invisible watermarks stamped with vendor label, timestamp, and a unique reference ID. Images and PDFs are both covered. Verify any watermark at /verify.
Audit Trail
Every OTP sent, view, download, revocation, and access denial is logged with timestamps and pseudonymized vendor identity. You know who accessed what and when.
Positioning
Where This Fits
1Bridge handles the ad-hoc requests that do not justify a full compliance platform.
vs Google Drive / Dropbox: No client-side encryption, no per-vendor watermarking, no three-factor access, no purpose-bound expiring links.
vs WeTransfer: One-time transfers with no vault, no delegation, no audit trail, no revocation after send.
vs Persona / Onfido: Enterprise KYC platforms own the full compliance workflow. 1Bridge complements them for the dozens of informal requests that still arrive over email and WhatsApp.
Ready to stop resending your passport?
Join the waitlist for client-side encrypted sharing with full vendor accountability.