Stop emailing
Start requesting them safely.
Magic-link client intake for therapists, counsellors and allied-health practitioners. Clients upload intake forms, consent, insurance and prior records through one secure link - encrypted, virus-scanned, and audit-logged. Built with HIPAA expectations in mind.
14-day free trial · No charge until day 15 · Cancel anytime
Built for therapists · counsellors · psychologists · physiotherapists · dietitians
I'm a…
“New clients email me their intake form and a photo of their insurance card - I cringe every time.”
- One secure link replaces the email attachment for intake forms, consent, and prior records.
- Files are encrypted at rest and audit-logged; end-to-end encryption is available on Business+ for the most sensitive records.
- Reusable intake template so every new client starts the same checklist in under a minute.
- No client account or app - just a link they click once.
Three steps. No software for your client.
Create a request
List the files you need. Pick from a starter template (mortgage, refinance, tax return, KYC) or build your own checklist.
Your client gets a magic link
One email, one click, no account. They see a tidy checklist on a page branded as your firm, not ours.
Files land in your dashboard
Each one is scanned for viruses, encrypted at rest, and added to the audit log so you know who sent what when.
Email wasn't built for client documents.
You already know the alternatives have problems. Here's how this stacks up against what you're probably doing today.
| Capability | Dropbox / WeTransfer | ReceiveVault | |
|---|---|---|---|
| Client needs an account | No | Often yes | No |
| Virus-scanned on arrival | No | No | Yes (ClamAV) |
| Audit log of who-sent-what-when | No | Limited | Every action |
| Branded as your firm | No | No | Yes |
| Files encrypted at rest | Provider-dependent | Yes | Yes |
| Optional end-to-end encryption | No | No | Yes (Business+) |
| Send files securely outbound | Attachment-only | Yes (separate flow) | Yes (same portal) |
| Canadian-hosted | Usually no | No | Yes, in Canada - outside US CLOUD Act jurisdiction |
The boring parts, done properly.
Virus scanning
Every upload goes through ClamAV before it lands in your dashboard. Infected files are quarantined and you get an alert.
Encryption at rest
Files live in S3-compatible object storage with server-side encryption. Optional client-side end-to-end encryption on Business+.
Full audit log
Every action gets a timestamped record with the actor: request created, link sent, file uploaded, file downloaded. Exportable.
No-account uploads
Your contact clicks a magic link and uploads. No password, no sign-up, no support email asking how to use Dropbox.
Canadian-hosted
Servers in Canada, TLS everywhere, secrets managed in environment variables, and no third-party trackers on customer-facing pages.
MFA on every account
TOTP, hardware passkeys (YubiKey / iCloud / Windows Hello), and recovery codes. Sudo gate on destructive actions.
Common questions
Does this support my HIPAA obligations?+
It is built with HIPAA expectations in mind: minimum-necessary collection, encryption in transit and at rest, optional end-to-end encryption, audit logging, and configurable expiry. The technical controls are here, but compliance ultimately remains your responsibility.
Where are the files stored?+
On a Canadian VPS using S3-compatible object storage with server-side encryption. Files are never copied to third-party clouds, and they sit outside US CLOUD Act jurisdiction.
What happens to files after the request expires?+
Each request has a configurable expiry (default 30 days). After that, the magic link stops working. Files remain in your dashboard until you delete them or your retention policy removes them.
Is this HIPAA / GLBA / CCPA compliant?+
The product is built with privacy-by-design expectations in mind: minimum-necessary collection, audit logging, encryption, expiry. We are not HIPAA-certified and do not sign BAAs at this tier; for HIPAA-adjacent workflows we provide the technical building blocks (encryption, access logs, MFA) but compliance certification is your responsibility. GLBA and CCPA obligations are similarly supported but ultimately yours to attest.
Can I cancel during the trial?+
Yes. The 14-day trial is free and we don’t charge your card until day 15. Cancel any time from the billing page in your dashboard.
Can my clients reply to the magic-link email?+
Yes. Invite emails go out with your email address as the reply-to, so your client can ask a question and it lands in your inbox like a normal reply.
Try it on your next intake.
14 days free, every feature included. Cancel before day 15 and your card is never charged.