Secure file sharing, under IT governance

A salesperson needs to send an 800 MB contract to a client this afternoon. Your email caps at 25 MB, the internal tool requires six clicks and a VPN. They open WeTransfer from their personal account. The file leaves your infrastructure, passes through a consumer service, and you have no record of who sent it, to whom, or what happens to it next.

This plays out every day in every organization. Employees don't bypass your rules out of malice: they bypass friction. When the official tool is slower and more complicated than personal Dropbox or personal Google Drive, they take the shortcut. This is exactly what post-incident investigations document: shadow IT regularly appears as an entry point or aggravating factor in data breaches.

The cost is not hypothetical. The IBM Cost of a Data Breach 2025 report puts the average breach at 4.88 million dollars. An HR file, a strategic plan or a client list dropped onto a consumer service with no control is a potential leak outside any GDPR framework: no logging, no expiry, no possible revocation.

Banning WeTransfer doesn't work. If you cut the convenient tool without replacing it with something just as fast, your teams find another workaround. The only strategy that holds: provide an official tool simpler than shadow IT, and enforceable at the technical level.

Pli Scellé is built for that. Sharing is a drag-and-drop: a secure link is generated, the sender shares it, done. No account for the recipient to create, no configuration. On the IT side, every share is encrypted with AES-256-GCM under a zero-knowledge architecture: the key stays in the sender's browser, the server never sees the content in clear. Even we cannot read the files.

Every link expires automatically, from 1 hour to 30 days according to your policy, then the data is permanently purged. No more files forgotten on a third-party server for years. Unencrypted files go through ClamAV antivirus scanning before being made available. And receive links let an external party securely drop a file to you, with no account needed, where today you probably ask them to use their own unmanaged solution.

A secure tool that doesn't integrate with your stack is just one more silo to manage. Pli Scellé plugs into your existing IAM.

SSO/SAML is available from the Essential plan: Azure AD, Okta, Google Workspace. Your people authenticate with their corporate credentials, your password and MFA policies apply, and an offboarding revokes access immediately through your directory. SCIM 2.0 provisioning (from the Pro plan) automates account creation and deactivation: an employee leaving the organization loses access with no manual step.

For network access control, the IP allowlist and geographic restrictions (Pro plan) limit usage to your corporate address ranges or authorized countries. Strong authentication relies on 2FA and passkeys.

For audit and compliance, every action generates a log: who shared what, when, to whom, who viewed it. Retention is 30 days on Essential and 90 days on Pro, with export from the Pro plan. These logs map directly to the access-logging requirement of GDPR Article 32, which mandates technical measures to ensure confidentiality and integrity of data. The REST API and webhooks let you connect Pli Scellé to your SIEM, your internal workflows or your detection tooling. And we run no behavioral tracking on the platform.

Server location alone no longer protects your data. The US Cloud Act allows federal authorities to compel any US-based provider to hand over data, regardless of where the servers sit. In practice, files stored with AWS, Azure or Google Cloud in a Paris datacenter remain legally accessible from Washington.

Pli Scellé is published and hosted in France by SHPV FRANCE SAS, a French-law company. Your data does not fall under the Cloud Act. For a CISO handling sensitive data, health data or data subject to sector obligations, this legal distinction is structural: sovereign hosting is now required for the State’s sensitive-data processing, and the same logic applies to any organization that wants to control its chain of responsibility.

Combined with zero-knowledge encryption, you get a two-layer guarantee: even under legal compulsion, the host only holds unreadable encrypted data, and the host is not subject to extraterritorial jurisdiction in the first place.