Secure file sharing for finance and accounting

An unpublished financial statement, an audit report, a tax return, a bank repayment schedule: each of these documents holds value precisely because it stays confidential. An email attachment travels in clear text across servers you do not control, stays indexed for years, and gets duplicated with every forward. For sensitive financial data, that is a leak waiting to happen.

The GDPR leaves no room here. Its article 32 requires the controller and the processor to apply technical and organisational measures matched to the risk, and it names encryption as one such measure. When an accounting firm handles payroll data, bank details and revenue figures for its clients, the risk level is high: encryption stops being a convenience and becomes a direct answer to a legal obligation.

Trade secret law adds another layer. Under the French law of 30 July 2018 (article L151-1 of the Commercial Code), protection covers any information that is not generally known, holds commercial value because of its secrecy, and is subject to reasonable protective measures. A business plan, a valuation study, a price list: legal protection only applies if you can show you put those reasonable measures in place. Sending the document encrypted, with traceability and expiry, is part of that proof.

In due diligence, a data room opens access to dozens of sensitive documents for potential buyers, their lawyers and their bankers. Rather than dumping everything into a shared space that stays live for months after signing, you send each set of files as an encrypted link with an expiry date set to the end of the audit phase. The document disappears when the engagement ends, with no follow-up and no manual cleanup.

For a statutory auditor or an internal audit team, the back-and-forth of supporting documents with the audited company usually goes through email, so in clear text. A secure receive link reverses the flow: the audited party drops its documents straight into an encrypted space, without you having to open an account for them. You collect the evidence without exposing it in transit.

Between an accountant and a client, the pace is daily: payslips, VAT returns, bank statements, supplier invoices. These records fall under the ten-year retention obligation set by article L123-22 of the French Commercial Code. Sending them over an encrypted, password-protected and logged channel secures the exchange without weighing down the routine. The recipient opens the link, retrieves the file, and the server-side copy is wiped at expiry.

Encryption is end-to-end in AES-256-GCM, in zero-knowledge mode. The key stays in your browser and never passes through our servers: technically, we cannot read what you send, and neither can anyone else. A financial statement you upload stays unreadable to anyone without the full link.

Hosting is provided in France by SHPV FRANCE SAS, an infrastructure operator established on French soil. Your financial data sits outside the reach of the US Cloud Act and the legal extraterritoriality of providers based outside the European Union. For bank data or a valuation file, knowing where the file physically resides and which law applies to it is part of the decision.

Every share carries a lifespan, from one hour to thirty days. At expiry, the file is purged: no leftover copy, no phantom backup that resurfaces during an audit or an incident. Unencrypted files go through a ClamAV antivirus scan before they become available. Password protection adds a barrier beyond the link itself. Professional plans log accesses, which gives substance to the traceability expected by both the GDPR and trade secret law. And we set no trackers: no marketing pixel, no resale of behavioural data on documents that cannot tolerate it.

Pli Scellé comes in five plans: a Free plan for occasional needs, Découverte at €185, Essentiel at €560, Pro at €1,400 with audit logs and advanced features, and Entreprise tailored for high-volume firms and finance departments.