Document Tracking: How to See Who Opened Your Files and When
How document tracking works, what it can and cannot tell you, and a step-by-step way to see who opened your file, for how long, and from where.
On this page
- What document tracking actually means
- Why email read receipts and pixels are unreliable
- How link-based document tracking works
- How to set up document tracking, step by step
- Choosing the right amount of friction
- Reading the analytics without fooling yourself
- A quick comparison
- When document tracking is not the answer
- Pairing tracking with control
- Frequently asked questions
- Can the recipient tell they are being tracked?
- Does document tracking work without the recipient installing anything?
- Can I track a Word, PowerPoint, or Excel file, not just a PDF?
- How accurate is the time-on-page data?
- Can document tracking stop someone from sharing my file?
- Is free document tracking good enough?
- Get document tracking that you can actually trust
Document tracking means sending a file as a link instead of an attachment, so you can see who opened it, when, how long they spent, and which pages they read. The short version: email read receipts barely work, but a tracked link works reliably because the analytics live on the page itself, not in someone's inbox. This guide covers how to set it up, what the data actually means, and where tracking quietly fails so you do not over-trust it.
What document tracking actually means
When you attach a PDF to an email and hit send, the file leaves your control completely. It gets downloaded, forwarded, saved to three desktops, and renamed final_v2_REAL.pdf. You have no idea whether the person you sent it to ever opened it, let alone read past page one.
Document tracking flips that. Instead of sending the file, you send a link to a hosted version of it. The recipient opens it in their browser, and every meaningful action gets logged: the open itself, time on each page, how far they scrolled, whether they came back the next day. You see this on your side, in a dashboard, without asking the recipient to do anything.
There are three common flavours of this, and they are not equally good:
- Email read receipts. Your email client asks the recipient's client to confirm receipt. Polite, optional, and routinely ignored or blocked.
- Tracking pixels. A tiny invisible image embedded in an email body that pings a server when the email is rendered. This is the technology behind most "they opened your email" tools.
- Link-based document tracking. The file becomes a web page you control. Opens, page-by-page time, and revisits are logged server side.
The rest of this guide is mostly about the third one, because it is the only approach that survives contact with reality. I'll get to why.
Why email read receipts and pixels are unreliable
If you have ever turned on "request a read receipt" in Outlook or Gmail, you already know the disappointment. Read receipts depend on the recipient's email client honouring the request, and on the recipient choosing to send one. Plenty of clients do not support them at all, and most that do will prompt the user with a "do you want to send a read receipt?" dialog that any sensible person dismisses.
Tracking pixels are sneakier but increasingly broken. The pixel fires when the email's images load. The problem is that a growing share of email now gets opened in environments that pre-load or proxy images:
- Apple Mail Privacy Protection pre-fetches images on Apple's servers, so the pixel fires whether or not a human ever looked at the message. You get a phantom "open" the instant it lands.
- Corporate security gateways scan inbound mail and trip pixels during scanning.
- Many people block remote images by default, so the pixel never fires even though the email was read.
So the data is wrong in both directions: false opens from machines, missing opens from privacy settings. For a casual "did my newsletter get seen" signal, fine. For "did the buyer actually read the contract," no. You cannot make a decision on a number that is partly hallucinated.
Link-based tracking sidesteps all of this because the measurement happens when a real browser renders the actual document, not when an inbox previews an email.
How link-based document tracking works
The mechanism is simple, which is why it is reliable. You upload your file, the platform hosts a viewable version, and you share a URL. When someone opens that URL, their browser loads the document viewer, and the viewer reports back what happens: which page is on screen, for how long, when they close the tab, whether they return.
Because the document is a live page rather than a static download, you get things a pixel could never give you:
- Per-page time. Not just "opened," but "spent four minutes on the pricing page and skipped the appendix."
- Completion percentage. How much of a twenty-page deck they actually got through.
- Revisit history. Whether they came back, and how many times. A second visit two days later is one of the strongest buying signals you will ever get.
- Identity. If you require an email to view, you know which specific person did all of the above, not just "someone."
The trade-off is honest and worth naming. Link-based tracking only works for the hosted copy. If you also let the viewer download the original file, anything they do with that downloaded copy is invisible. That is exactly why download controls and tracking belong together, which I'll cover below.
How to set up document tracking, step by step
Here is the practical version, using Plox. The same shape applies to most link-based tools.
- Upload the file. PDF, PPTX, DOCX, XLSX, an image, even a video. It gets converted into a browser-viewable document. No app install for the viewer, no account needed on their end.
- Decide how much friction you want. This is the single biggest choice, and it is a genuine trade-off. More friction gives you better identity data but loses some viewers who cannot be bothered. Less friction gets more opens but tells you less about who they are. See the next section.
- Set access controls. At minimum, decide whether viewing requires an email. For anything sensitive, layer on a passcode or restrict to specific email addresses.
- Turn off downloads if the content is sensitive. This keeps the document inside the tracked viewer, so your analytics stay complete and the file does not wander off as an attachment again.
- Generate the link and send it. Paste it into an email, a chat, wherever. The recipient clicks and views in their browser.
- Watch the analytics. You can get a real-time alert the moment someone opens it, then review per-viewer detail afterward: who, when, how long per page, completion, location, device, and any return visits.
That is the whole loop. The part that takes thought is step two, so let us slow down there.
Choosing the right amount of friction
Every gate you add is a tax on opens and a deposit into your data quality. Calibrate it to the stakes:
- Anonymous link, no email required. Best for top-of-funnel material like a one-pager you are blasting out. You will see opens, time, and pages, but viewers stay unnamed. Maximum reach, minimum identity.
- Require email to view. The default for most sales and fundraising documents. You learn exactly who opened it. One honest caveat: nothing stops someone typing a fake address, so treat self-entered emails as a strong hint, not proof.
- Email verification with a one-time passcode. Now the viewer has to prove control of the inbox by entering a code you send. This is real identity verification, and it is the right setting when you genuinely need to know it was them.
- Allowlist plus passcode. Lock the document to named addresses and require a shared secret. This is for the board deck and the term sheet, not the pitch you want widely read.
When in doubt, start lighter than you think. You can always send a tighter link to a smaller group later.
Reading the analytics without fooling yourself
The data is only useful if you read it honestly. A few field notes from people who live in these dashboards:
Time on page is signal, not gospel. Eight minutes on one page might mean deep interest, or it might mean they opened the tab, walked away to make coffee, and came back. Look at the shape of the whole session, not one big number. A steady read across every page tells you more than one spike.
The revisit is the gold. A first open tells you the document arrived. A second visit, especially when they forward the link to a colleague whose open you also see, tells you it is being discussed internally. That is the moment to follow up.
Skips are information too. If everyone blows past your fourteen slides of company history and lingers on pricing, your deck has too much front matter. Tracking is as much a tool for editing your own documents as for chasing recipients.
Zero opens is also data. The most underrated use of tracking is knowing that the deal you thought was warm has not been opened in nine days. Silence is a status.
A quick comparison
| Method | What it tracks | Reliability | Knows who | Best for |
|---|---|---|---|---|
| Email read receipts | A single "received" ping | Low, often blocked or ignored | No | Almost nothing serious |
| Tracking pixels | Email "open" event | Low, false opens and false misses | No | Rough newsletter open rates |
| Link-based platform | Opens, per-page time, completion, revisits, location, device | High, measured in a real browser | Yes, with email or OTP | Contracts, decks, proposals, data rooms |
The pattern is clear enough. If the decision attached to the document matters, the pixel-based methods are not good enough, because their numbers are partly fictional.
When document tracking is not the answer
This is the part most vendor pages skip, so here it is plainly. Tracking tells you about engagement. It does not give you control over a determined human, and it is not surveillance.
- It cannot stop a screenshot or a photo of the screen. If someone wants to copy your content, a phone camera defeats every digital control ever built. Watermarking raises the social cost of leaking by stamping the viewer's identity on every page, but it deters, it does not prevent. Be clear-eyed about that.
- It cannot track a downloaded file. Once the original leaves the viewer, your analytics stop. If complete tracking matters, disable downloads and keep the document in the viewer.
- It does not prove a human read and understood the content. An open is an open. Time on page is a proxy for attention, not comprehension. Do not tell a court, or your boss, that the data proves someone read and agreed to a clause. It proves the page was on their screen for a while.
- It is overkill for genuinely public content. If you want a document indexed and shared as widely as possible, do not gate it. Tracking and reach pull in opposite directions.
Good tracking is a decision-support tool. It tells you where to spend your follow-up energy. It is not a force field.
Pairing tracking with control
For most people the reason to track a document is that it is at least a little sensitive, which means tracking alone is half the job. The other half is control, and the two reinforce each other:
- Disable downloads so the file cannot escape the tracked viewer, which also keeps your analytics complete.
- Dynamic watermarking stamps each viewer's email and the time across every page, so a leaked screenshot points back at whoever leaked it. See dynamic watermarking.
- A one-click NDA gate makes viewers accept terms before the document loads, which is genuinely useful for diligence and fundraising. See one-click NDA.
- Virtual data rooms group many files into a branded space with folders, per-file permissions, and room-level analytics, for when one tracked link is not enough. See data rooms.
If you want the full breakdown of the access settings, the document control page walks through each one, and the tracking your document doc covers the day-to-day flow.
Frequently asked questions
Can the recipient tell they are being tracked?
There is no hidden indicator that says "you are being watched," but there is also nothing deceptive about it. They are opening a hosted document in their browser instead of a downloaded file, which is normal and increasingly expected for shared business documents. If you require an email or a passcode to view, the gate itself makes clear the document is access-controlled. Plenty of people add a short line in the sharing email noting the link is tracked, which costs nothing and avoids any awkwardness later.
Does document tracking work without the recipient installing anything?
Yes. The whole point of link-based tracking is that the viewer just clicks a URL and reads in their browser. No account, no plugin, no app. That zero-friction open is also why the open data is trustworthy: it is a real browser loading a real page, not an inbox previewing an email.
Can I track a Word, PowerPoint, or Excel file, not just a PDF?
Yes. PDF, PPTX, DOCX, XLSX, images, and video all become trackable links. The file is converted to a browser-viewable version, so the recipient does not need the original application either, which removes one more reason for them not to open it.
How accurate is the time-on-page data?
More accurate than anything email-based, with one honest caveat. It measures how long the document was the active page on screen, which is a strong proxy for attention but not a lie detector. A person can leave a tab open and walk away. Read the session as a whole, lean on patterns like revisits and per-page distribution, and you will get a genuinely useful picture rather than a single number you over-trust.
Can document tracking stop someone from sharing my file?
Not by itself, and anyone who tells you otherwise is selling something. Tracking shows you what happens to the link, including when it gets forwarded and opened by someone new. To actually constrain sharing, you combine controls: restrict viewing to specific emails, require a one-time passcode, disable downloads, and watermark every page so a leaked copy is traceable. That makes casual sharing harder and deliberate leaking riskier, but a screenshot or a photo of the screen will always be possible. Plan for deterrence, not impossibility.
Is free document tracking good enough?
For light use, often yes. The honest answer is that it depends on volume and how much identity and control you need. The Plox Free plan lets you turn files into tracked links and see opens. Paid plans on pricing add the heavier controls and room-level features that matter once documents are central to how you sell, raise, or close. Start free, and upgrade when the limits start to pinch rather than before.
Get document tracking that you can actually trust
If you want to stop sending blind attachments and start seeing exactly who opened your file, how long they read, and whether they came back, that is what Plox is built for. Turn any document into a tracked link in under a minute, then watch per-viewer analytics roll in, with the access controls to keep sensitive files where they belong. See the full picture on the analytics page, and when you are ready, start tracking your documents free.
Written by Rohit Pai · Co-founder, Plox
Rohit co-founded Plox, where the team builds secure document sharing and virtual data rooms for founders and dealmakers.
Connect on LinkedIn