# EchoDrop — Hand off work, on the record.

> Enterprise-grade file handoffs.
>
> EchoDrop is a sealed handoff layer for settings where chain of custody
> matters: law, finance, healthcare, consulting, government, and the AI
> assistants working alongside those teams.

Gate files, link shares, or SaaS URLs behind a short pickup code with a
password, expiry, and tamper-proof receipt — with optional confirmation by
email address. Every attempt is logged, so work can pass between teams,
clients, and counterparties without losing the audit trail.

A regular Drive, Dropbox, or shortened URL is a forwarding tool — anyone
who gets it can open the file, you can't tell who actually did, and you
can't pull it back without breaking the link for everyone. An EchoDrop
pickup is the opposite: it has to be opened by the right person, in the
right window, with the right code — and you get a signed receipt the
moment they do.

## Capabilities

- URL gating
- Custom shortlinks
- Audit trails
- Signed receipts
- Revocation
- Encryption
- Hosted or headless
- MCP
- API

## Drop anything

- Share links
- Web pages
- Files
- Folders
- Documents
- Media

## What it does — gate anything important

EchoDrop can wrap a Drive folder, Notion page, SharePoint document,
hosted URL, or uploaded file behind rules you control.

### Gate any URL or file

Use a short pickup code, password, expiry, download cap, custom slug, and
revocation. Every attempt creates a receipt you can verify.

### AI assistants, both ends

EchoDrop speaks the Model Context Protocol, so one assistant can send a
sealed package and another can pick it up into its working context.

### Privileged offline mode

For zero third-party trace, the browser can encrypt a bundle of links into
one self-contained URL without touching EchoDrop servers.

## How it works — simple handoff, strong record

1. **You give EchoDrop a link or a file.** Paste a URL from Google Drive,
   Dropbox, Notion, SharePoint, or your own site, or upload files directly
   for EchoDrop to host.
2. **You get a short pickup link.** Use the generated code or claim
   memorable words yourself, then decide the password, lifetime, and
   pickup limits.
3. **The recipient picks it up on the record.** Each successful pickup
   and failed attempt becomes part of the audit trail, with receipts for
   verification and control.

## Assistant workflows — send and receive without copy-paste

> "Wrap this Google Drive link in a 24-hour code with the password
> blue-otter."

> "Pick up ED-K7m2XB, password blue-otter."

You stay in control with personal access tokens, revocation, and the same
audit trail as regular pickups.

    

# How EchoDrop works

A simple, plain-language walkthrough of what happens when you share a
link through EchoDrop.

## The basic flow

1. **You give us a link, or a file.** EchoDrop works two ways, and you
   can mix them in the same drop. Paste a URL to something you already
   have online — a Google Drive file, a Dropbox folder, a Notion page, a
   SharePoint document, a page on your own website — and we'll act as the
   gate in front of it. Or upload files directly and we'll host them for
   you. Either way, you decide the rules: a password, how long the code
   lasts, how many people can pick it up.
2. **We give you a short pickup link — or you pick the words yourself.**
   By default we generate something short and easy, like `ED-K7m2XB`.
   But you can also claim a memorable slug at create time — for example
   `echodrop.io/q4-acme-payments` or `echodrop.io/board-deck` — as long
   as nobody has claimed it already. Share that instead of the raw link:
   in a text, in an email, on a business card, in a quarterly report.
3. **Every pickup is gated — and on the record.** The recipient types
   in the code (and the password, if you set one). If your rules are
   met, their browser is sent straight to your original link. If not,
   the door stays shut. Either way, the attempt lands in your audit
   trail — with the time, a coarse location, and whether the password
   was right. Successful pickups also produce a tamper-proof receipt,
   signed by EchoDrop, that anyone can verify independently. One click
   and the code stops working forever.

## Our promise about your link

- **We don't open your link.** We don't download the file, we don't
  make a copy, and we don't store it on our servers. Your file stays
  exactly where you put it.
- **You can see the address yourself.** On every recipient screen we
  show the website your link points to (for example,
  `drive.google.com`) — before they click. No tricks, no hidden
  redirects.
- **You're in charge, always.** You see every pickup attempt — when,
  roughly where from, and whether they got the password right. One
  click and the code stops working forever.
- **Every pickup gets a tamper-proof receipt.** Each successful
  download is signed with our Ed25519 key. Anyone — your client,
  opposing counsel, an auditor — can take that receipt to `/verify`
  and confirm independently that the pickup happened, when, and for
  which code.

## If you'd rather have an AI do it

EchoDrop speaks the Model Context Protocol — the same plug standard a
growing list of AI assistants already understand. Once you connect it,
you can just ask the assistant to send a file or open a code, and it'll
do the rest.

- **Sending:** "Wrap this Google Drive link in a 24-hour code with the
  password blue-otter." The assistant calls your EchoDrop account,
  creates the drop, and hands you back the pickup code.
- **Receiving:** "Pick up ED-K7m2XB, password blue-otter." The
  assistant opens the code, downloads the contents, and reads them
  straight into the conversation — no copy/paste, no separate browser
  tab.

You stay in control. The assistant uses a personal access token you
mint in your dashboard — not your password. You can see (and revoke)
every token, and every pickup the assistant performs lands in the same
audit trail as a regular pickup.

## Offline bundle — when you'd rather we weren't involved at all

Sometimes you want a password-locked envelope of links *without* any
pickup code, any audit log, or any record that the bundle exists. Our
offline tool lets you build one entirely in your own browser. We don't
see the contents, the password, or who opens it later.

- Encrypted in your browser with a password you choose.
- Output is a single link — the secret part lives in the URL fragment,
  which browsers don't send to servers.
- No revocation, no download cap, no "who opened it" — those are the
  trade-offs for going off-grid.

    

# EchoDrop for business & professionals

## Hand off client work. Get a receipt. Move on.

Built for small firms, agencies, trades, advisors and software
businesses who send confidential work to clients. Wrap any file or link
in a one-time pickup with a password and an expiry — and get a
tamper-proof receipt the moment your client opens it. The same controls
a Fortune-500 legal team uses, with none of the IT department.

## What you can do with each link

- **Source URL stays hidden.** Your client only sees a clean pickup
  page — never your actual Dropbox, Google Drive, OneDrive, or hosted
  storage URL. They can't bookmark it, scrape it, or forward it to
  anyone you didn't intend.
- **Set an expiry.** Match the link's lifetime to your work — the date
  a quote is valid until, the day a contract closes, the end of an
  engagement. After that the link stops working, even if it's still
  sitting in their inbox.
- **Cap the number of pickups.** Limit a link to one pickup, three
  pickups, or any number you choose. Useful when you know exactly who
  should be opening it.
- **Burn after reading.** One-time pickup. The moment your client opens
  it, the link burns. A forwarded inbox or a stolen laptop six months
  later doesn't expose the work you sent.
- **Add a password.** Send the password over a separate channel — a
  text, a phone call, the cover letter you handed them in person.
  Wrong-password tries are rate-limited and logged.
- **Revoke at any time.** One click and the link stops working — even
  if your client already had it open.

## Send once, track many

Same item, multiple recipients — and a separate receipt for each.
Selling a digital product to ten customers? Sending one deliverable to
a client and their whole team? Fulfilling a batch of license downloads
after a sale? Issue a unique trackable credential per recipient and
you'll know exactly who picked it up, when, and from where.

- **1 URL · N codes** — same link, different code per recipient.
- **N URLs · 1 password** — different link, shared password.
- **N URLs · no password** — different link, no extra step.

## Not a link shortener

Most file links just forward. Ours check who's asking.

| A link shortener | EchoDrop |
| --- | --- |
| Anyone who gets the link can open the file. | Each link is locked behind a code, password, expiry date, and a limit on how many times it can be opened. |
| The link is the password. Forward it, and you've forwarded the file. | What you keep on file is a signed receipt of who actually picked it up — not the link itself. |
| Tracks clicks for marketing reports. | Records every pickup — when, roughly where, whether the password was right. |
| No way to prove the right person actually got it. | Every pickup comes with a tamper-proof receipt. Your client can check it themselves at `/verify`. |
| If the link leaks, the file is leaked. Forever. | If you sent the wrong file or the project goes sideways, click "revoke." |

## Who it's for

- **Trades & contractors** — electricians, plumbers, builders,
  roofers, HVAC, landscapers — sending quotes, scopes of work, final
  invoices or as-built drawings without them being forwarded to a
  competitor.
- **Agencies & consultants** — brand and design studios, marketing and
  PR shops, small IT consultancies, freelance project teams — handing
  off final deliverables, draft decks, or strategy memos with a clean
  record of when the client picked them up.
- **Small firms & family practices** — solo and small-firm attorneys,
  accountants, financial advisors, architects, healthcare
  practitioners — same safeguards a Fortune-500 firm uses, sized for a
  practice of one to a dozen people.
- **SaaS & digital deliverables** — software vendors, course creators,
  digital-asset stores — delivering installers, license keys, signed
  contracts, course downloads or premium content with the file gated
  and the delivery on the record.

## In practice

- **Electrician sending a confidential quote.** A two-person electrical
  contractor wraps a PDF quote in a one-pickup EchoDrop link with the
  password texted to the client and the expiry matching the quote's
  validity. The client never sees the contractor's Dropbox folder of
  every other live quote.
- **Brand agency end-of-engagement handoff.** Final logos, vector
  sources, brand guidelines, photography library — capped at three
  pickups (client, dev shop, print vendor) with a 30-day expiry
  matching the contract close-out window. Every pickup is logged.
- **Solo immigration attorney sending a case file.** Draft I-130
  packet shared via EchoDrop with the password called over the phone,
  a 7-day window, and a one-pickup limit.
- **Solo bookkeeper sending financials for a refinance.** Single link
  capped at three pickups (client, loan officer, underwriter) with a
  14-day expiry matching the loan window. The client forwards the
  link, not the file.
- **Software vendor delivering a license post-purchase.** Order system
  mints an EchoDrop link to the installer and license key. One-pickup,
  expires in 14 days. Bytes stay in the vendor's CDN.
- **Solo financial planner sharing a personal financial plan.** PDF
  shared with password called on a follow-up call, one-pickup limit,
  five-day expiry. Receipt sits in the client folder as proof of
  delivery.

## Why EchoDrop

- **Tamper-proof receipts** — every successful pickup is signed with
  our Ed25519 key. Hand it to a client or attach to an invoice; they
  verify it themselves at `/verify`.
- **We don't open your files.** For external links we act as the gate,
  not the host. Bytes stay in Drive, Dropbox, OneDrive, or your CDN.
- **Works with what you have.** Wrap the storage you already use. No
  migration required.
- **Free to start.** Self-serve sign-up. No sales call, no procurement
  paperwork, no minimum seat count.

> "Standing access is a liability. A signed, time-boxed capability is
> an asset you can hand to a client and walk away."

    

# EchoDrop for professionals & enterprise

## Audited file handoffs for high-stakes work.

EchoDrop is a capability-based file relay for legal, finance, audit and
enterprise IT teams. Every pickup is gated, logged, and accompanied by
a tamper-proof receipt your counterparty can verify independently —
without giving up custody of the underlying files.

## What you can do with each link

- **Source URL stays hidden.** Recipients only ever see your branded
  pickup page — never the actual Google Drive, SharePoint, Dropbox or
  storage URL behind it.
- **Set an expiry.** Make a link work for an hour, a day, a week, or
  until a specific date. After that, the link stops working — even if
  it's already in the recipient's inbox.
- **Cap the number of pickups.** Limit a link to one pickup, five
  pickups, or any number you choose.
- **Burn after reading.** One-time pickup. The moment the recipient
  opens it, the link burns itself.
- **Add a password.** Optional second factor — something only your
  recipient knows. Wrong-password tries are rate-limited and logged.
- **Revoke at any time.** One click and the link stops working — even
  mid-session, even if the recipient already had it open.

## Send once, track many

Same document, every party — and a separate receipt for each. When the
same closing binder needs to reach your client, opposing counsel,
co-counsel, and the court — or the same workpapers need to land with
the CFO, the audit partner, and the regulator — issue a unique
trackable credential per recipient.

- **1 URL · N codes** — same link, different code per recipient.
- **N URLs · 1 password** — different link, shared password.
- **N URLs · no password** — different link, no extra step.

## Not a link shortener

Most file links just forward. Ours check who's asking.

| A link shortener | EchoDrop |
| --- | --- |
| Anyone who gets the link can open the file. | Each link is locked behind a code, password, an expiry date, and a limit on how many times it can be opened. |
| The link is the password. Forward it, and you've forwarded the file. | What you keep on file is a signed receipt of who actually picked it up — not the link itself. |
| Tracks clicks for marketing reports. | Records every pickup — when, roughly where, whether the password was right — so you can show an auditor exactly what happened. |
| No way to prove the right person actually got it. | Every pickup comes with a tamper-proof receipt. Your client, an auditor, or opposing counsel can check it themselves at `/verify`. |
| If the link leaks, the file is leaked. Forever. | If something goes wrong, click "revoke." |

## Who it's for — built for teams who answer to someone

- **Legal & outside counsel** — privileged document handoffs to
  clients, opposing counsel, experts and e-discovery vendors. Every
  pickup produces a signed receipt you can attach to the matter file.
- **Finance, M&A, deal teams** — time-boxed access to data-room
  exports, term sheets and board materials. Codes can be revoked the
  moment a process closes.
- **Audit, risk & compliance** — demonstrable chain-of-custody for
  evidence sent to external auditors and regulators.
- **Enterprise IT & platform teams** — a drop-in relay you can host,
  brand and gate by organisation. Per-org overlays cover limits,
  retention, allowed hosts and feature flags without code changes.

## In practice

- **Legal — privileged memo to opposing counsel.** Associate wraps a
  settlement memo in an EchoDrop link with a one-pickup limit, a
  12-hour expiry, and a password read out over the phone. After the
  named partner picks it up, the link is dead. The signed receipt
  drops into the matter file as proof of service.
- **M&A — one document outside the formal data room.** Deal lead drops
  the file into an EchoDrop link gated to one pickup, a 24-hour
  window, and a password sent over a separate channel. When the
  process closes, every outstanding link can be revoked from one
  screen.
- **Audit — folder export to the regulator.** Compliance team sends a
  4 GB evidence bundle gated to the regulator's inbound IP range with
  a 7-day expiry. The receipt is independently verifiable; the
  regulator can't claim they never got it.
- **Accounting — quarterly statements to clients.** Each statement
  goes out as a burn-after-reading link, gated by a one-time
  passphrase texted separately. Per-client receipts confirm pickup;
  reminders go to clients still unopened after two days.
- **Enterprise IT — pen-test report to an outside vendor.** IT wraps
  the existing SharePoint URL in an EchoDrop link restricted to the
  vendor's office IP range, password-gated, 7-day expiry. The vendor
  never sees the underlying SharePoint URL. End of engagement, IT
  revokes in one click — no orphan contractor account left behind.

## Why EchoDrop — capability tokens, not standing access

Most file-sharing tools either copy your data into their cloud, or
grant broad standing access via shared folders and email links.
EchoDrop does neither. Each share is a narrow, expiring capability —
bounded by code, password, download cap, host allow-list, and TTL —
that you can revoke from your dashboard at any moment.