👥 HR
Secure file sharing for human resources
Send payslips, employment contracts and employee data through an encrypted link that expires. No plain-text attachments, no documents lingering in a mailbox.
What HR handles daily, and why email falls short
An HR department processes a company's most sensitive data. Payslips, contracts, amendments, certificates, bank details, social security numbers, family situations, sick leave. Each of these documents identifies a person and exposes their pay, health or private life. An email attachment travels in plain text, passes through several servers and sits for years in both the sender's and the recipient's mailbox. France's data protection authority is blunt about it: standard email is not a safe way to transmit personal data, and sending files in plain text is a practice to avoid. One wrong recipient, one weak password, one compromised mailbox, and an employee's payslip ends up in the wrong hands. Pli Scellé replaces that attachment with an encrypted link. The file never exists in plain text, it self-destructs on the date you set, and no one but the recipient can open it.
Three concrete HR use cases
Sending a payslip. You upload the PDF, generate a password-protected link, and the employee retrieves and downloads it. The link expires, the file is purged. No copy stays buried in a thread.
Sending a contract or amendment to sign. The document goes out encrypted to the new hire or the employee concerned, with a lifespan limited to the signing window. Once viewed, nothing lingers.
Handling onboarding. A new joiner needs to send you an ID card, bank details, proof of address, diplomas. You open a receive link: they drop their documents straight into an encrypted channel, with no account to create and no need to email anything back. You collect everything in one place, end-to-end encrypted.
What Pli Scellé guarantees for your HR data
End-to-end AES-256-GCM encryption in a zero-knowledge architecture. The key stays in your browser and is never sent to us: technically, we cannot read your files, even if asked to. Hosting in France by SHPV France SAS, beyond the reach of the US Cloud Act. Your payslips never leave the country. Configurable expiry from 1 hour to 30 days, followed by automatic purge. This maps directly onto the GDPR minimisation principle: a document is not kept longer than necessary. Password protection and limited-use links to lock down access. ClamAV antivirus scanning on received files. No tracking, no data resale, no advertising cookies. And on the professional tiers, audit logs that record who accessed what and when, exactly the access traceability GDPR Article 32 expects from an employer.
Your obligations as an employer, our role as a tool
French labour law requires you to keep a copy of payslips for five years (Article L3243-4). GDPR asks the opposite for transmission: do not leave personal data lying around longer than its purpose requires. Pli Scellé does not replace your HR vault or your payroll software, which remain your retention tools. Pli Scellé secures the moment the document moves, from you to the employee or from the employee to you. That link in the chain, transmission, is precisely what GDPR Article 32 requires you to protect with appropriate technical measures such as encryption and access control. The authority reminds organisations that the absence of these measures is a breach in itself, regardless of any actual leak.
Frequently asked questions
- Can I really send a payslip by regular email?
- It is legally risky. The French data protection authority considers standard email an unsafe channel for personal data and lists plain-text file sending among practices to avoid. A payslip contains pay, social security number and family situation: in case of interception or a wrong recipient, your liability as an employer is engaged under GDPR Article 32. An encrypted link that expires removes that risk.
- How long does the link stay active?
- You choose, from 1 hour to 30 days. For a payslip or contract, a short window of a few days is enough. On expiry, the file is automatically purged from our servers. Nothing survives beyond the duration you set.
- Does the employee need an account to retrieve their document?
- No. The recipient clicks the link and downloads the file, with no sign-up. For onboarding, the receive link works the other way: the new joiner drops their documents straight into an encrypted channel, again with no account to create.
- Is it GDPR-compliant?
- Pli Scellé provides the technical measures GDPR Article 32 expects for transmitting personal data: end-to-end encryption, access control, and access logging on professional tiers. Hosting in France beyond the Cloud Act and automatic purge serve the minimisation principle. The overall compliance of your HR processing remains yours as the data controller; we secure the transmission link in the chain.
- How much does it cost for an HR team?
- The Free plan lets you try encrypted sending. Découverte is 185 €, Essentiel 560 € and Pro 1,400 €, the latter two adding the audit logs useful for tracing access. For a large HR department or a group, the Entreprise plan is built to measure.