Every day, people email copies of their passport, medical test results, signed contracts, and tax documents to accountants, lawyers, landlords, and employers — often with no more thought than they would give to forwarding a lunch recommendation. Most of the time nothing goes wrong. But "most of the time" is not good enough for documents that could enable identity theft, financial fraud, or medical harm if they reach the wrong hands. This guide explains why email is not secure for sensitive documents, which documents qualify as sensitive, and which methods to use instead.
Why Email Is Not Secure for Sensitive Documents
The assumption that email is private is wrong, and it is worth understanding why specifically:
- Not end-to-end encrypted by default: Most email providers use TLS to encrypt email in transit, but email is typically decrypted and re-encrypted at each mail server along the route. The provider can read your email. If either end uses a mail server without TLS, it may be transmitted in plaintext.
- Stored unencrypted on servers: Email attachments sit in your inbox and the recipient's inbox indefinitely, on servers the email providers control. A breach of those servers — or a subpoena — can expose your attachments.
- Visible to administrators: In any organisation, IT administrators typically have access to employee email, including attachments.
- One typo away from catastrophe: Email auto-complete is responsible for a significant proportion of data breaches. A passport sent to the wrong person is a serious problem.
- Phishing risk: Phishing emails that mimic legitimate senders can trick recipients into sending documents to fraudsters.
What Counts as "Sensitive"?
Not every document needs the same level of protection. These categories warrant secure sending methods:
- Identity documents — passport, driver's licence, Social Security card, birth certificate
- Medical records and test results
- Tax returns, W-2 or P60 forms, financial statements
- Contracts with salary figures, financial terms, or confidential business information
- Bank or investment statements
- Legal documents — wills, power of attorney, court orders
- HR records — performance reviews, disciplinary records, payslips
Methods Ranked: Most to Least Secure
1. PrimeDocu Secure Link (Best for Individuals)
PrimeDocu allows you to share a document via a secure, encrypted link. The document is stored in PrimeDocu's AES-256-GCM encrypted vault — only the link recipient can access the document, and you can revoke access at any time. Because the vault uses zero-knowledge encryption, the document never travels unencrypted through email servers in the traditional sense. This is the most practical secure sharing method for individuals sharing with landlords, employers, accountants, and solicitors who do not use a shared platform.
Best for: sharing ID documents, contracts for review, tax documents with advisors.
2. ProtonMail (Best for Email-to-Email)
ProtonMail is an end-to-end encrypted email service based in Switzerland. When both parties use ProtonMail, the email and its attachments are end-to-end encrypted — ProtonMail cannot read them, and neither can any server the email passes through. When sending to a non-ProtonMail address, you can set a password that the recipient must enter to decrypt the message.
Best for: ongoing secure communication where both parties can be asked to use ProtonMail, or one-off encrypted messages to non-ProtonMail users with a shared password.
3. Signal (Best for Person-to-Person)
Signal is an end-to-end encrypted messaging app that supports file attachments up to approximately 100 MB. Attachments sent via Signal are end-to-end encrypted and cannot be read by Signal, government agencies without the user's cooperation, or anyone else on the network. Signal also has a disappearing messages feature, which can be set to automatically delete sensitive messages after a defined period.
Best for: sharing documents with individuals who already use Signal (it is not appropriate for organisations).
4. Password-Protected PDF (Minimal Protection — Better than Nothing)
Creating a password-protected PDF adds a layer of protection that prevents casual access. You create the PDF, set an encryption password, and send the PDF via email — then share the password via a separate channel (SMS or phone call, never in the same email). The limitation is that PDF password encryption, especially 128-bit RC4 used by older tools, can be cracked with modern hardware. AES-256 PDF encryption (used by Adobe Acrobat and some other tools) is significantly stronger.
Best for: situations where no better option is available and the recipient cannot use any of the above methods.
5. DocuSign / Adobe Sign Secure Envelope (Best for Contracts Needing Co-signing)
DocuSign and Adobe Sign are purpose-built for documents that need to be signed by one or more parties. The document is encrypted in transit and at rest, access is controlled via email verification, and an audit trail records every view and signature event. For employment contracts, NDAs, lease agreements, and business contracts where the other party needs to sign, this is the appropriate professional standard.
Best for: any document requiring a counter-signature from another party.
Methods to Avoid
| Method | Why to avoid for sensitive documents |
|---|---|
| End-to-end encrypted in transit, but backed up to Google Drive or iCloud without E2E encryption by default. No access controls, no revocation, no audit trail. Backups are the weak point. | |
| Standard Gmail / Outlook | Not end-to-end encrypted. Provider can read attachments. Stored indefinitely on servers. Auto-complete errors are common. |
| SMS | Not encrypted at all. Carrier can read content. Not suitable for anything sensitive. |
| Unprotected Dropbox / Google Drive link | Anyone with the link can access the document. No expiry, no revocation without manual action, no audit trail. |
Frequently Asked Questions
Is it safe to email sensitive documents?
Standard email is not a secure channel for highly sensitive documents. Most providers encrypt in transit using TLS, but email is stored unencrypted on servers, visible to administrators, and subject to auto-complete typos. For passports, tax returns, medical records, or contracts with sensitive financial terms, use a dedicated secure method — a PrimeDocu secure link, ProtonMail, or Signal — rather than standard Gmail or Outlook.
How do I send medical records securely?
Medical records contain protected health information. Use: a secure patient portal provided by the healthcare organisation (preferred), an encrypted secure link from PrimeDocu, or ProtonMail end-to-end encryption to another ProtonMail address. Do not send medical records as plain email attachments through standard providers, and never via WhatsApp or SMS.
What is the safest way to share a contract?
For review only — use a secure, time-limited encrypted link via PrimeDocu. For co-signing — use DocuSign, Adobe Sign, or HelloSign secure envelopes, which include audit trails and identity verification. For informal review between trusted parties — ProtonMail or Signal. Avoid WhatsApp and standard email for contracts containing financial terms or confidential business information.