letterhub.io – The secure way to send what email never should.

Secure, compliant document exchange you can trust.

Sending confidential documents by email often raises legitimate concerns — uncertainty about security, loss of control once a file is sent, and the constant risk of non-compliance. letterhub.io eliminates these issues by encrypting every document before it leaves your device and ensuring that only the intended recipient can access it. You gain a clear, verifiable transfer process that protects your information end-to-end. For professionals who rely on secure, accountable communication, it delivers the assurance and control that traditional email cannot.

Our Mission: Security With Integrity

Our mission is to make confidential communication safe, simple, and fair for everyone. We built this platform because sensitive information deserves better than insecure email or overpriced, complicated enterprise tools. We believe in privacy as a right, transparency as a principle, and technology that serves people — not the other way around. By combining strong encryption with honest, user-first design, we empower professionals to work securely without sacrificing trust, accessibility, or ethics. We’re here to be the good ones: reliable, responsible, and committed to doing security right.

Zero-Knowledge Encryption

All documents are encrypted in the browser before transmission, ensuring only the intended recipient can decrypt them — not servers, providers, or third parties.

Secure Document Exchange

Send and receive confidential files through a protected portal instead of email. Both sides are involved securely without installing software or managing certificates.

Verified Delivery & Audit Trail

Every transmission includes time-stamped delivery confirmation, access logs, and expiry controls to support compliance and professional accountability.

Strong Access Control

Magic links, recipient authorization, and time-limited tokens ensure that only verified recipients can view or download sensitive documents.

Automated Expiry & Data Cleanup

Documents automatically expire and are securely removed after the defined retention period, reducing data-handling risks and simplifying compliance.

Designed for Regulated Environments

Built to align with GDPR, HIPAA, and ISO 27001 principles, the platform ensures secure workflows for healthcare, finance, legal, public sector, and other regulated fields.

How The App Works

The app creates a secure, end-to-end encrypted channel between sender and recipient. The sender uploads a document, which is immediately encrypted in their browser using the recipient’s public key, ensuring the server never sees the contents. The recipient receives a secure access link, authenticates, and decrypts the file locally with their private key—meaning only they can read it. All transfers include access control, expiry, and audit logging, making confidential communication effortless, compliant, and fully protected.

Maximum Security Without User Friction

By encrypting everything directly in the browser, the system delivers true end-to-end protection without requiring users to install apps, manage certificates, or learn new workflows. It’s as easy as email—just vastly safer.

Fully Compliant by Design

The platform naturally aligns with strict requirements such as GDPR, HIPAA, and national telematics laws because sensitive data never leaves the device unencrypted. This eliminates many typical compliance risks found in email, cloud sharing, or legacy fax systems.

No Infrastructure, No Complexity

Organizations don’t need servers, VPNs, certificates, or IT projects. The portal handles encryption, access control, expiry, and clean-up automatically, making it ideal for clinics, practices, and small institutions with limited technical resources.

A Reliable Workflow for Real-World Professionals

The approach focuses on what professionals actually need: fast, secure document transfer that works for both sender and recipient. No vendor lock-in, no complicated setup—just a dependable, private communication channel that fits into daily routines.

Some Tech Specs

1. Client-Side, Zero-Knowledge Encryption Architecture

All encryption and decryption occur exclusively in the user’s browser using OpenPGP.js, ensuring the server only ever receives ciphertext. Private keys and passphrases never leave the device, are never transmitted, and never stored. This enforces a true zero-knowledge model where even a compromised server cannot reveal message contents.

2. Hybrid Cryptosystem With Strict Key Separation

The platform uses a combination of asymmetric RSA key pairs (browser-generated and user-owned) and symmetric session keys generated per message. Files are encrypted with a random symmetric key, while the symmetric key is protected with the recipient’s public RSA key. This minimizes attack surface, reduces key exposure, and enables efficient encryption of large PDF files.

3. Tokenized, Time-Restricted Access Workflow

Instead of passwords or session identifiers stored on the server, the system uses single-purpose, time-limited magic links for upload, download, and key-setup flows. Every token encodes a strictly scoped action (e.g., upload only, download only), limiting privilege escalation and preventing brute-force or replay attacks. Expiration is enforced both client-side and server-side.

4. Automated Data Minimization and Secure Lifecycle Controls

The backend is designed with privacy-by-default, storing only what is required for document delivery. Files have a hard-coded 14-day expiration, after which a cleanup routine securely deletes encrypted blobs and notifies the sender. No logs contain sensitive content. Metadata is minimized, stored separately, and protected under TLS with strict server-side validation.

Fair, Transparent Pricing — Because Security Shouldn’t Be a Luxury

We believe secure communication should be accessible to everyone, not hidden behind enterprise paywalls or complicated licensing. That’s why our pricing is simple, honest, and designed to support real professionals doing important work. No lock-ins, no surprises, no upselling traps — just a fair model that lets you choose exactly what you need while knowing you’re partnering with a provider who puts privacy, integrity, and trust first.

Get into touch!