CloakShare CloakShare
Log in Get API Key

March 6, 2026

How to Watermark Documents Before Sharing

Watermarking a document before you share it serves two purposes: deterrence and traceability. A visible watermark discourages the recipient from redistributing the document. And if it does get leaked, a unique watermark per viewer tells you exactly who shared it.

This guide covers why watermarks matter, the difference between static and dynamic approaches, and how to automate them with an API.

Why watermark shared documents?

Every time you share a confidential document — a pitch deck, a contract draft, a financial report — you're trusting the recipient not to forward it. Watermarks don't prevent forwarding, but they change the calculus:

  • + Deterrence: A visible "Confidential — shared with jane@acme.com" watermark makes the viewer think twice before screenshotting or forwarding
  • + Traceability: If a document leaks, a unique watermark per viewer tells you the source
  • + Legal standing: In IP disputes, watermarked documents establish a chain of custody and demonstrate that confidentiality was expected

Static vs dynamic watermarks

A static watermark is baked into the document before sharing. Every recipient sees the same text — usually "Confidential" or a company name. You can apply these with tools like Adobe Acrobat, Stirling PDF, or even Python libraries like PyPDF.

The limitation is obvious: if every copy has the same watermark, you can't trace a leak back to a specific viewer.

A dynamic watermark is generated per viewer at the time of viewing. It typically includes the viewer's email address, the current date, and a session identifier. Each person who opens the document sees their own identity on every page. This makes forwarding immediately attributable.

Dynamic watermarks require a viewing layer — you can't bake them into a PDF attachment because you don't know who will open it. Instead, the document is served through a web-based viewer that renders the watermark in real time.

How CloakShare handles watermarks

CloakShare renders documents as images on a canvas element. When watermarking is enabled, the viewer overlays text on the canvas using template variables that resolve per session:

  • + Viewer's verified email address
  • + Current date and time
  • + Unique session identifier

The watermark is rendered at the canvas level — it's not an HTML overlay that can be removed with browser DevTools. The viewer composites the document image and the watermark text into a single canvas output.

To create a watermarked link via API: 

$ curl -X POST https://api.cloakshare.dev/v1/links \
    -H "Authorization: Bearer ck_live_xxx" \
    -F file=@contract.pdf \
    -F watermark=true \
    -F require_email=true

When someone opens this link, they're prompted for their email. After verification, every page displays a semi-transparent watermark with their email, the date, and the session ID. The watermark text is customizable — you can set it to any string, or use the default template variables.

A note on security

Let's be honest: canvas-based watermarks are a deterrent, not DRM. A determined attacker can still take a photo of their screen, use a screen recorder, or attempt to manipulate the canvas API. No web-based watermark is undefeatable.

What watermarks do is raise the cost of leaking. A casual screenshot now contains the leaker's email. A forwarded link triggers email verification for the new viewer. The combination of watermarks, email gating, and view tracking creates enough friction that most people won't bother — and enough evidence that you'll know if they do.

If you need actual DRM (hardware-level copy protection), you're looking at enterprise solutions like Vitrium or Locklizard that use custom viewers and OS-level hooks. Those come with significant trade-offs in user experience and deployment complexity.

For most use cases — pitch decks, contracts, proposals, internal reports — a visible dynamic watermark combined with access controls is the right balance of security and usability.