Forwarding risk has four paths, not one

“Stop copying” is too broad. Most leakage comes through four routes: text extraction, screenshots, link forwarding, and long-lived access. Treat each route with a matching control.

Build your control stack See the 4-layer model

4 risk types and matching controls

Risk 1: text extraction

Clauses, prices, and key lines get copied into external docs.

Layer: no-download + no-copy oriented viewer behavior.

Strong against casual copy paths; not a guarantee against determined OCR/manual rewrite.

Risk 2: screenshots spread

Content snapshots circulate in chats and side channels.

Layer: dynamic watermarking (plus optional stricter reading mode).

Deters casual forwarding and improves trace context; does not physically block screenshots.

Risk 3: link forwarded beyond intended audience

A valid URL gets passed to people outside the target group.

Layer: access gate and identity checks.

Raw URL forwarding alone is no longer enough when identity checks are required.

Risk 4: stale access remains open

Outdated materials stay viewable long after relevance ends.

Layer: expiry + open caps.

Time-box visibility and reduce long-tail leakage window.

Layered security controls for shared PDFs — Use layered controls, not a single “magic” setting.

Scenario examples

Quote sent to one buyer team

Prioritize identity gate + expiry + watermarking.

Portfolio sent to prospects

Prioritize no-download + watermarking; keep friction moderate.

Internal draft policy

Prioritize short expiry + gated access + review visibility.

Public collateral

Keep control light; too much friction hurts distribution goals.

Boundary

Not absolute prevention

Visible content can still be captured or rewritten. Controls reduce risk and convenience, they do not erase possibility.

Right layer for right risk

Over-applying strict controls can reduce reader completion. Calibrate by sensitivity and business goal.