Stop emailing
Start requesting them safely.
Magic-link document collection for landlords and property managers. Applicants upload their rental application, pay stubs, ID and references through one secure link - virus-scanned, encrypted, and audit-logged. No account, no email attachments.
14-day free trial · No charge until day 15 · Cancel anytime
Built for landlords · property managers · leasing agents · rental agencies
I'm a…
“An applicant just emailed me their SIN, two pay stubs, and a photo of their driver's license - straight to my personal inbox.”
- Send one magic link, collect the whole rental application package - ID, pay stubs, references - in a single intake. No app or account for the applicant.
- Every file virus-scanned and encrypted at rest, with an audit log of exactly who sent what and when.
- Reusable application template so every unit starts the same intake in under a minute.
- Send the lease and move-in package back through the same secure link when they're approved.
Three steps. No software for your client.
Create a request
List the files you need. Pick from a starter template (mortgage, refinance, tax return, KYC) or build your own checklist.
Your client gets a magic link
One email, one click, no account. They see a tidy checklist on a page branded as your firm, not ours.
Files land in your dashboard
Each one is scanned for viruses, encrypted at rest, and added to the audit log so you know who sent what when.
Email wasn't built for client documents.
You already know the alternatives have problems. Here's how this stacks up against what you're probably doing today.
| Capability | Dropbox / WeTransfer | ReceiveVault | |
|---|---|---|---|
| Client needs an account | No | Often yes | No |
| Virus-scanned on arrival | No | No | Yes (ClamAV) |
| Audit log of who-sent-what-when | No | Limited | Every action |
| Branded as your firm | No | No | Yes |
| Files encrypted at rest | Provider-dependent | Yes | Yes |
| Optional end-to-end encryption | No | No | Yes (Business+) |
| Send files securely outbound | Attachment-only | Yes (separate flow) | Yes (same portal) |
| Canadian-hosted | Usually no | No | Yes, in Canada - outside US CLOUD Act jurisdiction |
The boring parts, done properly.
Virus scanning
Every upload goes through ClamAV before it lands in your dashboard. Infected files are quarantined and you get an alert.
Encryption at rest
Files live in S3-compatible object storage with server-side encryption. Optional client-side end-to-end encryption on Business+.
Full audit log
Every action gets a timestamped record with the actor: request created, link sent, file uploaded, file downloaded. Exportable.
No-account uploads
Your contact clicks a magic link and uploads. No password, no sign-up, no support email asking how to use Dropbox.
Canadian-hosted
Servers in Canada, TLS everywhere, secrets managed in environment variables, and no third-party trackers on customer-facing pages.
MFA on every account
TOTP, hardware passkeys (YubiKey / iCloud / Windows Hello), and recovery codes. Sudo gate on destructive actions.
Common questions
Is this a safe way to collect a rental application?+
Yes. Applicants upload through a single-use link instead of email, files are virus-scanned and encrypted at rest, and every action is audit-logged. Collecting only what you need, with encryption and a clear retention window, supports your privacy obligations - though compliance ultimately remains your responsibility.
Where are the files stored?+
On a Canadian VPS using S3-compatible object storage with server-side encryption. Files are never copied to third-party clouds, and they sit outside US CLOUD Act jurisdiction.
What happens to files after the request expires?+
Each request has a configurable expiry (default 30 days). After that, the magic link stops working. Files remain in your dashboard until you delete them or your retention policy removes them.
Is this HIPAA / GLBA / CCPA compliant?+
The product is built with privacy-by-design expectations in mind: minimum-necessary collection, audit logging, encryption, expiry. We are not HIPAA-certified and do not sign BAAs at this tier; for HIPAA-adjacent workflows we provide the technical building blocks (encryption, access logs, MFA) but compliance certification is your responsibility. GLBA and CCPA obligations are similarly supported but ultimately yours to attest.
Can I cancel during the trial?+
Yes. The 14-day trial is free and we don’t charge your card until day 15. Cancel any time from the billing page in your dashboard.
Can my clients reply to the magic-link email?+
Yes. Invite emails go out with your email address as the reply-to, so your client can ask a question and it lands in your inbox like a normal reply.
Try it on your next intake.
14 days free, every feature included. Cancel before day 15 and your card is never charged.