Secure Document Sharing.
Specific people, email-verified, no forwarding.
Most document-sharing tools default to one mode of access: anyone with the link can open it. That works for sales decks, lead magnets, and content you'd post to a wider list.
It doesn't work for proposals with pricing, due-diligence packets, or anything that shouldn't get forwarded outside the intended recipient.
HummingDeck handles both. The Restricted Sharing toggle limits access to specific email addresses, with magic-link verification before the document opens.
No credit card required.
Share access
Restrictedsarah@acme.com
Acme
marc@acme.com
Acme
lin@northwind.io
Northwind
How Restricted Sharing works
List the email addresses you're sending to
One at a time, or paste many at once. Group viewers under a company name so analytics aggregate cleanly. Add yourself with one click for testing.
Each recipient enters their email and receives a verification link
The link goes to their inbox. Only emails on your list can request one.
Clicking the verification link opens the document
The link is bound to that recipient. Anyone whose email isn't on the list can't get past this step, even if the URL is forwarded.
Engagement analytics still apply
Per-page time, return visits, and completion rates work the same as on open links. You see who verified and what each verified viewer did.
How this differs from other tools
One toggle, not two settings
DocSend separates "Restrict Access" (allowlist) and "Email Authentication" (verification) as two features you have to enable individually. HummingDeck's Restricted toggle bundles them. List the emails, verification is automatic.
Same UX for documents and Rooms
The Restricted toggle works identically on individual deck links and on full multi-document Rooms. No second flow to learn.
SafeLinks-friendly by default
Corporate scanners (Microsoft SafeLinks, Proofpoint) pre-fetch links before the recipient clicks. Verification links default to multi-use so the human still gets in after a scanner has touched the link. Switch to single-use for higher-sensitivity sends.
When to use Restricted Sharing
- Pitch decks sent to specific investors during a fundraising round
- Sales proposals with pricing
- Due-diligence packets shared during M&A
- Board materials sent to specific board members
- Agency client deliverables behind a controlled audience
- Any document where forwarding outside the intended recipient list is a concern
When not to use it
- Sales decks meant for broad outreach
- Lead magnets and content marketing assets
- Documents you'd post to a wider list
For these, leave the default "anyone with the link" setting on. Restricted Sharing is the second mode, not a replacement for the first.
Why this beats password-protected files
The traditional alternative is to ZIP a file with a password and send the password through a separate channel. In practice this breaks down:
Passwords get forwarded with the file
Anyone the recipient hands the ZIP to also gets the password. There's no per-recipient gate.
Recipients copy passwords into the wrong files
Lost access, support tickets, deal velocity drops. A magic link is one click.
Email scanners can't preview password-protected attachments
That raises spam scores. Restricted links route as normal HTTPS URLs and deliver cleanly.
You lose engagement data entirely
No per-page analytics, no return-visit detection. Restricted Sharing keeps engagement tracking intact while controlling who can open the file.
Plans
Restricted Sharing is available on Pro and Business. Allowlist size is the same on every plan that includes the feature.
See pricing →Try it on your next sensitive send.
Upload a deck, click Restricted in the share modal, add the emails you're sending to. The whole setup takes under a minute.
Frequently asked
What if the recipient forwards the email link?
The forwarded link only opens for emails on your allowlist. Anyone whose email isn't listed hits the verification step and can't proceed.
Can I allowlist a whole domain like @acme.com?
Not yet. The allowlist is currently per-email-address. Domain wildcards are on the roadmap.
Does the verification work with corporate email scanners?
Yes, by default. Verification links are multi-use so they survive Microsoft SafeLinks and Proofpoint pre-fetching, which would otherwise consume a single-use token before the human recipient clicks. Single-use is available as an opt-in for higher-sensitivity sends.
Is this a legal e-signature?
Restricted Sharing controls access, not signature. For accept and decline workflows with a timestamped audit trail inside the document, use Proposal Responses. For a formal AES or QES signature, pair HummingDeck with a dedicated e-signature provider.
Does this work on Rooms as well as individual documents?
Yes. The same Restricted toggle handles both individual deck links and full multi-document Rooms.
Can I track who verified and what they viewed?
Yes. The dashboard shows each verified viewer with per-page time, return visits, and completion rate. Optional company grouping aggregates viewers from the same firm.