You create a checklist, add recipients with a deadline, and they get a magic link to a simple upload portal. No account needed on their end. Auto-reminders escalate as the deadline approaches.
A few things I focused on:
No recipient login — SHA-256 hashed magic links, raw tokens never stored. Recipients just click and upload.
Virus scanning — ClamAV runs on every upload. Infected files are rejected and the recipient is asked to re-upload.
Privacy — EU hosted (Germany), GDPR compliant, DPA included. No tracking in the app or portal.
Security — TLS everywhere, 5-layer file validation (type, extension, magic bytes, size, quota), rate limiting per-user and per-IP, full audit trail on deletions.
Branding — white-label with your logo and accent color on the portal and emails.
Stack: Django + DRF, Next.js 14, Celery + Redis, PostgreSQL. Portal is server-rendered Django templates (not the React app). Single EC2 instance, Docker Compose.
I'm based in Switzerland, built this over a few months. Free tier available. Would love feedback — especially on the recipient-facing portal since that's the part that needs to be dead simple.