Security

Secure File Sharing on Mac: A Practical Guide for Freelancers and Small Teams

Security advice for file sharing is either Apple docs or enterprise whitepapers. This guide is for freelancers and small teams on Mac.

Security guides for file sharing usually go one of two ways: Apple’s documentation about FileVault disk encryption (useful but not about sharing), or enterprise whitepapers about zero-trust architecture and FIDO2 keys (useful if you’re a CISO, not if you’re a freelance designer).

This guide is for the middle: freelancers, solo developers, small agencies, and anyone who handles client files on a Mac and wants to share them responsibly — without a six-figure security budget.

The threat model for normal people

Before locking everything down, consider what you’re actually protecting against:

  1. Someone intercepting the link — A share link emailed in plain text could be forwarded, leaked, or found in a compromised inbox.
  2. The link living forever — A file you shared three months ago is still downloadable. The project is over, but the files are still out there.
  3. The wrong person downloading — You sent a link to one client, but anyone with the URL can access it.
  4. The file-sharing service reading your files — Most services (including WeTransfer) can technically access your files. They encrypt in transit and at rest, but they hold the keys.

Most freelancers face risks 1-3 regularly. Risk 4 matters if you handle genuinely sensitive content (legal documents, medical records, financial data).

Email attachments are the least secure way to share files. Once a file is attached to an email, you lose all control. It lives in the recipient’s inbox, their email provider’s servers, their backups, their IT department’s archive. It can be forwarded to anyone.

Link-based sharing is better because:

  • You can set an expiry date. The link stops working after a week, a month, or whenever you choose.
  • You can revoke access. If a project falls through, you can disable the link.
  • You can see who downloaded. Activity tracking tells you when and how often the file was accessed.

Any link-based tool (Swooshare, Dropbox, Google Drive, SwissTransfer) is an upgrade over email attachments. Pick the one that fits your workflow.

Layer 2: Add a password

A bare link is like an unlocked door — anyone who finds the URL can walk in. Adding a password means only someone who knows both the URL and the password can access the files.

Most file-sharing tools support password-protected links: Swooshare (all plans), Dropbox (Professional plan), Google Drive (through workarounds), WeTransfer (paid plans).

The crucial rule: Don’t send the password in the same message as the link. If someone’s email gets compromised, the attacker gets both. Send the link by email and the password by text message (or vice versa). Two channels, two pieces of information.

Layer 3: Set an expiry

Every shared file should have an expiry date. Not because the file is dangerous, but because:

  • Old links get discovered. If a URL ends up in a Slack channel log, a Notion page, or a support ticket, someone might click it months later.
  • Projects end. The files you shared during the pitch phase shouldn’t be accessible a year later.
  • Storage costs money. Even if links work forever, the files consume storage on whatever service you’re using.

Set the shortest expiry that’s practical. For most client deliverables, 7-30 days is enough. If the client needs it longer, they should download it and store it on their end.

Layer 4: End-to-end encryption (when it matters)

Standard encryption (TLS in transit, AES-256 at rest) means the file-sharing service handles the encryption keys. They could theoretically access your files — and a court order or data breach could expose them.

End-to-end encryption (E2E) means only you and the recipient can decrypt the files. The service never sees the contents. Tools that offer this:

  • Proton Drive — E2E encrypted storage and sharing. Based in Switzerland.
  • Wormhole (wormhole.app) — E2E encrypted transfers, links self-destruct after download.
  • Tresorit — E2E encrypted file sharing for businesses. Expensive but thorough.
  • Encrypto (free Mac app by MacPaw) — Encrypts individual files before you share them through any service.

When you need E2E: Legal contracts, financial records, medical data, anything covered by GDPR or HIPAA, anything your client explicitly asks to be encrypted.

When standard encryption is fine: Design mockups, project proposals, marketing materials, photos, most everyday files.

Layer 5: Mac-specific security features

Your Mac has built-in security that protects files before you share them:

FileVault: Encrypts your entire disk. If your MacBook is stolen, your files are unreadable without your password. Turn this on (System Settings > Privacy & Security > FileVault). This doesn’t protect files after sharing, but it protects your working copies.

Keychain: Store share link passwords in Keychain instead of in a note or a spreadsheet. Keychain syncs across your Apple devices and is encrypted with your device passcode.

Preview redaction: If you need to share a PDF but redact sensitive parts, use Preview’s redaction tool (Tools > Redact) — not a black rectangle drawn over the text, which can be removed.

A practical checklist

For everyday file sharing (client deliverables, project files):

  • Share via link, not email attachment
  • Set an expiry date (7-30 days)
  • Add a password for sensitive files
  • Send link and password through different channels
  • Check download analytics if available
  • Delete or expire old shares when projects end

For sensitive files (legal, financial, medical):

  • Everything above, plus:
  • Use an E2E encrypted service (Proton Drive, Tresorit, Wormhole)
  • Or encrypt the file locally first (Encrypto, GPG) before uploading
  • Verify the recipient’s identity before sending
  • Use the shortest possible expiry

What this looks like in practice

A freelance designer finishing a branding project (for a complete delivery workflow, see our freelancer’s guide to sending client deliverables):

  1. Export the final files from Figma/Illustrator.
  2. Share via a link-based tool (Swooshare, Dropbox, etc.) with a 14-day expiry.
  3. Add a password, text it to the client separately.
  4. The client downloads, confirms receipt.
  5. After the project wraps, let the link expire or revoke it.

Total extra time: about 30 seconds. The difference between this and emailing a ZIP file is that you maintain control of the files after sending them — and you look more professional doing it.

If you’re a designer specifically, our designer’s file delivery playbook covers the full process from review to final handoff with security built in.

security file sharing mac freelancer encryption privacy

Use Swooshare for free

Share files from your Mac in seconds. No account required.

Download for Mac