The attachment outlives the message
The ITR you sent at 11pm now lives in your client's WhatsApp media, their phone backup, and possibly in a family group. Forwardable in one tap. Once an attachment leaves your hands, you can't un-send it.
Enchamber doesn't replace WhatsApp. It replaces the unprotected PDF you currently send through it — with a password-protected, view-tracked, auto-expiring page your client opens in any browser. Same conversation. Different attachment.
Ask yourself — does client document sharing feel a little too casual for how sensitive the docs actually are? Every CA we've spoken to hits the same set of problems. None of them are your fault — the tools you use weren't built for your work.
The ITR you sent at 11pm now lives in your client's WhatsApp media, their phone backup, and possibly in a family group. Forwardable in one tap. Once an attachment leaves your hands, you can't un-send it.
Setting a PDF password is painful. Your client can't open it on their phone. And you usually share the password in the same WhatsApp chat — which defeats the point.
"Did you get the notice?" "Did you open the ITR I sent on Tuesday?" You don't know. And you can't prove it if there's a dispute later.
Drive / WeTransfer / generic cloud links don't password-protect by default, leave no audit trail, and weren't built around DPDPA + ICAI peer-review expectations.
WhatsApp + email leave you with no log of who saw what, when. ICAI's own cybersecurity advisory has flagged this as a growing risk for practising CAs.
Scanned audit folders, balance sheets, working-paper ZIPs — they bounce. So you split into 3 emails, or zip and pray.
A statutory audit isn't one file — it's the trial balance, ledgers, annexures, draft report, final report, working papers. Sending each as its own link is chaos for both sides.
Your client is a company. Their CFO should see everything; their bookkeeper only the working papers. A flat link can't do that — and your articleship juniors face the same problem on your side.
You send to the same 80 clients every quarter — but every share starts from a blank form. No saved contacts, no recipient picker, no list of "all my Q4 ITR clients".
A ₹40-lakh tax computation, a board-resolution PDF, a salary annexure — sent through the exact same channel as forwarded jokes. The casualness of the channel doesn't match the sensitivity of the document.
Clients lose files. Three months later they're asking you to dig through your sent-folder for an old ITR they can't find. You spend the next 20 minutes re-attaching what you already sent once.
These are the daily-friction wins. Most are free, forever. A few unlock in Phase 2 / 3.
Proof of delivery without asking. Know exactly when (and how many times) your client opened the ITR — useful for follow-ups and for disputes.
Inbox ping the moment your client opens the link. No more "just checking" follow-ups.
See which pages of a long audit report the client actually read, and which they skimmed. Sharpens every follow-up call.
Sent the ITR, then spotted a typo? Swap the file on the same share — URL doesn't change, password doesn't change. Client opens the same link, sees the corrected version. No re-sending, no "please ignore the previous email".
Set a password when you create the share. No Acrobat. Opens cleanly on every device, every browser.
Pick a date. After that, the link is dead. No lingering ITRs in client inboxes years later.
Your senior clients enter the password and view. Zero friction. Zero support calls about "how do I open this".
PDF · DOCX · XLSX · ZIP · images. Generous file-size limits today, and they go much higher on paid plans for scanned audit folders.
Build a list of your frequent clients once. Then pick from a recipient list every time you create a share — no re-typing, no typos. Group them by engagement ("Q4 ITR clients", "Statutory audits") for bulk sends.
Send Enchamber links straight from Gmail / Outlook without leaving your inbox. No copy-paste round-trip.
Only your named client can unlock — not whoever the link gets forwarded to. End-of-chain control.
The viewer's email is stamped onto every page of the PDF they see. Forwarded screenshots are traceable.
A statutory audit, a due-diligence pack, a year-end close — these are many files, many viewers, mixed permissions. Data Rooms bundle them into one secure space, with the controls larger engagements need.
Trial balance, ledgers, annexures, draft + final report — all in one organised space, one link, one password. Add or replace files without re-sending anything.
CFO sees everything, bookkeeper only the working papers. Your articleship junior gets read-only on draft folders. Different roles, same room.
Send 50 files in one link. Client downloads the whole audit folder with one click — no Drive-folder-of-Drive-folders maze.
Single feed of every action inside the room: who opened which file, when, from where. Audit-grade trail for the engagement, exportable.
Anyone can send a Drive link. A branded, password-protected share page with your firm's name on it signals seriousness to your clients — and to their clients, bankers, and auditors.
enchamber.com/s/sharma-associates-itr-q4 instead of a random string. Recognisable, trustable.
Client opens the link and sees your firm's brand, not ours. The share page becomes a marketing surface.
On paid plans, "Powered by Enchamber" comes off. Looks like in-house infrastructure.
Send shares from docs.yourfirm.in. Clients never see our domain. Maximum credibility.
We don't do "bank-grade" or "military-grade" — those phrases are marketing. Here's what we actually do today, and what's on the roadmap.
Stored as a one-way fingerprint (bcrypt). Even our team can't reverse it. If we're hacked, your passwords are not in plain text.
The file isn't sent to the recipient's browser until the password is correct on our servers. Wrong password = no file. Not a blurred file — no file at all.
Encrypted in transit between you, us, and your client. SSL Labs rating: A+. Every modern browser shows the padlock.
Data we don't retain can't leak. Links die on the date you set — even if your client's inbox is later compromised.
Registered Point of Contact with India's national cyber incident agency. Consent + data-deletion flows built into the product, not bolted on.
No Google Analytics, no Facebook Pixel, no ad networks on share pages. Your client's view of an ITR is not data we sell.
Rate-limiting on password attempts at the IP level. Stops bots from guessing common passwords on your share links.
Content encrypted with the share password as the key. Even a full DB breach = unreadable files. Trade-off: no password recovery.
Download a tamper-evident log of every view + download for a share, for your records or for a dispute.
Practice-management portals, client document hubs, virtual data rooms for audits — they're standard kitat mid-tier firms globally. Here's what they get out of it, and what it means for an Indian CA practice.
US + UK firms moving off email-attachment workflows onto secure portals routinely cut their document-chasing time by 60–80% — every "please confirm receipt" call replaced by a view timestamp. Multiply that across 80 clients in a filing quarter and it's a senior's entire week back.
Mid-tier firms' #1 reason for adopting client portals isn't convenience — it's defensibility. If a client later claims "you never sent me the draft", an audit-grade trail (who opened what, when, from where) is the difference between a 5-minute close and a partner-level escalation.
For a client, the experience of opening your share is the experience of your firm. A branded page on docs.yourfirm.in with your logo signals seriousness in a way a Drive link never can — and that's referral fuel.
ICAI's cybersecurity advisory cautions members against ad-hoc WhatsApp / email sharing of client data — citing absent audit trails, forwarding-chain risk, and rising phishing attempts on practising members. The institute has flagged the problem. The tooling answer is here.
Enchamber grows with your practice. Here's how the same tool fits at each stage — no migration, no re-platform when you scale up.
The focus below is what you can do, not how many MB. Limits exist, but they fade into the background.
Everything a solo CA needs to start
When your firm wants its own face — and scales
For multi-partner firms + audit-grade trails
Create your first password-protected share in 30 seconds. Paste the link into the same WhatsApp chat. Done. Free forever. No card, no app for your clients.
Tell us what would actually fit your firm's workflow — or what we're missing. Email hello@enchamber.com.