1Bridge Vault

Use Case

Secure Document Sharing

Store personal KYC documents once. Share with banks, lawyers, PSPs, and compliance vendors through expiring links, without sending passport copies over WhatsApp again.

How It Works

Four Steps to Controlled Sharing

From upload to vendor access, every step keeps plaintext on your side of the browser.

01

Upload Once

Add ID, proof of address, and source-of-wealth documents. They are encrypted in your browser before upload. We only store ciphertext.

02

Delegate to Your Team

Add ops or legal teammates as delegates. They create share requests and manage workflows, but never see your documents, keys, or vendor secrets.

03

You Approve

When a delegate prepares a share request, you approve it. This generates a one-time vendor secret emailed directly to the vendor. Your team never sees it.

04

Vendor Access

Vendors verify email via OTP, enter the secret, and view documents. Every view and download is watermarked with a unique reference ID and logged in your audit trail.

Team Delegation

Your team runs the workflow while you keep sole control of the keys

Useful when ops or legal handle document requests on your behalf, without widening who can read them.

Delegates can

  • Create share requests for specific vendors
  • Select which documents to include
  • Set expiry and purpose notes
  • Revoke links on your behalf

Delegates cannot

  • Decrypt or view document contents
  • See vendor secrets or encryption keys
  • Approve shares without your action
  • Generate cryptographic material

You always

  • Approve every share before it goes out
  • Hold the vault password and KEK
  • See the full audit trail
  • Revoke access instantly

Built In

Watermarking and Audit on Every Access

Every document that leaves the vault carries a watermark and an audit entry, applied automatically on every access.

Watermarking

Each view and download gets visible and invisible watermarks stamped with vendor label, timestamp, and a unique reference ID. Images and PDFs are both covered. Verify any watermark at /verify.

Audit Trail

Every OTP sent, view, download, revocation, and access denial is logged with timestamps and pseudonymized vendor identity. You know who accessed what and when.

Read how watermarking and encryption work →

Positioning

Where This Fits

1Bridge handles the ad-hoc requests that do not justify a full compliance platform.

vs Google Drive / Dropbox: No client-side encryption, no per-vendor watermarking, no three-factor access, no purpose-bound expiring links.

vs WeTransfer: One-time transfers with no vault, no delegation, no audit trail, no revocation after send.

vs Persona / Onfido: Enterprise KYC platforms own the full compliance workflow. 1Bridge complements them for the dozens of informal requests that still arrive over email and WhatsApp.

Ready to stop resending your passport?

Join the waitlist for client-side encrypted sharing with full vendor accountability.