SecureMint

How to Send Tax Documents Securely

Tax firms routinely send documents that combine financial data with personal information: tax returns, statements, payroll exports, and My Number related files. These are exactly the kinds of files that should not move around as normal email attachments or password ZIPs. A practical workflow is to remove hidden metadata first, encrypt before upload, and send a browser-openable delivery link that does not require clients to create an account. This guide shows the lightweight version of that workflow.

Open Secure File Send
SecureMint uses zero-knowledge design. The server cannot read your data.
securemint.app/d/abc123#secret-key

Steps

1

Remove hidden metadata before delivery

Run the final PDF or Office file through SecureMint /metadata first. This reduces accidental leakage of author names, document properties, revision traces, and file path remnants.

2

Upload through SecureMint /send instead of attaching to email

Attach the cleaned file in /send, set an expiry, and add a password only if your process requires it. The payload is encrypted in the browser before upload.

3

Send the secure link to the client

Copy the generated link into your normal email. Clients open it in a browser with no signup. If you use a password, send it via phone, SMS, or Secure Memo on a separate route.

4

Use download logs when the firm needs a receipt trail

On Pro, the send can keep a per-download record with timestamp and IP. This gives the firm an internal trail without rolling out a full client portal.

Why It's Secure

  • Browser-side encryption means the server stores ciphertext, not readable tax data.
  • A normal email can still carry the delivery link, but the file itself is no longer a plain attachment in the inbox.
  • Metadata cleanup helps prevent accidental leakage of author names, revision data, and document location information.
  • Expiry windows and download limits reduce how long sensitive files remain available.

Sources

FAQ

Do clients need to create an account?
No. The client opens the secure link in a browser and downloads the file. That keeps the workflow lighter than a client portal while still avoiding plain attachments.
Should I still use password ZIP files?
In most cases, no. Public guidance has shifted away from password-protected attachments by email. A browser-delivered encrypted link is easier for clients and easier to manage safely.
What if the file contains My Number data?
Treat it as the highest-sensitivity case: minimize retention, set an expiry, and consider sending the password over a completely separate channel. Also review your internal handling rules and delete local copies you no longer need.

Related Tools

Metadata Removal→Secure File Send→File Request→

If you want to turn this guide into an operational workflow

These use-case guides show how the same pattern fits real workflows for accountants, HR teams, and legal professionals.

See the accountant workflow

How to turn secure send, PPAP replacement, and metadata cleanup into a client delivery flow.

Related Articles

How to Send Japan's My Number (個人η•ͺ号) Safely β€” Free, Zero-Knowledge, No Enterprise Contract

Japan's My Number guidelines effectively disallow plain email attachments. This guide covers compliant delivery routes and how to use zero-knowledge browser encryption to share My Number documents with your accountant, tax office, or HR team β€” without signing up for an enterprise-tier tool.

PPAP Alternative: Secure File Sharing with SecureMint

Replace insecure PPAP (password-protected ZIP via email) with E2E encrypted file sharing. No more sending passwords in separate emails.

How to Send Files Securely

Learn how to send files securely with end-to-end encryption. Free, no signup. AES-256-GCM encryption with zero-knowledge design.