CloakShare
May 10, 2026
How to Send a PDF That Expires (Auto-Revoke After X Days)
You're about to send a confidential document — a pitch deck, a contract draft, a financial model, a legal brief — and you want the recipient to be able to read it for a few days, then have it stop working. Maybe because the deal closes (and you don't want the deck circulating afterward). Maybe because the financials get stale. Maybe because the recipient was supposed to either accept or pass within a window.
PDFs do not expire by default. Once a recipient has the file, they have it forever. This guide covers four practical approaches to making a PDF effectively expire — from free hacks to purpose-built tools — with the trade-offs of each.
Method 1: A Password That Stops Working (Free, Imperfect)
The cheapest approach: password-protect the PDF, then change the password on a date you choose. The recipient can open the file with the original password, but if they save it and try to re-open after the password rotation, they're locked out — unless they cached the file unprotected, which most viewers do.
How: Adobe Acrobat → Tools → Protect → Encrypt with Password. Set the password and send. On the expiration date, you do nothing on your end (the password stays set on their copy). Effective only against recipients who didn't save an unprotected copy while the password was active.
Reality check: any halfway-determined recipient can save an unprotected version while the document is open. This method is a deterrent, not a control.
Method 2: Adobe Acrobat DRM with Expiration Date
Adobe Acrobat Pro has a feature called "Restrict Editing" with expiration enforcement, and Adobe LiveCycle Rights Management (now part of Adobe Experience Manager) has full DRM with server-enforced expiration. The DRM-tier products check a remote server every time the document is opened; if the document is expired, the viewer refuses to render content.
How: Adobe LiveCycle / AEM Rights Management is enterprise-only and typically priced in the thousands per month. Adobe Acrobat Pro's "Restrict Editing" expiration is weaker — relies on the recipient using Adobe Reader (other PDF viewers can ignore the expiration metadata).
Reality check: the enterprise DRM works as advertised but the price tag is meaningful. Adobe Reader can be bypassed with non-Adobe viewers (Foxit, Preview, Chrome's built-in PDF viewer) for the consumer-tier expiration. Practical only when you can require recipients to use a specific viewer — typically only enterprise contexts.
Method 3: Google Drive / OneDrive Expiring Share Links
Google Drive (Google Workspace plans) and Microsoft OneDrive both let you set expiration dates on share links. After the expiration date, the link returns "Access denied" — the underlying file isn't deleted, just inaccessible to the link.
How: Upload the PDF to Drive or OneDrive. Right-click → Share → "Anyone with the link can view" → set expiration. Send the link instead of the file itself.
Reality check: works well for low-stakes documents where you control which recipients click which links. Two limitations: (1) anyone with the link can download the PDF before expiration, defeating the purpose; (2) Google Drive's "make a copy" option is available unless you specifically restrict download/copy/print, and many users don't notice the option to disable it. For documents that actually need to expire — not just disappear from a link — this isn't sufficient.
Method 4: API-First Auto-Revoke (CloakShare and Similar)
The reliable approach for documents that need to actually expire: use a tool that renders the PDF in a browser-based viewer (instead of letting recipients download the file), tracks access at the link level, and revokes the link on a schedule.
How CloakShare does it: upload the PDF; the viewer renders pages as canvas images on demand (recipients never receive the underlying PDF file); set link expiration to a date or a view count; on expiration, the link's viewer endpoint returns 410 Gone. Recipients see "This document is no longer available." There is no PDF file on their machine to fall back to.
What this catches that the other methods don't:
- Recipients can't download a copy that survives expiration (the file is never delivered).
- Forward-the-link doesn't extend the document's life — the link is the access control.
- You can revoke a link instantly if a deal falls through, regardless of the original expiration date.
- Watermarks (the recipient's email + session ID) are baked into every page rendered, so even screenshots are traceable.
Reality check: this method has the strongest practical expiration semantics available short of full enterprise DRM. The trade-off: recipients view the document in a browser instead of downloading it, which some recipients find unfamiliar. For B2B recipients (investors, customers, internal stakeholders) this is rarely an issue; for consumer recipients more accustomed to email attachments, expect a small fraction of pushback.
Pricing: CloakShare's free tier covers 50 links/month with expiration support. Paid plans start at $29/month and remove the link cap. Other tools in this category (DocSend, Papermark, Brieflink) offer similar capabilities at varying price points; the $45-$65/user/month tier is common for the GUI-first tools.
Which Method Should You Use?
| Use Case | Method |
|---|---|
| Low-stakes document, internal team, just want a soft deterrent | Password rotation (Method 1) |
| Enterprise context where you can require Adobe Reader or AEM DRM | Adobe DRM (Method 2) |
| Casual sharing on Google Workspace, low confidentiality | Google Drive expiring links (Method 3) |
| Pitch decks, contracts, financials, legal documents — anything that genuinely needs to expire | API-first auto-revoke (Method 4) |
| High-stakes IP, regulatory documents, legal briefs with strict access logs | Method 4 + watermarking + view tracking |
Common Mistakes to Avoid
- Sending the file as an email attachment, then "expiring" it — once the file is sent, it's permanent. Send a link to a viewer instead.
- Using "self-destructing" services that delete the file from a server — the recipient already downloaded it. The "self-destruct" is theater.
- Setting an expiration date but allowing downloads — same problem. Block download for any document that needs to actually expire.
- Forgetting to revoke when a deal closes — most expirations are date-based, but the right time to revoke is "as soon as the recipient no longer needs access," which is often before the original expiration date.
Try CloakShare's Free Tier
If you want to see what API-first auto-revoke looks like in practice, CloakShare's free tier covers 50 expiring links per month with full per-page tracking, watermarking, and instant revocation. Upload a PDF, set the expiration, send the link. When the date hits (or you click revoke), the link returns 410 Gone and the recipient sees a clear "no longer available" page.