How we protect the link to your snapshot.
Our free Policy Snapshot tool returns a report viewable at a unique URL. We've made some specific choices about how that link works.
Your Policy Snapshot share link includes a per-submission bearer token in the URL fragment (the part after #). Fragments are never sent to the server, so the token doesn't land in access logs, Referer headers, or CDN caches — while still surviving copy-paste and refresh.
Each report link has a hard expiry shown on the page. After expiry the link returns the same response as a revoked or non-existent link, so a stale URL leaks nothing about whether it was ever valid.
The report page has a Revoke this link control. One click kills the grant on the server; anyone holding the URL — including you — loses access immediately. There's no undo, and we don't email anyone about it.
When you view the policy, the app requests a presigned S3 URL with a TTL of min(15 minutes, link expiry). Even if the underlying file URL were ever captured downstream, it stops working in under fifteen minutes.
The upload form requires a Cloudflare Turnstile challenge before a submission is accepted. This prevents automated abuse of the public endpoint without burdening real users with a CAPTCHA.
The snapshot tool is a free demo of RiskRemedy's policy review pipeline. For ongoing use, our authenticated dashboard adds tenant administration, audit logs, and managed retention.
For RiskRemedy's broader security posture — encryption, sub-processors, access controls, compliance — see our main security page.