Send confidential documents without a login portal
Login portals are great for repeat users โ and a barrier for everyone else. Make an external recipient create an account just to read one document, and many simply won't. doclinc delivers confidential documents through an encrypted link with recipient authentication โ and no account to create.
Send straight from Outlook. The recipient verifies their identity with a one-time SMS code (or voice call, or a secret question) and opens the document โ re-authenticating on every access. You keep a full audit trail, hosted in Canada and built for Law 25.
Why login portals fail for external recipients
- Account creation is friction. A one-off recipient won't sign up to read a single document.
- Password resets pile up โ and land on your support team.
- Low adoption delays everything. If the recipient never logs in, the document isn't delivered.
- Portals are built for repeat users, not the occasional external party.
- More accounts, more risk โ every credential is one more thing to secure.
A link plus authentication โ no account
- Send from Outlook. The document goes out as an encrypted link, in your normal workflow.
- The recipient authenticates. SMS code, voice call or a secret question โ nothing to install or sign up for.
- Authentication on every access. Each time the document is opened, the recipient re-verifies.
- Full audit trail. Who opened the document and when.
- Hosted in Canada. AWS ca-central-1, built for Law 25, PIPEDA and GDPR.
Account portal vs plain email vs doclinc
| Account portal | Plain email | doclinc | |
|---|---|---|---|
| Works for one-off recipients | Poor (sign-up) | Good | Good โ no account |
| Recipient authentication | Account login | None | SMS, voice or secret question |
| Re-authentication on each access | Yes | No | Yes |
| Proof of access / audit | Yes | None | Full audit trail |
| Data residency | Varies | Varies | Canada (AWS ca-central-1) |
A practical comparison of common delivery methods for external recipients.
What Law 25 expects of the channel
Quebec's Law 25 asks organizations to protect personal information with security measures proportionate to its sensitivity, to limit access to authorized persons, and to be able to account for how it's handled. An encrypted link with recipient authentication and an audit trail addresses all three โ without forcing recipients into an account.
Frequently asked questions
Do recipients really not need an account?
Correct. The recipient verifies their identity with a one-time SMS code, a voice call or a secret question, then opens the document โ nothing to install, no sign-up.
Is a link secure enough for confidential documents?
The link is encrypted and, on its own, opens nothing โ the recipient must pass authentication first, and re-authenticate on each access. Every access is logged.
What stops the wrong person from opening it?
Authentication is tied to the intended recipient (for example, a code sent to their phone). Without it, a forwarded link can't be opened.
Where is the data hosted?
In Canada, on AWS infrastructure (ca-central-1), within Canadian data residency.
Drop the portal โ keep the security
Encrypted, authenticated, hosted in Canada โ right from Outlook.
