<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Viswa Prathap</title>
    <description>The latest articles on DEV Community by Viswa Prathap (@viswap).</description>
    <link>https://dev.to/viswap</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4013428%2Fb65b7d7f-6bd2-4399-b16b-d05303b6db5d.png</url>
      <title>DEV Community: Viswa Prathap</title>
      <link>https://dev.to/viswap</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/viswap"/>
    <language>en</language>
    <item>
      <title>Building Senduta: A Digital Courier That Proves Your Document Was Actually Opened</title>
      <dc:creator>Viswa Prathap</dc:creator>
      <pubDate>Fri, 03 Jul 2026 11:04:15 +0000</pubDate>
      <link>https://dev.to/viswap/building-senduta-a-digital-courier-that-proves-your-document-was-actually-opened-2da</link>
      <guid>https://dev.to/viswap/building-senduta-a-digital-courier-that-proves-your-document-was-actually-opened-2da</guid>
      <description>&lt;p&gt;WeTransfer tells you a file was &lt;em&gt;sent&lt;/em&gt;. Email tells you a message was &lt;em&gt;delivered&lt;/em&gt;, maybe. Neither tells you the one thing that actually matters when you're sending a signed contract, a legal notice, or a client's financial records: &lt;strong&gt;did the right person actually open it?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;That gap is what we're building &lt;strong&gt;&lt;a href="https://senduta.com" rel="noopener noreferrer"&gt;Senduta&lt;/a&gt;&lt;/strong&gt; to close — a secure digital courier for confidential documents, built for lawyers, chartered accountants, recruiters, consultants, and architects who need something closer to registered post than a share link.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem with "just send it as an attachment"
&lt;/h2&gt;

&lt;p&gt;Most document sharing today optimizes for convenience, not accountability:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Email attachments can be forwarded infinitely, with zero record of who opened them.&lt;/li&gt;
&lt;li&gt;Generic file-transfer tools confirm upload, not delivery.&lt;/li&gt;
&lt;li&gt;Nobody produces a certificate you could actually hand to a court or a compliance auditor.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For a lawyer serving a notice or a CA sharing financials, "I think they got it" isn't good enough.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Senduta does differently
&lt;/h2&gt;

&lt;p&gt;Senduta treats every send like a courier parcel, not a storage bucket:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Email-OTP verification&lt;/strong&gt; — only the intended recipient can unlock the file&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Full audit trail&lt;/strong&gt; — delivered → opened → downloaded, each with timestamp, IP, and device&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Certified delivery PDF&lt;/strong&gt; — a branded certificate with a SHA-256 integrity hash of the file&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;AES-256 encryption&lt;/strong&gt; in transit and at rest, plus dynamic watermarking&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Self-destruct&lt;/strong&gt; — files are permanently deleted 24 hours after download&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Link expiry &amp;amp; instant revoke&lt;/strong&gt;, resumable uploads up to 50GB&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The self-destruct part is deliberate: Senduta is a courier, not a storage service. It delivers, then deletes — which also means we're not sitting on a growing pile of other people's confidential documents.&lt;/p&gt;

&lt;h2&gt;
  
  
  The stack
&lt;/h2&gt;

&lt;p&gt;Nothing exotic — mostly boring, reliable choices so we can move fast without fighting the tools:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Next.js 16 / React 19&lt;/strong&gt; for the app&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Supabase&lt;/strong&gt; for auth, Postgres, and session state&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;AWS S3&lt;/strong&gt; (via &lt;code&gt;@uppy/aws-s3&lt;/code&gt; for resumable multipart uploads) for file storage — since files are transient, S3 with lifecycle rules made more sense than baking storage assumptions into the DB layer&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Resend&lt;/strong&gt; for transactional email (OTP codes, delivery notifications)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;pdf-lib&lt;/strong&gt; to generate the certified delivery PDFs server-side, embedding the SHA-256 hash at generation time&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;sharp&lt;/strong&gt; for watermarking and image processing&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Claude API (Anthropic SDK)&lt;/strong&gt; — this is the part I'm most excited about. We're layering in AI-assisted document summaries and smart tagging on top of the delivery pipeline, so recipients (and senders) get a quick sense of what's inside a document before committing to a full read&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What's next
&lt;/h2&gt;

&lt;p&gt;We're mid-build across a staged roadmap: core send/receive flow and audit logging are in place, and we're working through OTP gating, watermarking, and the certificate/hash pipeline before layering the Claude-powered document intelligence on top.&lt;/p&gt;

&lt;p&gt;If you send confidential documents for a living — or you're just interested in the "prove it, don't just trust it" approach to document delivery — I'd love feedback. Follow along at &lt;a href="https://senduta.com" rel="noopener noreferrer"&gt;senduta.com&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Building in India, for the world.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>showdev</category>
      <category>webdev</category>
      <category>nextjs</category>
      <category>senduta</category>
    </item>
  </channel>
</rss>
