Client Photo Proofing: How to Share Draft Images for Approval (Without Leaks, Endless Revisions, or Awkward WhatsApp Threads)

The first time I delivered a set of “almost-final” photos to a client, I did what everyone does: I dumped 40 JPEGs into a Google Drive folder and sent the link.

Two days later, the client forwarded that same link to “a few teammates.” A week later, I found my draft images in a public Slack channel screenshot. Nothing catastrophic happened — but it was a wake-up call: drafts leak, clients share links, and the internet never forgets.

This guide is the workflow I use now for client proofing: a clean approval process that stays friendly for non-technical clients, while still giving you real control (expiry, passwords, revocation, and versioning).

What “client proofing” really needs (the non-negotiables)

Most “sharing” tools are optimized for convenience, not control. In practice, a good proofing workflow needs:

• Access control: a password (shared separately) and the ability to revoke.
• Expiry: drafts should not become permanent public endpoints.
• Low drama for clients: no accounts, no installs, no “how do I open this?” back-and-forth.
• Versioning: you need a way to say “these are V1 drafts” vs “final selects.”
• Redaction/metadata safety: location (EXIF), filenames, and hidden identifiers should not leak.

The 10-minute secure proofing workflow (my default)

Here’s the setup that works for most freelancers, studios, and small teams. It’s intentionally boring — because boring workflows survive real life.

Step 1) Export “proof” images (not finals)

If your client only needs to approve composition, expressions, and overall direction, send proofs:

• Long edge: 2000–3000px
• JPEG quality: ~80–85
• Optional light watermark (small + subtle)

This reduces both leak impact and file size (faster approvals, fewer downloads, less bandwidth).

Step 2) Strip EXIF metadata (especially GPS)

Photos can include hidden metadata like GPS coordinates, timestamps, device model, and software history. For drafts, I treat this as “guilty until proven stripped.”

Practical options:

• Quick win: export from your editor with “remove location info” / “strip metadata” enabled.
• Team standard: run a metadata-strip step as part of your export preset.
• Safety net: use a host that strips metadata server-side.

Step 3) Upload to a share link that can expire + be revoked

Use a link you can kill later. The killer feature isn’t “unlisted.” The feature is revocation.

My default expiry settings:

• Proofs: 7 days (long enough for a realistic feedback window)
• Sensitive content: 24 hours (contracts, IDs visible in frame, private homes)
• Final delivery: 30 days (then archive)

Step 4) Set a password and send it separately

If you send the link and password in the same message, you’ve basically made a single “forwardable package.” When the link gets forwarded, the password follows.

Simple pattern:

• Link: email
• Password: SMS/Slack/WhatsApp (separate channel)

Step 5) Give clients a structured feedback method

The fastest way to burn hours is “feedback via chat.” If you don’t control the format, you get:

• “Can you brighten this one?” (Which one?)
• “I like #3 and #7” (Different numbering on different devices)
• Thread explosions across 3 apps

What works:

• Require references by filename (e.g., 2026-04-04_clientA_012.jpg)
• Or provide a short form: “File + change request + priority (must/optional)”

How to avoid the most common proofing leaks

Leak #1: Draft links forwarded to “one more person”

This is normal behavior. Clients aren’t malicious; they’re collaborative. Your job is to assume forwarding happens.

• Use passwords (shared separately)
• Use short expiries
• Revoke links immediately after approval

Leak #2: Filenames that contain private info

Filenames can leak project names, locations, and internal client details. Avoid:

• “vip-celebrity-shoot-RAW-001.jpg”
• “john-home-address-kitchen-03.jpg”

Use neutral filenames: client-code + date + sequence.

Leak #3: EXIF GPS data from home/office shoots

If your photos were taken at a private location (home, office, event venue), treat GPS metadata as sensitive by default.

Revision control: the “two-lane” system that prevents chaos

A surprisingly effective rule: split feedback into two lanes.

1. Must-fix: exposure, color consistency, skin tone, cleanup, removals.
2. Nice-to-have: micro tweaks, subjective preferences, “could we also…” requests.

Ask the client to label each request. This keeps you from doing 20 optional edits before a single must-fix is approved.

Templates you can copy-paste to clients

Template: proof delivery message

Subject: Proofs ready — please review by Friday

Here are the draft proofs for review (expires in 7 days):
Link: [link]
Password: (sent via SMS)
Feedback format: please reply with “filename + change request + must/optional.”

Template: approval + link revocation

Confirmed — thanks! I’m revoking the proof link now and preparing the final delivery. If you need access again later, I can re-share with a fresh expiry.

FAQ

Should I watermark proofs?

Light watermarking can reduce casual misuse, but it’s not security. The actual control comes from passwords, expiry, and revocation. If you do watermark, keep it subtle — clients hate reviewing ugly drafts.

Is “anyone with the link can view” acceptable?

Only for low-stakes content. For client work, it’s a risky default because forwarding is inevitable. A password is a cheap second layer.

What expiry should I choose?

7 days is a strong default for proofs. 24 hours for sensitive sets. Longer only when the client asks.

What if a client insists on Google Drive/Dropbox?

You can still apply the same principles: short expiry where possible, revoke access after approval, and strip EXIF before upload. The workflow matters more than the tool.

What’s the safest “no account” proofing method?

A browser link that expires + can be revoked, with a password sent separately. It’s the best balance of security and client friendliness.

If you want, you can treat this whole process as a harness: a simple, repeatable wrapper that keeps your creative work safe while it moves through real-world collaboration.