Skip to main content
Forms & Requests

Secure Forms & File Requests

Branded fillable forms, e-signatures with admin counter-signing, and one-shot file request links — all behind the same encryption and audit pipeline as file transfers. One workflow to replace Docusign, web form builders, and Dropbox File Requests.

Form BuilderE-SignaturesCounter-SignFile Requests
01Form Builder

Secure Forms

Branded, fillable forms delivered as per-recipient secure links. File uploads, e-signatures, and admin counter-signing — all routed through the same encryption, scanning, and audit pipeline as a regular file transfer.

Mental model: Docusign fused with a secure dropbox. Staff builds a form template once; recipients get a tokenized link, fill it out, sign, and attach files; admin counter-signs when required. The completed PDF lands in your audit trail and (optionally) in a shared folder for normal file-UI access.

Templates

  • Branded fields, validation, expiry, and routing per form
  • PDF template support — upload existing forms as templates
  • Per-instance bcrypt password + IP allowlist
  • Tokenized link per recipient — no shared URLs

Signing

  • Recipient e-signature captured with IP, user agent, and timestamp
  • Admin counter-sign path — form parks in_review until staff signs
  • Regenerated PDF auto-emails back to the recipient
  • Completed PDF optionally routes to a SharedFolderFile
Secure FormsRecipient-facing forms with e-signatures, attachments, and admin countersignStaff builds Formfields ·branding · signature rolesRecipient fills + signsanswers ·file uploads · signatureEncrypt + ScanAES-256-GCM ·KMS · ClamAV · DLPSubmission storedimmutable snapshot ·countersign · routedSECURITY RAILTokenized linkBcrypt passwordIP allowlistAudit trailFORM · FORMINSTANCE · FORMSUBMISSION
02Inverse Send

Quick Share Requests

The inverse of Send. Instead of 'I send you a file,' it's 'I send you a link asking you to upload to me' — with mandatory virus + DLP scanning and the same KMS envelope encryption as every other transfer.

A one-shot, audited 'send me X files' link — like a Dropbox File Request, but with mandatory scanning, KMS envelope encryption, and the resulting artifacts auto-bound to your account. No guest provisioning, no shared folders, no anonymous links.

Lifecycle

  • Compose: recipients, file count (0–25), per-file expiry, optional secret
  • Recipient uploads the exact file count (and secret if requested)
  • On submit, request atomically flips pending → submitted

Hardening

  • AES-256-GCM + KMS-wrapped DEK on every uploaded file
  • ClamAV + DLP scan mandatorily, no opt-out
  • Strict shape: 256 MiB/file, 100 KiB/secret, exact count enforced
  • 3-attempt ceiling on real submissions → 429 after that
  • Resulting DownloadLinks bound to requester — no anonymous access
Quick Share — RequestAsk someone to upload files to youREQUESTER · STAFFCompose requestrecipients · file count (0–25)optional secret · expiryMint req_* tokenemail link to recipientstatus: pendingView submitted filesDownloadLinks bound to requesterOTS pre-boundRECIPIENT · EXTERNALOpens /request/{token}sees branding + messageexpected file count visibleUploads files (+ secret)exact count enforced256 MiB/file capatomic flip: pending → submittedPIPELINEAES-256-GCMKMS envelopeClamAVDLPAudit
At a glance

Two flows, one pipeline

Forms collect structured answers + signatures. Quick Share Requests collect arbitrary files. Both share the same encryption, scanning, and audit backplane.

Secure Forms vs Quick Share RequestTwo flows with the same encryption, scanning, and audit backplaneSECURE FORMSYou ask them to answer + sign.Patient Intake FormFORM · v3Full nameJane DoeDate of birth1985-03-17Insurance IDBCBS-•••••Sign hereIP · UA · TSSign & SubmitFillable fields with validationE-signature + admin countersignFile uploads inside the formRouted to a shared folderQUICK SHARE REQUESTYou ask them to send you files.Upload Files · 3 of 3REQ_A8F2E9W9.pdf248 KBCOI_2026.pdf1.1 MBbank_letter.pdf340 KBOPTIONAL SECRET••••••••••OTS-boundSubmit FilesUp to 25 files per requestOptional shared-secret slotExpiring tokenized linkAuto-bound to the requesterSHARED PIPELINEAES-256-GCMKMS envelopeClamAVDLPAudit log
Comparison

Beyond traditional MFT

Most managed file transfer platforms were designed before modern threats existed. Here is how MnemoShare compares.

CapabilityTraditional MFTMnemoShare
Form builderDocusign, Typeform, or hand-rolled web formsNative fillable forms with PDF template support and per-recipient tokens
E-signaturesSeparate signing platform with its own audit logRecipient + admin counter-signing in one workflow, single audit trail
File request linksDropbox File Request — anonymous, no scanning, no encryption envelopeTokenized link, mandatory ClamAV + DLP, KMS-wrapped DEK, requester-bound results
Recipient accessShared anonymous link or guest account provisioningPer-recipient token, optional bcrypt password, optional "must log in to upload"
AuditSeparate logs per tool — reconciliation required for any investigationImmutable answer/signature/file snapshot in the same audit feed as transfers

See how MnemoShare compares. Schedule a demo

In Practice

Real-world use cases

Patient intake & consent

Clinic sends a new patient a secure form link covering insurance details, medical history, and a signed consent. Patient uploads insurance card photos; ClamAV + DLP scan inline. Admin counter-signs the consent; signed PDF emails back; submission lands in the patient's shared folder with full audit trail.

Vendor onboarding

AP team sends a Quick Share Request to a new vendor: W-9, certificate of insurance, and bank letter. Vendor uploads all three to the tokenized link with optional banking-detail secret. Files arrive scanned, KMS-encrypted, and bound to the AP requester — no shared inboxes, no anonymous uploads.

Regulatory attestation

Compliance officer publishes a quarterly attestation form to 200 employees. Each gets a unique link; each submission captures e-signature with IP/UA/timestamp; immutable snapshots stored for audit. Counter-sign path used for higher-risk roles.

FAQ

Frequently asked questions

How does this compare to Docusign?

MnemoShare Secure Forms covers the same recipient-signs + admin-counter-signs flow Docusign provides, but the form lives behind your existing encryption, scanning, and audit pipeline. Uploaded attachments are AES-256-GCM + KMS-wrapped before S3, ClamAV + DLP scan inline, and the submission snapshot is immutable. No separate vendor for signatures, no separate audit log to reconcile.

Can I use my own PDF templates?

Yes. Upload an existing PDF, mark up signature and form fields, and use it as a Form template. Recipients see the branded PDF rendered as a fillable form; the completed submission regenerates the PDF with answers and signatures baked in.

What's the difference between Secure Forms and Quick Share Requests?

Forms are structured: you define fields, signatures, validation, branding. Quick Share Requests are unstructured: you ask for N files and an optional secret, recipient uploads. Both share the same security backplane (KMS encryption, mandatory scanning, audit trail, tokenized links), but Forms is the long-form workflow and Quick Share is the one-shot ask.

Are recipient uploads scanned the same way as regular file transfers?

Yes — mandatorily. Every uploaded file passes through ClamAV (or any ICAP-compatible scanner you've wired in) plus the full DLP engine. There's no opt-out, and the scan happens before the file is bound to your account.

Can I require recipients to log in before submitting?

Yes. Set "must log in to upload" on the form or request, and recipients are blocked at the page load — no state is touched until they authenticate. Anonymous submissions are denied without consuming any of the request's attempt budget.

What happens if a recipient doesn't submit before the link expires?

The request transitions lazily to "expired" the next time it's read. The public endpoint redacts PII (subject, body) once consumed or expired, so even if the link is shared after the fact, no sender context leaks. Requesters can cancel pending requests at any time from the Sent view.

Get Started

Ready to see MnemoShare in action?

Start a free trial, schedule a walkthrough, or dive into the docs.