Is a password-protected PDF sent in the same email actually secure?

No. The password and the file travel the same route through the same servers in the same communication chain. Anyone who gets access to that message through misaddressing, inbox access or account compromise can open the document immediately. A password-protected PDF is an illusion of security. mboxly.app encrypts the document in the sender's browser, and the key never reaches the server or any message.

How do read receipts work, and can they be used as legal evidence?

A read receipt in mboxly.app records the exact moment the recipient opens the link. HR can see when the employee opened a termination letter, amendment or disciplinary note. For courtroom strategy you should consult legal counsel, but the opening log is a concrete technical fact that ordinary email does not provide.

What happens to the document after the employee opens it?

You can configure automatic expiry after the first open, after a day, a week or a chosen deadline. A March payslip does not remain readable in the employee's inbox for years. HR does not need manual cleanup because the document disappears automatically.

Can a former employee who no longer has a company account still open the document?

Yes. You send the link to the former employee's private email address. The recipient does not need a company account, a login or any app installation. They click the link and open the document. After expiry, the link stops working.

Is mboxly.app GDPR-compliant for employee data processing?

Yes. Data is encrypted on the sender's side, infrastructure runs exclusively in the EU, and the processing model minimises the amount of data available on the server side. For paid plans, a data processing agreement (DPA) is available, which is typically required when entrusting employee-data processing to an external provider.

How do we send payslips to many employees at once?

You create a separate link for each employee and attach only that employee's document. There is no one bulk email for everyone. Each employee gets an individual link. A wrongly addressed message does not expose someone else's salary because the link is still encrypted for the intended recipient.

Does rollout require installation or integration with our HR system?

No. mboxly.app works in the browser without plugins, installations or changes to your existing email or HRIS stack. On Free and Solo plans you can start almost immediately. On Enterprise, payroll or HRIS integration is possible and handled individually.

What if the employee claims they never opened the document?

If the link was opened, you have the exact opening timestamp. If it was not, you know the employee genuinely did not open it and you can send a reminder or choose another delivery path. In both cases, you know more than with ordinary email, which leaves no reliable trace on the recipient side.

Can we send foreign-language documents to international employees through mboxly.app?

Yes. mboxly.app supports documents in any language. You upload the file you prepared, and encryption is independent of the language of the content. The recipient-facing interface is available in multiple languages, so international employees do not face an avoidable language barrier when opening the link.

Can we use our own domain, for example hr.ourcompany.com?

Yes, on Business and Enterprise plans. Employees see an address that matches the employer brand, such as hr.yourcompany.com, docs.yourcompany.com or another custom domain. We handle the DNS configuration.

For HR and payroll teams

A payslip in an email attachment is not a secure delivery channel.

Every month, thousands of HR teams send salaries, bonuses and contract amendments through unencrypted email. A password-protected PDF with the password sent in the same thread protects nothing. mboxly.app replaces that risky attachment with an encrypted link, read receipt and automatic expiry.

Try for free — no registration Open the office demo

Proof of who opened the document and when Infrastructure in the EU only · GDPR ready Links expire automatically with no retention

HR specialist working with confidential employee documents

Why it matters

A secure link replaces one step in the workflow and removes the highest-risk part: readable files sitting in inboxes and third-party platforms.

Security without compromise

Designed so HR stays in control of the document from delivery to expiry.

Every technical decision in mboxly.app follows one principle: sensitive employee data must not circulate indefinitely in inboxes, must not reach the wrong person, and must leave a reliable read trail.

Try for free

Read receipt means proof that the employee saw the document: Every document open is recorded down to the second. HR knows exactly when an employee opened a payslip, termination letter or contract amendment. No more "I never received it" or "I did not know".
A password-protected PDF is not protection. End-to-end encryption is.: If the password to the PDF is sent in the same email or by SMS, the file and the key travel together. In mboxly.app, encryption happens in the sender's browser. The key never reaches the server. The server cannot decrypt the document, even if it wanted to.
The document disappears on schedule without manual cleanup: A payslip from March payroll should not stay accessible in an employee inbox for years. You set the expiry window, an hour, a day, a week, and the link stops working automatically. No retention means no retention risk.
A former employee can receive a termination letter without a company account: You send the link to the former employee's private email address. The recipient does not need a company account, a login or an app install. They click the link and open the document. After reading or after expiry, the document is gone.
EU infrastructure. Employee data never leaves Europe.: Employee personal data requires especially careful GDPR handling. mboxly.app infrastructure runs exclusively within the European Union. Privacy by Design is built into the architecture, not added later as a label.
Each document goes to the right person without addressing risk: You send an individual link for each employee. A wrongly addressed message no longer exposes someone else's salary, because the link is still encrypted for the intended recipient.

None of the situations above results from HR negligence. They happen because for years nobody delivered a more convenient tool until mboxly.app.

How it looks in practice

HR teams still send the most sensitive employee data the same way they did 20 years ago.

Not out of negligence, but because nobody offered a more convenient alternative. Yet every scenario below is an active GDPR risk and a real exposure of employee data.

A payslip as a password-protected PDF, with the password in the same email. "Attached is your April payslip, password: Company2024". The file and the key travel together in the same message through the same servers. Anyone who gets access to that message, an IT admin, another employee with inbox access, an attacker, can open the document immediately. PDF passwords create the illusion of security, not real protection.
A contract termination sent by email with no read confirmation. The employee claims they never received the termination letter. HR has the sent timestamp in the Sent folder, but no proof that the message was opened. Without read confirmation, there is no reliable legal certainty about when the notice period actually started.
A salary increase sent as a reply to an old thread with full conversation history. "Re: Re: Employment agreement 2022" and a new amendment with a new salary. The thread history includes the previous salary, notes from the annual review and the decision not to grant a bonus the year before. The employee receives the whole context, including information HR never intended to expose.
An employment contract amendment sent via WhatsApp because the employee is off-site. WhatsApp encrypts the transport, but the document lands in the employee's cloud phone backup on Google or Apple infrastructure outside the employer's control. The amendment containing salary and employment terms now exists in systems the company does not administer and cannot govern for retention.
Mass payroll sent in one email to the whole list instead of one employee at a time. "Attached are the May payslips" and the entire employee list appears in CC instead of BCC or separate messages. Every employee sees everyone else's email address. An employee email address is personal data, and exposing it can itself be a reportable GDPR incident.
A disciplinary note or warning sent by email with no delivery trail. A disciplinary note lands in the employee's inbox. The employee says they did not read it, it went to spam, or the address was out of date. Without read confirmation, the employer's legal team has no reliable proof of delivery if the dispute reaches employment court.

Risk

What does an employee data leak or missing proof of delivery actually mean?

HR processes highly sensitive personal data, salaries, health context, family information and performance reviews. One incident is enough to trigger proceedings.

Administrative fine for leaking employee data: Exposing an employee's salary to an unauthorised person through a wrongly addressed email, a password sent in the same thread or a visible CC list is a personal-data breach that may have to be reported to the supervisory authority. Fines can reach 4% of annual turnover.
Employment dispute over missing proof of termination delivery: A notice period starts when the employee becomes aware of the content, not when the message is sent. Without a read receipt, the employer opens the door to a dispute over when the employee actually learned about the decision. In employment court, the burden of proving delivery is on the employer.
Employee claims after salary disclosure: An employee whose pay data was exposed to colleagues because of an HR mistake may claim compensation under GDPR. Employees are using that right more often, especially where a pay disclosure reveals inequality that had previously remained hidden.
Loss of trust and internal conflict after payroll disclosure: One mis-sent payslip or one visible payroll CC list is enough for a team to learn each other's salaries. The impact on morale and employee retention can be more severe than any regulator fine.

The solution

Send employee documents without risk and with read confirmation

Replace the email attachment with an encrypted link, an expiry deadline and an opening log. HR gains delivery confidence, retention control and GDPR-ready handling without changing its existing tools.

Send your first secure document Open the office demo

Pricing

Choose the deployment level that fits your HR team

Free

The public version of mboxly.app without customisation. Ideal for testing secure-link mechanics before rolling them out across HR.

€0

✓ Full end-to-end encryption
✓ Expiring and self-destructing links
✓ mboxly.app branding visible to the employee
✓ No subdomain and no company identity
✓ No data processing agreement (DPA)

Try now

Solo

For small HR teams and companies that want to start without DNS setup. Employees see the company logo and brand on the mboxly.app domain, and you start with 30 days free without entering a card.

€59 / mo €47 / mo

✓ 30 days free to start, no card required
✓ 13 months of access for the price of 12 on annual billing
✓ Employee sees: hr.yourcompany.mboxly.app — your logo and colours
✓ Secure links with expiry and self-destruction
✓ Read receipts
✓ Data processing agreement (DPA)
✓ Go live the same day

Choose Solo

Business

Employees see only your company's domain and brand. Ideal for HR teams that want a consistent experience and full brand control, with 30 days free to start and no card required.

€129 / mo €103 / mo

✓ 30 days free to start, no card required
✓ 13 months of access for the price of 12 on annual billing
✓ Employee sees: hr.yourcompany.com or docs.yourcompany.com — only your brand
✓ Your own company domain with full branding
✓ Secure links with expiry and self-destruction
✓ Read receipts with logs
✓ Data processing agreement (DPA)
✓ Priority rollout and support included

Order rollout

Enterprise

For organisations that need a private installation, HRIS or payroll integration, full environment control and agreed SLAs.

Custom pricing

✓ On-premise or private cloud installation
✓ Licence, support and agreed SLA
✓ Read receipts with audit trail
✓ HRIS and payroll integrations
✓ Custom rollout and security consultancy

Let's talk

We do not sell seat counts. You pay for the deployment level, branding and environment control — from a free start to full white-label and private installation.

FAQ

Frequently asked questions from HR teams

Is a password-protected PDF sent in the same email actually secure?: No. The password and the file travel the same route through the same servers in the same communication chain. Anyone who gets access to that message through misaddressing, inbox access or account compromise can open the document immediately. A password-protected PDF is an illusion of security. mboxly.app encrypts the document in the sender's browser, and the key never reaches the server or any message.
How do read receipts work, and can they be used as legal evidence?: A read receipt in mboxly.app records the exact moment the recipient opens the link. HR can see when the employee opened a termination letter, amendment or disciplinary note. For courtroom strategy you should consult legal counsel, but the opening log is a concrete technical fact that ordinary email does not provide.
What happens to the document after the employee opens it?: You can configure automatic expiry after the first open, after a day, a week or a chosen deadline. A March payslip does not remain readable in the employee's inbox for years. HR does not need manual cleanup because the document disappears automatically.
Can a former employee who no longer has a company account still open the document?: Yes. You send the link to the former employee's private email address. The recipient does not need a company account, a login or any app installation. They click the link and open the document. After expiry, the link stops working.
Is mboxly.app GDPR-compliant for employee data processing?: Yes. Data is encrypted on the sender's side, infrastructure runs exclusively in the EU, and the processing model minimises the amount of data available on the server side. For paid plans, a data processing agreement (DPA) is available, which is typically required when entrusting employee-data processing to an external provider.
How do we send payslips to many employees at once?: You create a separate link for each employee and attach only that employee's document. There is no one bulk email for everyone. Each employee gets an individual link. A wrongly addressed message does not expose someone else's salary because the link is still encrypted for the intended recipient.
Does rollout require installation or integration with our HR system?: No. mboxly.app works in the browser without plugins, installations or changes to your existing email or HRIS stack. On Free and Solo plans you can start almost immediately. On Enterprise, payroll or HRIS integration is possible and handled individually.
What if the employee claims they never opened the document?: If the link was opened, you have the exact opening timestamp. If it was not, you know the employee genuinely did not open it and you can send a reminder or choose another delivery path. In both cases, you know more than with ordinary email, which leaves no reliable trace on the recipient side.
Can we send foreign-language documents to international employees through mboxly.app?: Yes. mboxly.app supports documents in any language. You upload the file you prepared, and encryption is independent of the language of the content. The recipient-facing interface is available in multiple languages, so international employees do not face an avoidable language barrier when opening the link.
Can we use our own domain, for example hr.ourcompany.com?: Yes, on Business and Enterprise plans. Employees see an address that matches the employer brand, such as hr.yourcompany.com, docs.yourcompany.com or another custom domain. We handle the DNS configuration.