Does sending a draft deed through mboxly.app help meet GDPR requirements?

mboxly.app removes the biggest problem: sending unencrypted files containing transaction-party personal data through standard email. Encryption happens on the sender's side, the infrastructure runs in the EU, and data disappears after reading or expiry. That is a practical implementation of Privacy by Design and data minimisation.

How do you send documents to multiple parties in one transaction?

You create a separate link for each party and only include the documents intended for that recipient. The buyer gets one link, the seller another, the bank another. One party's data cannot accidentally reach another. There is no single combined attachment sent to everyone at once.

What happens to the draft deed after a party opens it?

It can be configured to disappear immediately after the first open or after a selected period such as an hour, a day or a week. A deed draft containing PESEL numbers and transaction pricing does not sit in everyone's inbox for months. The office avoids unnecessary retention of sensitive data.

Does the transaction party need to create an account?

No. The recipient gets a link and opens the document without creating an account, installing anything or providing extra data. Minimising recipient-side data is part of the Privacy by Design approach GDPR expects from controllers.

Is mboxly.app safe for sending scans of identity documents?

Yes. The ID card or passport scan is encrypted in the sender's browser before it reaches the server. The server stores only an encrypted package without the key. After the configured time or after the first read, the file disappears. There is no extra copy sitting in someone's inbox.

What happens if someone breaches the mboxly.app server?

The encryption key never leaves the sender's device. The server stores only encrypted noise. An attacker could access the stored data but still would not be able to decrypt it, because the key is simply not there.

Does rollout require installation or in-house IT support?

No installation is required. mboxly.app runs in the browser and does not require plugins or changes to your existing email. On Free and Solo plans the office can start almost immediately. On the Office plan we coordinate briefly on the custom domain setup, and our team handles the configuration.

Does the office get confirmation that a party opened the document?

Yes. Each link with read confirmation records when the recipient opened the document. No more asking whether someone received the draft deed. The notary sees that the party reviewed the content before the signing appointment.

Can we roll this out gradually, for example only for selected case types?

Yes. You can start with one transaction type, for example real-estate matters only or just deed drafts, and expand as the team gets used to the new habit. You do not have to change the entire workflow at once.

Can we choose our own domain or subdomain for the office?

Yes. On the Office plan we agree on that at the start of the rollout. It can be something like secure.your-notarial-office.com, documents.notary-smith.com or a separate domain altogether. We handle the DNS configuration.

For notarial offices

A draft deed in an email attachment is the weakest link in notarial confidentiality.

Every property transaction, every company formation, every inheritance certification means dozens of messages containing PESEL numbers, prices, bank account details and scans of identity documents. All of it moves through unencrypted email. mboxly.app turns those files into encrypted links that disappear after reading.

Try for free — no registration Open the office demo

Not even the admin can read the content Infrastructure in the EU only · GDPR ready Link expires automatically after reading

Notary working with confidential office documents

Why it matters

A secure link replaces one step in the workflow and removes the highest-risk part: readable files sitting in inboxes and third-party platforms.

Security without compromise

Designed so a notarial office is not exposed by the communication channel itself.

Every technical decision in mboxly.app follows one principle: even a server-side compromise must not put notarial confidentiality or transaction-party data at risk.

Try for free

Even we cannot decrypt it: Encryption happens exclusively in the browser before any data reaches the server. The server only receives an encrypted package, without the key. Even full database access cannot reveal the deed draft or transaction-party details.
Multi-party transactions with one encrypted link per party: Buyer, seller, bank, broker: each party receives a separate link with exactly the documents relevant to them. There is no single message containing everyone's data. There is no risk that one recipient sees another party's information.
The draft deed disappears after reading or after a deadline: Self-destruction after the first open or after a selected time window. A draft containing PESEL numbers and transaction pricing does not sit in inboxes for months. It disappears once it has been read. No data retention means no data retention risk.
EU infrastructure. Data never leaves Europe.: Servers located exclusively within the European Union. GDPR and Privacy by Design compliance is ready to document for audits or supervisory authority reviews.
The transaction party creates no account and installs nothing: The buyer or seller clicks the link and that is it. No personal data is deposited on our side. Data minimisation in practice, not in theory.
One link instead of an attachment. Your office workflow stays the same.: You send the email exactly as usual, but paste a secure link instead of attaching a file. The habit change takes 30 seconds. The reduction in transaction-party risk is fundamental.

Notarial office desk work with confidential documents

None of the situations above results from negligence. They happen because nobody designed a more convenient alternative for notarial offices until mboxly.app.

How it looks in practice

Most notarial offices still exchange documents the same way they did 20 years ago.

Not out of negligence, but because it is the most convenient option. In every property transaction, dozens of messages containing sensitive party data move through ordinary inboxes. Nobody asks about encryption until there is a leak.

A draft notarial deed attached to one email sent to four parties at once. One Word file containing the full buyer and seller details, PESEL number, transaction price, land and mortgage register number, and mortgage data. The message goes to all parties at once, in CC or BCC. The office has no idea how many people actually open the document or who forwards it further.
A scan of an identity card sent by email for identity verification. The client sends a scan of their ID card or passport before the appointment so the notary can prepare the deed. The message passes through Google or Microsoft servers, gets archived, indexed and may be accessible to the platform operator. The identity document sits in the inbox with no encryption and no expiry.
"Send the bank account number on WhatsApp, it's faster." The buyer sends a transfer account number before signing the deed. WhatsApp encrypts the transmission, but the messages end up in the user's Google or Apple iCloud backup. The bank account number exists outside the office on the client's device, in their cloud backup and on Meta's servers. The office controls none of those copies.
A developer agreement with floor plans sent through WeTransfer. Dozens of PDF pages with the apartment layout, technical specification and the parties' data. A WeTransfer link without a password remains valid for seven days and is publicly accessible to anyone who gets the URL. No authorisation means anyone with the link can download the file. The notary has no way to verify who actually opened it.
Inheritance certification with the heir list sent as a reply on an old thread. "Re: Re: Re: Kowalski matter" with another beneficiary in CC. A new draft containing all heirs' data gets attached to a thread that already contains previous correspondence, data from other parties and earlier document versions. One click on Reply and the history reaches someone who should never see it.
Financial details sent by SMS before closing the transaction. Payment amount, escrow account number, transfer deadline, all via SMS because the client is calling from the street. SMS is not encrypted. Message content passes through the telecom operator as plain text. In Poland, every operator is obliged to retain metadata, while SMS content remains unsecured.

Risk

What does a transaction-party data leak mean for a notary?

One incident is enough. The consequences are multi-dimensional: professional, financial, reputational and legal. The notary is personally accountable.

Disciplinary proceedings before the notarial chamber: A breach of notarial confidentiality or data-processing security standards can trigger disciplinary proceedings and sanctions ranging from a reprimand to suspension. Lack of awareness of the risk is not a mitigating circumstance.
Administrative fine under GDPR, up to 4% of turnover: Data protection authorities impose fines for failing to implement Privacy by Design. A leak of a party's PESEL number or financial data through unencrypted email is a ready-made administrative enforcement scenario.
Civil liability for damages: A notary may be held personally liable for damage resulting from a lack of due care in carrying out notarial acts. A transaction party whose data leaked because of office negligence may seek civil compensation independently of any regulatory proceedings.
Loss of trust across the real-estate transaction ecosystem: Estate agencies, mortgage banks and developers refer clients to specific notaries. In an environment where reputation is everything, a single data incident can shut down that referral channel for years.

The solution

Send draft deeds without risk

Replace an attachment containing transaction-party data with an encrypted link that expires or disappears after reading. Minimal change for the office, maximum protection for the parties.

Send your first secure document Open the office demo

Pricing

Choose the deployment level that fits your notarial office

Free

The public version of mboxly.app without customisation. Ideal for testing the mechanics of secure links before rolling them out across the notarial office.

€0

✓ Full end-to-end encryption
✓ Expiring and self-destructing links
✓ mboxly.app branding visible to the recipient
✓ No office subdomain and no office identity
✓ No data processing agreement (DPA)

Try now

Solo

For solo notaries and small offices. Transaction parties see your logo and brand on the mboxly.app domain. The fastest way to start, with no DNS setup needed, 30 days free to begin and no card required.

€59 / mo €47 / mo

✓ 30 days free to start, no card required
✓ 13 months of access for the price of 12 on annual billing
✓ Recipient sees: youroffice.mboxly.app — your logo and colours
✓ Secure links with expiry and self-destruction
✓ Read receipts
✓ Data processing agreement (DPA)
✓ Go live the same day

Choose Solo

Office

Transaction parties see only your domain, your logo and your brand. We handle the whole rollout for you, and you start with 30 days free without entering a card.

€129 / mo €103 / mo

✓ 30 days free to start, no card required
✓ 13 months of access for the price of 12 on annual billing
✓ Recipient sees: secure.your-notarial-office.com — only your brand
✓ Your own office domain with full white-label branding
✓ Secure links with expiry and self-destruction
✓ Read receipts
✓ Data processing agreement (DPA)
✓ Priority launch and support included

Order rollout

Enterprise

For notarial chambers and larger organisations that need a private installation, full environment control and a setup tailored to strict security requirements.

Custom pricing

✓ On-premise or private cloud installation
✓ Licence, support and agreed SLA
✓ Read receipts
✓ Custom deployment and security consultancy
✓ Integrations and organisational requirements on request

Let's talk

We do not sell seat counts. You pay for the deployment level, branding and environment control — from a free start to full white-label and private installation.

FAQ

Frequently asked questions from notarial offices

Does sending a draft deed through mboxly.app help meet GDPR requirements?: mboxly.app removes the biggest problem: sending unencrypted files containing transaction-party personal data through standard email. Encryption happens on the sender's side, the infrastructure runs in the EU, and data disappears after reading or expiry. That is a practical implementation of Privacy by Design and data minimisation.
How do you send documents to multiple parties in one transaction?: You create a separate link for each party and only include the documents intended for that recipient. The buyer gets one link, the seller another, the bank another. One party's data cannot accidentally reach another. There is no single combined attachment sent to everyone at once.
What happens to the draft deed after a party opens it?: It can be configured to disappear immediately after the first open or after a selected period such as an hour, a day or a week. A deed draft containing PESEL numbers and transaction pricing does not sit in everyone's inbox for months. The office avoids unnecessary retention of sensitive data.
Does the transaction party need to create an account?: No. The recipient gets a link and opens the document without creating an account, installing anything or providing extra data. Minimising recipient-side data is part of the Privacy by Design approach GDPR expects from controllers.
Is mboxly.app safe for sending scans of identity documents?: Yes. The ID card or passport scan is encrypted in the sender's browser before it reaches the server. The server stores only an encrypted package without the key. After the configured time or after the first read, the file disappears. There is no extra copy sitting in someone's inbox.
What happens if someone breaches the mboxly.app server?: The encryption key never leaves the sender's device. The server stores only encrypted noise. An attacker could access the stored data but still would not be able to decrypt it, because the key is simply not there.
Does rollout require installation or in-house IT support?: No installation is required. mboxly.app runs in the browser and does not require plugins or changes to your existing email. On Free and Solo plans the office can start almost immediately. On the Office plan we coordinate briefly on the custom domain setup, and our team handles the configuration.
Does the office get confirmation that a party opened the document?: Yes. Each link with read confirmation records when the recipient opened the document. No more asking whether someone received the draft deed. The notary sees that the party reviewed the content before the signing appointment.
Can we roll this out gradually, for example only for selected case types?: Yes. You can start with one transaction type, for example real-estate matters only or just deed drafts, and expand as the team gets used to the new habit. You do not have to change the entire workflow at once.
Can we choose our own domain or subdomain for the office?: Yes. On the Office plan we agree on that at the start of the rollout. It can be something like secure.your-notarial-office.com, documents.notary-smith.com or a separate domain altogether. We handle the DNS configuration.