The Problem With How Agencies Share Documents
Agencies and consultants live on documentation. Strategy decks, audit reports, architecture diagrams, onboarding guides, project retrospectives. These documents contain client data, competitive analysis, infrastructure details, and internal processes.
And yet the standard sharing method is still email attachments, Google Drive links, or Notion pages shared with "anyone with the link." Every one of these approaches has the same fundamental flaw: there is no access control, no expiration, and no audit trail.
A strategy deck sent as a PDF in January is still sitting in someone's Gmail in December. A Google Drive link shared with "view" access can be forwarded to anyone. A Notion page URL works for anyone who guesses or receives it. None of these methods give you control over who reads your work after you deliver it.
For EU-based agencies handling client data, this is not just sloppy — it is a potential GDPR liability.
Why Google Drive and Email Aren't Enough
The GDPR does not say "use encrypted email." It says you must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Article 32). When your documentation contains personal data — client names, employee details, financial figures, IP addresses from server logs — the "risk" is not trivial.
Consider what happens with a typical audit report shared via Google Drive:
No access revocation. Once a link is shared, you can technically revoke access, but you have no guarantee the recipient hasn't downloaded or forwarded the file. There is no mechanism to expire access after a project ends.
No field-level encryption. Google Drive encrypts files at rest and in transit, which is good. But if someone gains access to the file — through a compromised account, a shared password, or a forwarded link — they see everything. There is no way to encrypt specific fields within a document so that even someone with file access cannot read sensitive data.
No audit trail. You cannot prove who accessed a document, when, or how many times. If a client asks "who has seen our infrastructure audit?" you have no answer.
Data residency uncertainty. Google Drive processes data globally. While Google offers EU data regions, the default behaviour does not guarantee that a document shared with a client in Munich stays on EU servers.
These are not theoretical problems. They are the exact scenarios that GDPR supervisory authorities investigate when a data breach occurs.
What a Secure Documentation Portal Actually Needs
We spent six months thinking about this problem while building Flowshare, our client documentation portal. The requirements fell into three categories: access control, encryption, and experience.
Access Control: Magic Links with Expiration
Flowshare uses magic links — unique, single-purpose URLs that grant access to a specific documentation project. No client login required. No passwords to manage. No account creation friction.
Each magic link has an optional expiration date. When a project ends, the link stops working. The client can still request re-access, but the default is closed. This alone solves the "link sitting in someone's inbox forever" problem.
You can also regenerate a link at any time, which invalidates the previous one. If a consultant leaves your team and had access to a project, regenerate the link and the old one is dead.
Encryption: CipherSweet Field-Level Protection
This is the part that most documentation tools ignore. Flowshare uses CipherSweet — a library by Paragon Initiative Enterprises that provides field-level encryption for application data stored in PostgreSQL.
Why field-level encryption instead of just full-disk or column-level encryption? Because it gives you per-field control. A project title can be searchable and visible in the admin UI. A client's full name, financial data, or server infrastructure details can be encrypted at the field level, so that even a database administrator with direct PostgreSQL access cannot read them.
CipherSweet works by encrypting specific model attributes before they hit the database. The encryption keys are separate from the database credentials. If an attacker gains read access to your database — through a SQL injection, a compromised backup, or a rogue employee — they see ciphertext, not plaintext.
We integrated CipherSweet into Flowshare because agencies regularly store information that falls under GDPR special categories or involves legitimate business interests that clients want protected. A server architecture diagram showing internal IP ranges and service configurations is not "personal data" in the strict GDPR sense, but it is sensitive business information that clients expect to be protected.
Experience: Interactive Docs, Not Static PDFs
Security without usability is security that nobody uses. The reason agencies fall back to Google Drive is not because they don't care about security — it is because the secure alternatives are painful.
Flowshare supports three content types that cover the vast majority of agency documentation needs:
Mermaid diagrams. Flowcharts, sequence diagrams, architecture diagrams, Gantt charts — all rendered from plain-text Mermaid syntax. This is the format most agencies already use in Notion and GitHub. Flowshare renders them as interactive SVGs that clients can view without any special software.
Markdown. The lingua franca of technical documentation. Headings, code blocks, tables, inline code, task lists. Everything you need for audit reports, technical specifications, and project summaries.
HTML blocks. For rich layouts that Markdown cannot handle — styled callout boxes, embedded iframes, custom components. Most Flowshare users stick to Markdown and Mermaid, but HTML blocks are there when you need them.
Version history tracks every change. Clients can leave comments and emoji reactions on specific sections. And the entire portal is white-label — your logo, your colours, your domain.
Hosting and Data Residency
Flowshare runs on the Fimula Platform. There are two deployment options:
Fimula Lite is a shared-hosting tier. Your data lives in a PostgreSQL database on Hetzner infrastructure in Germany, alongside other Flowshare tenants. Row-level security (RLS) policies ensure your data is isolated at the database level — one tenant's query cannot touch another's rows. This is the right choice for agencies with fewer than 50 active documentation projects.
Fimula Core gives you a dedicated PostgreSQL instance and dedicated S3-compatible storage. Your data is completely isolated at the infrastructure level, not just the application level. This is the right choice if your clients require contractual data isolation, or if you are handling documentation that contains regulated data (financial services, healthcare, government).
In both cases, data stays in the EU. The PostgreSQL instance and S3 storage are in Hetzner data centres in Germany. No data crosses the Atlantic. No US cloud provider involvement. This is not a configuration option you need to find and enable — it is the default.
Self-hosting is also available. If your agency has existing infrastructure or regulatory requirements that prohibit shared hosting, you can deploy Flowshare on your own servers with your own PostgreSQL and S3-compatible storage. We maintain the application code — you control the infrastructure.
The Practical Difference
Here is what changes when an agency switches from Google Drive to Flowshare:
Before: a strategy consultant sends a 40-page PDF audit report to a client. The PDF sits in the client's downloads folder and email archive indefinitely. The consultant has no idea if the client actually read it, and no way to revoke access if the engagement ends badly.
After: the consultant creates a Flowshare project with the audit report as a structured Markdown document with embedded Mermaid diagrams. The client receives a magic link that expires in 90 days. The consultant can see when the client last accessed the project and which sections generated comments. When the engagement ends, the link expires and access is closed.
The content is the same. The delivery mechanism is fundamentally different.
What This Means for GDPR Compliance
Flowshare does not make you GDPR-compliant — no tool can. But it gives you the technical measures that Article 32 requires:
Encryption of personal data — CipherSweet field-level encryption protects sensitive fields at rest. TLS protects data in transit.
Ability to ensure ongoing confidentiality — Magic link expiration and regeneration give you control over access after delivery.
Data residency within the EU — All data is stored on Hetzner infrastructure in Germany. No third-country transfers unless you explicitly configure them.
Audit capability — Version history and access logging provide a record of who accessed what and when.
If you are an EU-based agency sharing documentation that contains any form of personal data — even something as simple as employee names in an organisational chart — these are the measures you should already have in place. Flowshare provides them as defaults, not as add-ons.
Read more about our approach to GDPR-native architecture in GDPR-Native vs GDPR-Compliant: Why the Difference Matters.
Building for the Fimula Platform
Flowshare is a Fimula Lite product — it runs on shared infrastructure with row-level security isolation. This keeps the price accessible for small agencies and solo consultants while still providing field-level encryption through CipherSweet.
The Fimula Platform handles tenant management, authentication, and billing. Flowshare focuses on what it does well: interactive documentation, magic link sharing, and client collaboration. This separation means we can ship features faster without maintaining a bespoke infrastructure layer for each product.
If you want to see Flowshare in action, visit flowshare. The free tier includes three projects and 100MB of storage — enough to evaluate whether the magic link workflow fits your agency's process.