Open limit, allowed emails, expiry, and view mode are all chosen on the settings panel before you copy the link.
PDF Access Control
Set before you share
One link covers every rule
Still manageable after sharing
Control who opens your PDF.
MaiPDF lets you attach access rules to any shared PDF before it goes out — cap reads, verify recipients by email, set an expiry date, or restrict printing and download.
Rules are set on the same page where you upload. After sharing, the same link stays in Control Center: you can inspect records, change limits, or replace the file without re-sharing.
Open limit
Email verification
Expiry date
View mode
You send one URL or QR; every rule you set applies to it. No separate links per recipient unless you use email verification.
Use the reading code in Control Center to change rules, extend expiry, swap the file, or review access records — even after the PDF is already circulating.
Limit opens
Verify by email
Expire access
Reader sees a web page
The PDF opens in the browser in the mode you chose. They don't receive a raw file unless you allow download.
Records stay with the share
Access history, open count, and options to replace the file stay tied to that share so you can act on them later.
Workflow
How access control works.
One settings panel, one link — the rules enforce themselves from the first open onwards.
1
Upload PDF
Start with the file you want to control. The settings panel appears on the same create-link page.
2
Set access rules
Choose open limit, allowed emails, expiry date, and view mode. Combine as many as you need.
3
Send link or QR
Copy the hosted share URL or QR code. Both routes apply the same rules and feed the same access records.
4
Check records
Use the reading code in Control Center to see open history, change rules, or replace the file at any time.
Rules apply from the first open — no manual intervention needed.
Change limits anytime in Control Center without re-sharing.
Replace the file and the link stays the same.
Controls
Four controls that matter.
Each is set in the same panel. Combine them freely — e.g. open limit + expiry + no-download for a confidential draft.
Open limit
Set a number (e.g. 1, 3, 10). After that many opens, the link no longer shows the PDF. Useful for one-time or limited distribution — the cap is silent to the reader until they hit it.
Email verification
Add allowed email addresses; only those readers can open. Others are asked to enter an approved email or are blocked. Good for proposals, internal docs, or anything restricted to a named list.
Expiration date
Pick a date and time; after that the link stops working automatically. Handy for offers, tenders, time-sensitive material, or any document with a natural deadline.
View mode
FenceView or no-print / no-download options let readers view in the browser but make it harder to save or print a clean copy. Suits confidential drafts or content you don't want redistributed.
Scenario Guide
Which control fits your situation?
Match your scenario to the recommended rule — then combine if needed.
| Scenario | Recommended rule | Why |
|---|---|---|
| One specific recipient should open it once | Open limit 1 + email verification | Limit prevents forwarded-link opens; verification confirms identity. |
| A team of 5 needs internal access | Email verification with 5 allowed addresses | Anyone outside the list is stopped, regardless of whether they have the link. |
| Time-sensitive offer or tender deadline | Expiration date set to the deadline | The link stops automatically — no manual revocation needed. |
| Confidential draft, no printing or saving | FenceView or no-print / no-download | Reader can view in the browser but cannot easily extract a clean copy. |
| Broad distribution, but track every open | High cap + Telegram read alert | Leave access open and add a Telegram ping so you know each time it is opened. |
| Update the file without changing the link | Control Center → replace file | Same link and QR serve the updated file immediately; no re-sharing needed. |
Open Limit
Cap the number of reads — useful when the link will travel.
Open limit is the simplest layer: set a number, and the share silently stops after that many reads. It protects you even if the link gets forwarded.
What counts as an "open"
Every time the share URL loads the PDF in a reader's browser counts as one open. Reloading the same tab inside the session usually counts once — the limit is focused on new reader sessions, not every scroll.
Typical numbers
- 1: handover to a single named recipient.
- 3–5: a small group, or one recipient with a few devices.
- 10–50: a pitch deck, a class handout, a meeting deck.
- 100+: marketing sheets you still want to put a ceiling on.
What the reader sees
Up to the cap, the share opens normally — no counter, no warning. After the cap, the URL shows an "access closed" page instead of the PDF. They cannot force it open by refreshing or changing browsers.
Change it anytime
The open limit is one of the rules you can edit from Control Center using your reading code. Raise it, lower it, or reset the counter — the share URL stays the same, so recipients do not need a new link.
Silent until the cap is hit — no banners or counters for the reader.
Works with email verification, expiry, and read alerts simultaneously.
Reset or raise from Control Center without re-sharing.
Email Verification
Verify who the reader is before the PDF loads.
Email verification turns a public link into a named-recipient gate. The reader must enter an email you approved before the document renders.
Individual email allowlist
Type specific addresses, one per line. Only those readers can open the PDF. Typos, personal addresses, or outsiders are blocked and the document never loads.
Domain-wide allowlist
Allow a whole domain (e.g. @company.com) when you don't have a full roster. Useful for internal docs at a known organisation, without maintaining a list of names.
Works with the same link
You still share one URL. Each reader enters their own email at the gate; MaiPDF checks it against your list and records who opened the file.
Access records stay named
Because every opener identifies themselves, access records show which email opened the share and when — much more actionable than anonymous IP logs.
Need a deeper walkthrough, setup screenshots, and more use cases? See the dedicated Email Verification guide.
Time & Viewer Controls
Expiry date and view-mode restrictions.
Two additional gates on the same panel. Each has its own guide for deeper setup and recipes.
The link stops working on your schedule
- Set a calendar date, open-session lifespan, or open-count based expiry.
- No manual revocation needed — the rule fires on its own.
- Ideal for offers, tenders, drafts, and anything with a deadline.
- Layer with open limit to auto-retire busy shares.
View-only in the browser, no clean save
- FenceView hampers screen capture with masked overlays.
- No-download and no-print hide save and print affordances.
- Readers see the document, but can't easily extract a clean copy.
- Layer with watermarking so leaked screenshots still trace back.
Control Center
After sharing: inspect, adjust, replace.
Every share has a reading code. Enter it in Control Center and you can manage the share's rules, records, and file — without re-sharing.
A
Change rules
Raise the open limit, extend or shorten expiry, update the allowed email list, or switch view mode. Changes take effect immediately on the same link.
B
Replace the file
Upload a new version of the PDF. The share URL and QR stay the same, so recipients always see your latest draft.
C
Inspect access records
See who opened the PDF, when, from where, and how many times. With email verification on, records are tied to named addresses.
D
Close the share
Revoke access entirely by setting the open limit to the current count, choosing an immediate expiry, or deleting the share from your records.
Recipes
Layered setups for real scenarios.
Access control rules are most powerful in combination. These recipes cover common real-world needs — mix and match for your workflow.
Investor pitch deck
- Email verification with each investor's address.
- Expiry set to the fundraising round close.
- FenceView + watermark to deter screenshot forwarding.
- Telegram alert so you know each time someone opens it.
Legal draft for review
- Open limit low (e.g. 3) per reviewer.
- Email verification for named counsel only.
- No-print, no-download to keep drafts off printers.
- Replace file from Control Center for each revision.
Time-limited offer or tender
- Expiry date set to the tender deadline.
- Email verification for bidder domains.
- Read alerts to confirm each party received it.
- Download allowed — the file is meant to be worked on.
Internal HR announcement
- Domain verification on the company email domain.
- Open limit high (employees × 2) to allow retries.
- No-download to keep the official copy central.
- Records to audit who has opened the notice.
Classroom handout
- Domain verification on the school email domain.
- Expiry end of the semester.
- Download allowed for offline study.
- Replace file to push corrections mid-term.
Marketing whitepaper
- No email gate — keep the funnel friction low.
- Open limit high, as a safety ceiling.
- Telegram alerts for reads (lead signal).
- Watermark the reader's IP or session to deter leaks.
Reader Experience
What people see on the other side.
Understanding the reader flow helps you pick rules that protect the document without frustrating the audience.
1
Click link or scan QR
The reader lands on the share URL. No account, no app install — everything runs in a browser.
2
Verification gate
If email verification is on, a lightweight email input appears. Approved readers go through; others are blocked.
3
Viewer opens
The PDF renders inside the MaiPDF viewer. View-only, no-download, or FenceView rules shape what controls they see.
4
Record logged
The open is recorded against the share so you can inspect it later in Control Center — and on Telegram in real time, if enabled.
Readers only notice gates you explicitly enable — silent rules stay invisible.
When a rule fires (cap, expiry, domain mismatch), they see a clear "access closed" page.
No account creation is ever required on the reader side.
In Practice
Access and records stay connected.
After sharing, Control Center still shows open count, access records, and options to replace the file or change rules.
Only approved recipients can open
- Add individual addresses or a full domain to the allowed list.
- No need to send separate links per person — one link, one rule.
- Works alongside open limits and expiry for layered protection.
View-only, no print or download
- Reader can view the full content; saving a clean copy is much harder.
- FenceView adds screen-capture deterrence on top of no-print / no-download.
- Good for drafts, confidential reports, and any IP-sensitive material.
History stays attached after the share is out
- Full open history: who opened, when, and from which device.
- Current open count vs. the limit you set.
- Raise or reset the limit, extend expiry, or update the email list.
- Replace the PDF file — the link and QR stay the same.
Records stay attached after sharing.
Change rules without re-sharing.
Replace the file; link stays the same.
FAQ
Common questions before you set rules.
Quick answers to what comes up most often when people configure their first controlled share.
What happens when the open limit is reached?
The link stops displaying the PDF. Anyone who tries to open it after the cap is hit will see a message that access is no longer available. You can reset or raise the limit from Control Center using the reading code — the original link stays the same.
Can I change the rules after sharing?
Yes. Use the reading code to open Control Center. You can change the open limit, extend or shorten the expiry date, update the allowed email list, and swap the view mode. You can also replace the file entirely — recipients use the same link and see the updated rules immediately.
What's the recommended setup for sensitive documents?
Combine three layers: email verification (only approved recipients can open) + expiry date (auto-expires after the deadline) + FenceView or no-download mode (reader can view but not save a clean copy). This covers who, when, and how the document is accessed.
Does the reader know rules are in place?
Partly. Readers see the verification step if you use email gating, and they see the viewer mode restriction if download or print is disabled. They will not see the open-count cap or expiry date unless they actually hit the limit and the link stops working.
Can I use access control alongside Telegram read alerts?
Yes. Access rules (limit, verification, expiry, view mode) and Telegram read alerts are separate settings on the same panel. You can combine them — for example, a limited share with email verification that also pings you on Telegram each time someone opens it.
What if I need different rules per recipient?
Create separate shares for each recipient or group with different settings. Each share has its own reading code, link, QR, and records. For large named lists, use email verification on a single share with all approved addresses — that way you don't need separate links per person.
Does MaiPDF require readers to create an account?
No. Readers never create a MaiPDF account. If email verification is enabled, they only type the email you approved — no password, no sign-up flow. If not, they just open the link like any public URL.
Can I whitelist an entire company domain instead of individual emails?
Yes. In the email verification field you can enter a domain pattern such as
@company.com to allow any address under that domain. This is ideal for internal documents at organisations where you don't have the full roster.What counts as one "open" for the open-limit counter?
A new reader session counts once. Reloading the same browser tab within the same session typically does not re-increment the counter. The cap is designed to track distinct reads, not every page scroll — so a legitimate reader will not accidentally burn through a low limit by glancing at the document twice.
Can I re-open a share after the limit or expiry has triggered?
Yes. Open Control Center with the reading code, raise the open limit above the current count, or extend the expiry date. The same link becomes active again — no need to create a new share. You can also replace the file at the same time if the content has changed.
Do access rules apply to the QR code version of the share?
Yes. The QR code points to the same share URL, so every rule — open limit, email verification, expiry, view mode — applies identically whether the reader opened the link, scanned the QR, or typed the URL directly.
Can I see which specific reader opened the file?
With email verification enabled, yes — access records list the verified email of each opener. Without email verification, records show session metadata (time, approximate region, device type) but no named identity.
Is there an API to set access rules programmatically?
Most teams use the settings panel on the upload page, which is designed to take just a few seconds per share. For high-volume workflows, reach out through the contact form — API access can be provisioned for qualifying accounts.
How do these controls interact with watermarking and DRM?
Access control decides who can open the PDF; watermark and DRM shape what happens once they are in. The two layers complement each other — a typical setup is email verification at the gate, plus a dynamic watermark and view-only DRM inside the viewer.
Can I revoke a share completely after sending?
Yes. In Control Center you can set the open limit to the current count, set an immediate expiry, or delete the share entirely. Any of these actions blocks future opens on the same link without requiring you to recall or reach each recipient.
Start Here
Upload a PDF and attach the rules before sharing.
Open MaiPDF, upload your file, configure the access controls, and copy the governed link — rules enforced from the first open, records available at any point after.