data.day
security / access-control / audit-trail / governance

“Anyone With the URL” Is Not Access Control

Sending a public share link is not collaboration; it is negligence. Without an audit trail, you cannot prove who viewed your IP, rendering your NDA worthless.

Elena Dossier Elena Dossier

Convenience Is a Governance Failure

You believe that friction is the enemy of the deal. You want the investor to see the data immediately, so you generate a link, set the permissions to “Public,” and hit send. You have just prioritized convenience over chain of custody.

When I audit a data room and see a file history that reads “Anonymous User,” I do not interpret this as an open culture. I interpret it as a compromised asset. If you cannot tell me exactly who looked at your cap table at 2:00 AM, you do not control your cap table.

The Red Flag: The Phantom Viewer

Access control is binary. You either know who is in the room, or you do not.

The “Anyone with the link” setting is a relic of casual collaboration, not transactional diligence. Here is the scenario I see constantly:

  1. Founder sends an open link to Partner A at a VC firm.
  2. Partner A forwards the email to an Associate.
  3. The Associate forwards it to an external industry expert for a “quick look.”
  4. The industry expert is an advisor to your direct competitor.

You have no record of this chain. You have no audit trail to enforce your NDA. The leak is invisible, and therefore, incurable.

When I see a lack of specific, identity-based permissions, I assume the worst about your internal controls. I assume that your employee offboarding is sloppy. I assume your customer data is accessible to interns. It signals that you treat security as an afterthought, not a discipline.

The Protocol: The “Zero Trust” Share

We do not use “share links.” We use Invites. The difference is legal and functional. An invite is tied to an identity; a link is a loose key dropped on the sidewalk.

Phase 1: The Whitelist You must manually whitelist every email address that enters the room. If an Associate needs access, the Partner must request it. This introduces friction. This is good friction. It forces the counterparty to declare their team.

Phase 2: The Audit Log Your Data Room must log three vectors:

  • Identity: Who (email address).
  • Action: Viewed, Downloaded, or Printed.
  • Time: Duration of session.

If an investor spends 45 minutes on your “Litigation History” folder, the audit log tells you exactly what they are worried about. If you use a public link, you are flying blind.

Phase 3: The Expiration Access is leased, not owned. Set expirations on all permissions. If the deal stalls, access revokes automatically. Do not rely on your memory to close the door three months from now.

[TO EDITOR: Guidance for illustration. Create a ‘Permission Hierarchy’ pyramid. Base: ‘Public Link’ (Red, Unsafe). Middle: ‘Password Protected’ (Yellow, Weak). Top: ‘Identity Authenticated’ (Green, Diligence Ready).]

The “Watermark” Defense

For highly sensitive documents—financials, IP, strategy—identity access is not enough. We enable dynamic watermarking.

This stamps the viewer’s email address and the current date across the document center. It is aggressive. It is also effective. It reminds the viewer that if a screenshot of this page leaks, we will know exactly whose screen it came from.

Do not apologize for security. Serious capital respects serious governance. If they want the data, they will log in.

FAQs

Why is an open link bad if I only send it to one person?

Because that person can forward it to ten people. You have delegated your security to their discretion.

Does password protection fix the issue?

Barely. Passwords get shared. Identity-based authentication (email verification) is the minimum standard for diligence.

Investors complain when they have to log in. Should I lower the barrier?

No. Serious investors expect security. If they complain about logging in, they are lazy. If you remove the login, you are reckless.