Skip to content

Guide

How to Safely Share Tax Documents

Tax returns concentrate more sensitive data than almost any other file you handle. A practical workflow for sending them to accountants, lenders, and agencies.

By SecretPNG TeamReviewed by SecretPNG Security TeamPublished 2026-07-14Updated 2026-07-14

A tax return is close to a complete identity-theft kit: full legal name, address, Social Security number, income, employer, bank account details for refunds, and often the same information for a spouse and children. Yet every year these documents are emailed as plain attachments to accountants, mortgage brokers, and landlords.

The risk is rarely interception in transit; mainstream email is encrypted between servers most of the time. The risk is storage: unencrypted attachments accumulate in mailboxes, sent folders, downloads directories, and backups on both sides, waiting for whichever account or laptop is compromised first.

Step 1: Encrypt the file itself

Encrypt the document before it enters any transmission channel, so the protection travels with the file wherever it is stored. With SecretPNG's file encryption tool, the PDF is encrypted with AES-256-GCM in your browser and never uploaded; you send the resulting encrypted file through whatever channel is convenient, because the channel no longer needs to be trusted with the content.

If your recipient struggles with unfamiliar formats, an AES-256 encrypted ZIP is a more familiar container. Note that Windows' built-in extractor cannot open AES ZIPs, so point the recipient to a free tool like 7-Zip, or Keka on macOS.

Step 2: Send the password separately

An encrypted file with its password in the same email is an unlocked door with the key in the lock. Deliver the password through a second channel: a phone call, a text message, or a one-time secret link that encrypts the password in your browser and expires after viewing. Use a strong, single-purpose password generated for this exchange, never one of your own reused passwords.

Step 3: Share only what is asked for

Lenders and landlords often need proof of income, not your entire financial life. When a full return is not required, redact what the recipient does not need, such as full account numbers or dependents' Social Security numbers, using a true redaction tool that removes the underlying text rather than covering it. Check whether the recipient accepts official alternatives, like an IRS transcript, that contain less exploitable detail.

Before sending anything, remove document metadata. A PDF scanned or exported at home can carry names and software details you did not intend to include.

Prefer official portals when offered

Many accountants and lenders provide secure upload portals. A reputable portal is generally a better default than email because it avoids creating mailbox copies. Encrypting the file first still adds protection at rest on their side. Be alert to portal-themed phishing: navigate to the portal from the firm's known website, not from a link in an unexpected email, and be suspicious of urgent requests to resend documents to a new address.

After tax season

Sensitive sharing has a cleanup phase. Reducing the number of stored copies is worth more than any single transmission choice.

  • Delete tax documents from sent mail, downloads folders, and messaging threads on both ends once the recipient confirms receipt.
  • Store your own copies in an encrypted vault or encrypted backup rather than loose in a cloud drive.
  • Keep the encryption passwords in your password manager, with the recovery key recorded separately.
  • If you suspect a document was exposed, review IRS identity-protection resources and consider an Identity Protection PIN.

Limitations to keep in mind

  • Once a recipient decrypts a document, its protection depends entirely on their storage practices, which you cannot control.
  • Encryption cannot help if either party's device is already compromised by malware.
  • This guide covers document handling, not tax or legal advice; requirements for what you must provide vary by institution and jurisdiction.

Sources