What is Peeklit and what can I track?

Peeklit is a document tracking platform that turns any PDF or URL into a trackable shared link. You get real-time open notifications, viewer insights (location, device, browser), page-level analytics, and built-in access controls (password protection, email verification, link expiration, download blocking). All included on every plan.

Will the recipient know they're being tracked?

The viewer sees a clean, professional document viewer. A small privacy footer informs them that the sender can see when the document is viewed, with a link to our privacy policy. All analytics data is only visible to you in your private Peeklit dashboard.

How does billing work?

Peeklit uses Polar as the payment provider. Subscribe to Pro monthly or yearly (17% discount). Cancel anytime. The free plan includes 1 active tracked link forever — no credit card required.

Can I use my own branding?

Yes! Peeklit Pro subscribers can customize the document viewer with their company name, logo, and accent color for a white-label experience.

What's the difference between a document link and a redirect link?

A document link hosts your PDF directly on Peeklit with a professional viewer and full view tracking. A redirect link sends viewers to any external URL while still tracking opens. Both link types provide real-time open notifications and appear in your unified analytics dashboard.

All documents are served over HTTPS and stored encrypted at rest. You can protect any link with password protection, email verification, link expiration, and download blocking — all included on every plan. Peeklit runs on EU-hosted servers with MongoDB Atlas (EU region). We comply with GDPR and never share data with third parties.

How is Peeklit different from DocSend?

Peeklit is a modern, lightweight alternative to DocSend focused on simplicity. DocSend requires a Dropbox account and starts at $15/user/month with seat-based pricing. Peeklit offers a generous free tier and a flat Pro plan with no per-seat fees. Access controls — password, email verification, link expiration, download blocking — are included on every plan. Setup takes under 3 minutes.

What access controls can I add to my links?

Every Peeklit link can be protected with multiple layers: password protection, email verification with one-time codes, link expiration dates, and download blocking for PDFs. All access controls are included on every plan — even Free. You can combine multiple controls on the same link.

Stop Document Leaks: Dynamic Watermarks and Email Allowlists, Now Live

The leak nobody talks about

You password-protected the link. You set an expiration. You blocked downloads. The PDF still ended up in a competitor's inbox.

How? A screenshot. A screen-recording. Someone's phone pointed at a laptop. A forwarded link to a stranger inside an "approved" company. The classic access controls — password, expiration, no-download — protect the file. They don't protect the content once it's on screen.

Today we're shipping two new layers that do.

Dynamic watermarks: every page, every viewer, every time

Turn on Dynamic Watermarks for any link, and every page is stamped with the viewer's email address as they read. Not yours — theirs. Generated server-side, baked into the rendered page, impossible to remove with browser tools.

If a screenshot of your pricing page lands in a Slack channel, the leaker's email is right there on the image. If a competitor receives a forwarded screen recording, every frame is signed with the source.

It's not a DRM lock. Determined attackers can crop, redact, or retype. But for the 99% of "leaks" that happen by accident or low-effort sharing, a visible identity stamp is the strongest deterrent that doesn't ruin the reading experience. Most viewers won't forward a deck that has their own email written across every page — and the ones who do, you can prove it.

How it works

Enable email verification on the link (the watermark needs a verified address to stamp).
Toggle Dynamic Watermarks on.
The viewer enters their email, confirms with a one-time code, and starts reading.
Every page they see has their email rendered diagonally across the content at low opacity — readable enough to deter, faint enough to read past.

The watermark is generated per-view, server-side. There's no JavaScript trick a viewer can disable. There's no original "clean" version cached in their browser.

When to use it

High-stakes proposals. Pricing, scope, terms — anything a competitor would pay to see.
Investor decks. When the same deck goes to twelve funds, you want to know which one leaked.
Pre-launch product specs. Roadmaps and confidential briefings to partners or contractors.
Legal and M&A documents. Due diligence materials, term sheets, anything where the chain of custody matters.

Email allowlists and denylists: pick exactly who gets in

Watermarks deter. Allowlists and denylists block.

Every link can now carry two lists:

Allowlist — only these addresses or domains can view. Everyone else is rejected at the email gate.
Denylist — these addresses or domains are blocked. Everyone else gets through (subject to your other gates).

Both lists accept individual emails (john@acme.com) and whole domains (acme.com). Mix them freely.

Allowlist examples

A pitch deck for a specific buyer. Allowlist acme.com and partners.acme.com. Even if the link gets forwarded outside Acme, no one else can verify their email and get in.
An exclusive customer briefing. Allowlist the eight stakeholders by email. The link is unforwardable to anyone you haven't pre-cleared.
An internal-only announcement on a public link. Allowlist your own domain. The link still works for anyone you BCC; outsiders bounce.

Denylist examples

Block competitors by domain. Denylist competitor.com, competitor-two.com. They can guess the link, scrape it, get forwarded it — they still can't open it.
Block a known leaker. A specific contractor, a former employee, a journalist who scoops you — block their email or their employer's domain in one line.
Block disposable email patterns beyond what we already block by default. Add custom rules for whatever loopholes you've seen in your industry.

Combining the two

Allowlist + denylist on the same link is a powerful combo:

"Anyone at Acme Corp can view this — except their procurement team."

Allowlist acme.com, denylist procurement@acme.com and a few specific addresses. The same logic works for "everyone at the company except the legal department," "everyone in the partner program except this one franchisee," and dozens of other narrow scenarios where pure allow or pure block isn't enough.

Stack everything

Watermarks and lists slot in alongside the existing access controls:

Password — even allowlisted viewers need to enter the password.
Email verification — required for watermarks to have an email to stamp.
Expiration — the link dies on a date regardless of who's on the allowlist.
Download blocking — viewers see the watermarked pages but can't save the PDF.
Allowlist — only known addresses or domains pass the email gate.
Denylist — known bad addresses are rejected even if they'd otherwise pass.
Watermark — every page rendered to the viewer carries their identity.

Six layers. Configure them all in the link settings panel. Each one independent, all of them composable.

Use cases that actually need this

B2B sales pursuits. Allowlist the buyer's domain. Watermark the pricing page. Now if your champion forwards the deck inside their company, you'll see the new emails in your view log — and so will any future viewer.
M&A and corporate development. Disclose materials only to specific firms by domain. Watermark every page with the recipient's email so you can prove origin if a deck shows up in a press leak.
Investor relations. Send the same Q4 deck to twelve LPs. Allowlist each LP's domain on their copy. If a slide ends up on Twitter, you can identify which fund's link it came from.
Confidential client deliverables. Strategy decks, audit reports, legal opinions — protect by domain, watermark by viewer, block downloads. The deliverable becomes a viewing experience, not a forwardable artifact.

Available on every plan

Both Dynamic Watermarks and Email Allow/Denylists are included on every Peeklit plan, including Free.

Watermarks require email verification to be enabled on the link (we need a verified address to stamp on each page). Beyond that, there are no plan limits, no per-link surcharges, no separate add-on.

Most platforms — DocSend, PandaDoc, BrandFolder — gate watermarks behind their highest tier. Some don't offer allowlists at all. We don't think anti-leak protection should be a luxury feature; if you're sharing documents, you should be able to defend them.

Try it now

Sign in to Peeklit — Free plan is enough.
Open any existing link, or create a new one.
In the access controls panel, enable Email verification, then turn on Dynamic Watermarks.
Add a domain or two to the Allowlist. Add a known competitor to the Denylist.
Send the link. Watch the view log fill up with verified, watermarked, allowlisted readers — and only those readers.

Get started free at peeklit.com