State of M&A Data Rooms — Q2 2026 Read the report →
Peony LogoPeony

How to Deliver Phase 1 ESA Reports: View-Only, Reliance Control (2026)

Co-founder and CEO at Peony. I built the data room platform with a background in document security, file systems, and AI. Founded Peony in 2021 in San Francisco.

How to deliver a Phase 1 ESA report clients can read — but not download, forward, or feed to AI

Last updated: July 2026 · Last verified: July 2026

I'm Deqian Jia, co-founder of Peony, a data room company. Most of what I write is for the acquirer's side of a deal. This one is for the person on the other end of the engagement letter: the environmental professional who authored the Phase 1 and now has to deliver 300 pages of it without watching the report — and the liability that rides on it — leak out the moment it lands in an inbox.

Here is the archetype this post is built around, anonymized. A sole environmental professional running a small consultancy, 40-odd Phase 1s a year at a few thousand dollars each, came to Peony with two specific injuries. The first: clients had started uploading his couple-hundred-page reports into AI systems and mailing back tidy lists of machine-generated questions, which he then answered on time nobody was paying for. The second, quieter and more expensive: his reports were circulating to lenders, buyers, and counsel who had never bought a reliance letter — parties now holding his stamped conclusions with no fee and no signed contract, but plenty of ability to point at him if a deal went wrong. He did not have a writing problem. He had a distribution problem.

Quick answer: A Phase 1 ESA is not really a document — it is a liability perimeter. The report's own limitation language says only the named client may rely on it; the reliance letter is how that perimeter expands, one named party and one fee at a time. Emailing the PDF dissolves the perimeter you drafted, because an attachment carries none of your restrictions with it. View-only delivery — named viewers, no download, per-viewer watermark, expiry aligned to the 180-day viability window — is the first distribution method that actually enforces what the limitations section asserts. This post is the report author's side of delivery. The environmental due diligence guide covers the acquirer running the diligence.

Where this post sits. This is the delivery-and-control guide for the person who wrote the Phase 1. It deliberately does not re-litigate the buyer's world — the BFPP defense, PFAS liability, when a Recognized Environmental Condition triggers a Phase II — all of that lives in the environmental due diligence post, and I will link there rather than repeat it. If your reader is assembling a whole diligence set, commercial property due diligence is their clock. What follows is narrower and, for a consultant, more urgent: how the finished report gets into the right hands and stays out of the wrong ones.

Clients keep forwarding my Phase 1 to their lender — how do I stop it?

You stop it by changing what you hand over: not a file, but a link. The forward happens because an emailed PDF is designed to be forwarded — that is what email attachments are for. The client sends it to their lender to satisfy a loan condition, the lender's underwriter sends it to counsel, counsel sends it to the next prospective buyer if the deal trades, and by the time the report has made three hops it is sitting in inboxes and shared drives belonging to parties you have never met and never billed. Each of them now holds your stamped conclusions.

The reason this should bother you is not tidiness. It is that every one of those readers is a potential claimant and a lost reliance fee at the same time. A view-only link scoped to your named client's email breaks the chain at hop zero: there is no downloadable PDF to forward, so when the lender needs the report, they have to ask you — which is exactly the moment a reliance letter should change hands. Delivery is not a clerical afterthought here; it is the enforcement mechanism for the entire legal structure of the report. The rest of this post is about making the delivery method match the document.

Why is a Phase 1 ESA a liability perimeter, not just a document?

Because the report's own words draw a boundary around who is allowed to rely on it — and that boundary, not the PDF, is the thing you are actually managing. A Phase 1 ordinarily contains limitation language stating it is prepared for the sole use of the named client, and that no third party who has not signed the contract and paid for the report may rely on its conclusions without written consent. Third parties gain reliance one way only: a reliance letter, which authorizes a specific named party — a lender, a buyer, the SBA — to rely on the existing report and, in doing so, extends your duty of care to them. Those letters commonly run $250 to $600, or 10 to 20 percent of the original engagement fee per added party.

The reliance perimeter of a Phase 1 ESA — who may rely, who actually reads it, and how delivery enforces the line

The perimeter you draft in the limitations section is only as real as your control over who receives the report.

So every added reliance party is a deliberate, priced expansion of your liability exposure — and that is the point. What you never want is the perimeter expanding by accident, for free, through a forwarded attachment. The legal machinery behind this is [Restatement (Second) of Torts §552](https://web.engr.uky.edu/~jrchee0/CE%20401/Important%20Legal%20Decisions/Negligent%20Misrepresentation-Economic%20Loss%20Rule/Rest%202d%20Torts%20Section%20552%20(Negligent%20Misrepresentation.pdf), negligent misrepresentation — the route third parties use to sue a consultant when there is no contract between them. Its scope is not unlimited: liability runs to the person or limited group for whose benefit the information was supplied. Read that clause slowly, because it is the whole argument of this post. The scope of your exposure turns on who you supplied the report to. Distribution control is liability control.

Two short cases make it concrete. In one, a court found a consultant not liable to a prospective purchaser who had no reliance letter and no privity, where the assessment had been performed for the lender — the purchaser was simply not the party the report was supplied for. In another, a cautionary tale, a borrower paid for the Phase 1 as a closing cost, but the report was issued to the bank; with no reliance letter, the borrower had no contract rights against the consultant even as roughly $30 million in cleanup liability came into view. The lesson cuts both ways: reliance is a bright line, and it is drawn by who holds the report. A delivery method that lets the report drift past your named client is a delivery method that erodes the very limitation language you drafted. (This is general information, not legal advice, and reliance doctrine varies by state.)

Yes — and this is the single most under-used move available to a report author, because it makes the report's shelf life and its access window the same thing. Under ASTM E1527-21, a Phase 1 is presumed viable if completed within 180 days of the acquisition, and that window extends to one year only if five specific components are updated:

  1. Interviews with owners, operators, and occupants
  2. Environmental lien searches — searches for recorded environmental cleanup liens
  3. Government records review — federal, tribal, state, and local records
  4. Site reconnaissance — the visual inspection of the subject and adjoining properties
  5. The environmental professional (EP) declaration

Critically, the clock runs from the earliest of those component dates, not the report's cover date — so a report can be closer to stale than its title page suggests. ASTM E1527-21 became effective February 13, 2023 (the EPA rule was published December 15, 2022), and the older E1527-13 standard stopped satisfying All Appropriate Inquiries after February 13, 2024, so "current standard" is not something a year-old report can take for granted either.

Here is the ownable move. When you deliver a Phase 1 as a link with an expiry date, you can set it to expire in step with the viability window — 180 days from the earliest component date, extendable to the one-year mark if and when you update the five components. The report stops circulating exactly when it stops being reliable. An emailed PDF cannot do this: once it is out, it is out, and a 200-day-old copy in a buyer's shared drive is a liability you have no way to recall. A view-only link is the only delivery method whose access window can track the report's own legal shelf life.

Is emailing the final Phase 1 PDF a liability risk?

Yes, and the risk is structural, not occasional — the attachment does the opposite of what your report says. Walk the two side by side. Your limitations section asserts: sole use of the named client, no third-party reliance without written consent, viability bounded by the 180-day clock. Now watch what an email attachment does the instant it lands: it can be forwarded to anyone, saved forever, opened by parties you never authorized, and relied upon by readers who never paid. The document makes a set of promises about its own distribution; the delivery method breaks every one of them.

Line up what your report asserts against what an attachment actually permits, and the mismatch is the whole risk:

  • The report says: sole use of the named client. The PDF permits: forwarding to anyone, with one click, forever.
  • The report says: no third-party reliance without written consent. The PDF permits: a lender, counsel, and the next buyer to read and rely without ever contacting you.
  • The report says: viability bounded by the 180-day clock. The PDF permits: a copy from last year to resurface in a shared drive, indistinguishable from a current one.
  • The report says: you are the environmental professional of record. The PDF permits: an anonymous reader to paste your conclusions into an AI tool and generate objections you never wrote.

That gap — between what the report asserts and what the PDF permits — is the liability. It is not that any single forward is catastrophic; it is that the forwarding chain (client → lender → counsel → next buyer) manufactures exactly the unauthorized, unpriced reliance your limitation language was written to prevent, and it does so silently. You never see the hop, so you never issue the reliance letter, so the party who ends up relying does it for free and outside your contract. The fix is not a sterner limitations paragraph. It is a delivery method that enforces the paragraph you already have. That method is a view-only link — and the next section is the mechanics of it. For the general version of this problem across any client document, secure client file sharing covers the pattern.

How does view-only delivery of a Phase 1 report actually work?

You upload the report once, restrict who can open it, and turn off everything that would let it leave — then the recipient reads it in their browser, page by page, and never touches a file. Concretely, view-only delivery of a Phase 1 has six moving parts:

  • Named viewers only. Access is tied to specific email addresses via an allow-list and email verification, so only your named client — and, later, each reliance-letter recipient — can open the report. A link that leaks to an un-listed address simply does not open.
  • Download and printing off. There is no "Save as PDF" and no print path, so no downloadable file is ever created on the recipient's machine. This is the setting that closes the forward-and-upload paths at the source.
  • Screenshot protection on. On the Business plan ($30 per admin per month), screenshot protection blocks capture keyboard shortcuts, screen recording, and capture extensions in modern desktop browsers, and logs attempts.
  • A per-viewer dynamic watermark. On the Data Room plan ($52 per admin per month), every rendered page carries the viewer's own email and access time, so any screenshot or photo is attributable to the exact person who took it.
  • 300 pages with appendices, handled. A Phase 1 with its EDR report, historical records, and photo logs routinely runs into the hundreds of pages. Unlimited file size on the Data Room plan means the full report and appendices upload as one deliverable; viewers stream pages in the browser, so there is no 25 MB email bounce and no "the file is too big to send" scramble.
  • Works on mobile. A lender's counsel opening the link on a phone gets the same view-only, watermarked, no-download experience as on desktop.

The net effect is that the recipient can read every word and every appendix, and still has nothing to forward, save, or paste. That is the whole idea: full readability, zero portability. More than 5,900+ teams run controlled delivery on exactly this logic — show the hard document, lock the distribution.

Clients are pasting my Phase 1 into ChatGPT — how do I shut that down?

You shut it down upstream, by removing the file they would paste. When a client drops a couple-hundred-page report into a consumer AI tool for a fast summary, two bad things happen: the content leaves your confidentiality perimeter, and the tool hands back a list of machine-generated "questions" that you then answer on unbilled time. On consumer ChatGPT (Free and Plus), uploaded file content is used to train models by default — the opt-out is buried in Data Controls, where a user has to turn off model training — so the practical reality is that a pasted Phase 1 may persist as training data unless the client went looking for a setting they almost certainly never touched.

The clean fix is not a policy memo asking clients to please stop. It is structural: if the report is a view-only link with download off, there is no file to paste. The source PDF never reaches the client's disk, so the easiest ingestion path — drag the file in — is simply gone. The residual paths (retyping the text, photographing the screen) are slow, partial, and, with a per-viewer watermark, attributable. This is a deep enough topic that it has its own post; for the full playbook, read how to stop clients uploading your reports to ChatGPT, published alongside this one.

What does a reliance-letter workflow look like when delivery is controlled?

It looks like a product instead of an honor system — one named, watermarked, expiring link per reliance party, tracked separately from the client. This is the part most consultants have never had the tooling to do, and it is where controlled delivery pays for itself. Run it like this:

  • Track reliance recipients separately from the client. Your named client gets their link. Each reliance-letter recipient — the lender, their counsel, the SBA — gets their own personalised link, so "who has reliance" is a list you maintain, not a guess about who your client forwarded to.
  • Watermark each link to its recipient's identity. The lender's copy is stamped with the lender's email; counsel's copy with counsel's. A leaked page points back to the party who leaked it.
  • Expire each link with the viability window. Every reliance link carries the same 180-day (or updated one-year) expiry as the client's, so nobody relies on a stale report.
  • Use analytics as your reliance evidence. Page-level analytics record who accessed the report and when — invaluable if a party later claims they "relied" on it, because you can show precisely who you authorized and what they opened. That record maps straight onto the §552 "for whose benefit" question.

In practice, that turns your recipient list into a small register you actually control — each row a named party, a fee status, and an access setting rather than a hope about who forwarded what:

RecipientReliance feeTheir linkWatermarkExpiry
Named client (engaged you)In the engagement feePersonal, namedTheir identityViability window
LenderReliance letter, $250–$600Separate, namedLender's identityViability window
Lender's counselUnder the lender's letter, or their ownSeparate, namedCounsel's identityViability window
Next prospective buyerNew reliance letter requiredNot issued until paid

The payoff is a clean answer to the most common leak point in the whole workflow. When the lender's counsel emails asking for the report, you do not forward a PDF and quietly widen your liability for free. You reply with a reliance letter to sign and their own named link. Reliance stops being a leaky default and becomes an enforced gate — and the analytics become your audit trail. This is how 5,900+ teams turn a document hand-off into a controlled, recorded transaction.

The honest comparison is about one question: after you deliver, does the report stay under your control? Here is how the common options line up for a Phase 1 report.

Delivery methodFile leaves your control?Forwardable?Per-viewer watermarkPages-read analyticsExpiry aligned to 180 daysRevoke after sending
Email attachmentYes — instantlyYesNoNoNoNo
Password-protected PDFYes — the password travels with the fileYesNoNoNoNo
Google Drive (view-only)Copy stays in Drive, but re-shares easilyYes — link re-sharesNoNoNoPartial
DocSendNo — view-only, download offLimitedNoYesLimitedYes
Peony (view-only link)NoNoYes (Data Room)YesYesYes

A few honest notes. A password-protected PDF feels secure but is not: the password travels with the file, so once you send both, the recipient can forward both — you have added friction, not control. Google Drive view-only blocks the casual download but has no per-viewer watermark and no analytics, and a view link is re-shared with one more click. DocSend is genuinely solid on the fundamentals — view-only with download off, and real page tracking — but it does not offer screenshot protection or dynamic per-viewer watermarks, which are exactly the two controls that make a leaked Phase 1 attributable. Peony's difference for this use case is that the per-viewer watermark and the viability-aligned expiry are built in, so the delivery method enforces the report's limitation language rather than merely gating the file.

For one report to a handful of parties, a view-only link is enough — do not overbuild. If you are delivering a single Phase 1 to your client, their lender, and counsel, three named links do the entire job: controlled, watermarked, expiring, and read-tracked. You do not need to stand up a room, build a folder tree, or manage permissions for a deliverable that has exactly one document at its center.

The moment to think room-shaped is when your report becomes one exhibit among many. In a portfolio deal, your Phase 1 sits inside the buyer's diligence alongside 40 other documents — their leases, their title work, their financials — and that is the buyer's data room, not yours. Even then, the discipline holds: you still deliver your copy under your controlled link, watermarked and expiring, rather than surrendering the raw PDF into their room where it drops out of your perimeter. The principle is ownership of the boundary, wherever the report ends up referenced. For those broader worlds — the buyer assembling the set — see commercial property due diligence and environmental due diligence. Peony does both from one account: individual links for single deliveries, full rooms when you are the one assembling diligence.

How do I set this up in Peony — and what does it cost?

You can have a controlled Phase 1 link live in a few minutes; the median setup time across Peony is four minutes and nineteen seconds, which means an EP can stand this up between site visits. The steps:

  1. Create a free Peony account and upload the full report — narrative plus appendices — as a single deliverable. Unlimited file size on the Data Room plan means the EDR report and photo logs go in without a size scramble.
  2. Restrict access to named viewers. Add your client's email to the allow-list so only they can open the link; turn on email verification.
  3. Turn off download and printing. This removes the forwardable, uploadable file at the source.
  4. Turn on screenshot protection (Business plan) to block capture shortcuts, recording, and extensions in modern desktop browsers.
  5. Turn on the dynamic per-viewer watermark (Data Room plan) so every page carries the viewer's identity.
  6. Set the link to expire at the 180-day mark from your earliest component date, extendable to one year if you update the five components.
  7. Issue separate personalised links to each reliance-letter recipient as letters are signed, and watch page-level analytics for who read what.

On cost, there is a Free tier to start. Business is $30 per admin per month and includes screenshot protection, download prevention, a Simple NDA, advanced analytics, and AI document Q&A. Data Room is $52 per admin per month and adds dynamic per-viewer watermarking, an Advanced NDA with a signed PDF and audit trail, granular permissions, unlimited storage and file size, a full audit trail, and a custom domain. Every viewer is free and unlimited — your client, their lender, and counsel never need a paid seat.

The ROI math is not subtle. One $500 reliance letter you actually capture, instead of losing to a free forward, pays for months of the tool. A firm doing 50 Phase 1s a year is protecting $150,000 or more of report value for about $52 a month. Peony has held 99.96% uptime since August 2025, so the delivery layer is not something you have to babysit. Full details on the pricing page, and solutions for environmental consultants for the sector view.

What can view-only delivery not do?

Plenty — and being straight about the limits is part of using it well. Controlled delivery is a strong enforcement layer, not a force field. Three honest boundaries:

  • It cannot rewrite reliance doctrine. A determined third party can still assert §552 reliance on content they saw, even if they never downloaded a file. Your defense is not that the technology made reliance impossible; it is your report's limitation language plus your named-viewer records showing exactly whom you authorized. View-only delivery strengthens that record — it does not replace the legal argument.
  • It cannot stop retyping or a phone photo. No software can block a separate camera pointed at the screen; that is a plain fact, not a Peony limitation. What a per-viewer dynamic watermark does is make any such capture attributable to the person who took it, which turns a silent leak into a traceable one. For the specifics, see how to stop phone photos of documents and how to protect a PDF from screenshots.
  • It cannot fix a report that is out of date. If the 180-day clock has run and the five components have not been updated, the report is stale no matter how you deliver it. Expiry aligned to the viability window helps the stale copy stop circulating, but the underlying viability is governed by ASTM E1527-21, not by your link settings.

The right mental model is that view-only delivery makes your existing legal architecture enforceable and your leaks attributable. It does not, and cannot, do the law's job or the standard's job for you.

Frequently asked questions

What's the best way to send a Phase 1 ESA report so the client can't download or forward it?

Deliver it as a view-only link tied to named viewers, not as a PDF attachment. A view-only link renders the report in the browser page by page, with downloading and printing turned off, so there is no file for the recipient to save, forward, or drag into another tool — the report never leaves your control the way an emailed PDF does the moment it lands in an inbox. In Peony you upload the full report (narrative plus appendices), turn off download and print, restrict access to specific email addresses so only your named client can open it, and turn on a per-viewer watermark so every page they see carries their identity. Screenshot protection on the Business plan ($30 per admin per month) blocks keyboard capture shortcuts, screen recording, and capture extensions in modern desktop browsers; the Data Room plan ($52 per admin per month) adds the dynamic per-viewer watermark. Your client, their lender, and their counsel all view for free — Peony only charges for admin seats — so you are not paying per recipient to keep the report locked down.

How do I stop clients from forwarding my Phase 1 report to their lender without paying for reliance?

You stop the forward at the delivery layer: send a view-only link scoped to your named client's email, with download off, so there is no PDF to forward in the first place. When the lender asks for the report, the correct answer is not a forwarded file — it is a reliance letter and the lender's own named link. Reliance letters commonly run $250 to $600, or 10 to 20 percent of the original engagement fee per added party, and each one extends your duty of care to that specific reader. Emailing the PDF quietly hands the lender reliance-grade access for free while expanding your liability to a party who never signed your contract. In Peony, you track reliance-letter recipients as separate named viewers, each with a personalised link watermarked to their identity and set to expire with the report's viability window. This turns reliance from an honor system into an enforced product — the lender either has a letter and a link, or they have nothing to forward. This is general information, not legal advice; reliance law varies by state.

Can a third party legally rely on my Phase 1 if they never got a reliance letter?

Usually not through contract — and that is the point of your report's own limitation language, which states it is prepared for the sole use of the named client and that no third party may rely on it without written consent. Third parties who try generally sue under negligent misrepresentation, Restatement (Second) of Torts §552, whose scope turns on the person or limited group for whose benefit the information was supplied — so who you supplied the report to is the boundary of your exposure. Courts have declined to hold a consultant liable to a prospective purchaser who had no reliance letter and no privity where the assessment was performed for the lender. In another cautionary matter, a borrower who paid for a bank-issued Phase 1 as a closing cost, but held no reliance letter, had no contract rights against the consultant amid roughly $30 million in cleanup exposure. Distribution control is liability control: the tighter you hold who actually receives the report, the cleaner your limitation language reads. Peony's named-viewer records and page-level analytics give you a defensible record of exactly who you authorized. Not legal advice; consult counsel on your state's reliance doctrine.

Yes — align the link's expiry with the report's presumed-viability window so it stops circulating when it stops being reliable. Under ASTM E1527-21, a Phase 1 is presumed viable if completed within 180 days of acquisition, extendable to one year only if five components are updated: the interviews, the environmental lien search, the government records review, the site reconnaissance, and the environmental professional declaration. The clock runs from the earliest of those component dates, not the report's cover date. A 200-day-old report riding around as an attachment is a liability you cannot recall; a link you set to expire at the 180-day mark self-retires on schedule. In Peony you set an expiry date per link (or extend it to the one-year mark if you have updated the five components), and access simply ends — no email chain to chase, no stale copy in a buyer's shared drive. No other delivery method can make the report's shelf life and its access window the same thing.

Clients are pasting my Phase 1 into ChatGPT and sending me question lists — how do I stop it?

Fix it upstream: if the client cannot download the report, there is no file to paste into an AI tool. Consumer ChatGPT (Free and Plus) uses uploaded file content to train models by default — opting out means digging into Data Controls and turning off model training — so a several-hundred-page Phase 1 pasted in for a quick summary can become training data and generates a list of AI-invented objections you then answer on unbilled time. A view-only link with download off removes the source file from the equation; the remaining leak paths (retyping, a phone photo) are slow, partial, and deterred by a per-viewer watermark. Peony delivers the report as streamed browser pages with no downloadable file, so the easy paste-the-PDF path is closed. For the full playbook on keeping client documents out of AI systems, see how to stop clients uploading your reports to ChatGPT.

How do I see which pages of my report a client actually read?

Use page-level analytics, which record who opened the report, when, for how long, and how far they read. For a 200-to-400-page Phase 1, this tells you whether the lender read the conclusions and the limitations section or only skimmed the executive summary — and it gives you a timestamped access record for every named viewer. That record is quietly valuable: if a party later claims they relied on the report, you have evidence of exactly who accessed it and when, which maps directly to the §552 question of whom the information was supplied for. In Peony, page-level analytics are per viewer and per link, so your client, each reliance-letter recipient, and the lender's counsel each generate their own read trail. Advanced analytics are on the Business plan ($30 per admin per month); the full audit trail is on the Data Room plan ($52 per admin per month).

Is emailing the final Phase 1 PDF a liability risk?

Yes — emailing the final PDF is the moment your liability perimeter dissolves. Your report's limitation section asserts that only the named client may rely on it, but an email attachment carries none of that restriction with it: the client forwards it to their lender, the lender to their counsel, counsel to the next prospective buyer, and each hop is a party who never paid for reliance and never signed your contract but now holds your stamped conclusions. The document says one thing; the delivery method does the opposite. A view-only link is the first distribution method that actually enforces what the limitations language asserts — named viewers only, no forwardable file, access that expires with viability. Peony replaces the attachment with a link scoped to your client's email, download off, watermarked per viewer, so the report's distribution finally matches its own legal architecture. Not legal advice; state reliance law varies.

For one report going to a handful of named parties, a view-only link is enough — you do not need to build a whole data room to deliver a single Phase 1 to a client, their lender, and counsel. Reach for a room-shaped setup when your report is one of many: a portfolio deal where your Phase 1 sits in the buyer's diligence alongside 40 other documents is the buyer's data room, not yours, and you still deliver your copy under your own controlled link rather than surrendering the PDF to their room. The distinction is ownership of the perimeter: your link, your named viewers, your expiry, regardless of where the report ultimately gets referenced. Peony does both from the same account — individual view-only links for single deliveries, and full rooms when you are the one assembling the diligence set. For the buyer's side of that world, see commercial property due diligence and environmental due diligence.

Will controlled delivery actually help me sell more reliance letters?

Yes, because it converts reliance from a leaky default into a gate. When the PDF flows freely, every downstream party gets reliance-grade access for free and you never see the request; when the report is a view-only link scoped to your client, the lender who needs to rely has to come to you — and a reliance letter at $250 to $600 (or 10 to 20 percent of the engagement fee) is the only way through. One recovered $500 reliance letter pays for months of the tool. A firm doing 50 Phase 1s a year is protecting $150,000 or more of report value for about $52 a month, and each report becomes a small recurring reliance-letter business instead of a one-time deliverable that photocopies itself. In Peony, personalised links let you issue one named, watermarked, expiring link per reliance party and see in the analytics exactly who accessed what — the audit trail that makes the reliance workflow enforceable.

What does secure report delivery cost for a small environmental firm?

Peony has a free tier to start, then two plans that fit an environmental consultancy. Business is $30 per admin per month and adds screenshot protection, download prevention, a Simple NDA, advanced analytics, and AI document Q&A. The Data Room plan is $52 per admin per month and adds dynamic per-viewer watermarking, an Advanced NDA with a signed PDF and audit trail, granular permissions, unlimited storage and file size, a full audit trail, and a custom domain. Crucially, viewers are free and unlimited — your client, their lender, and counsel never need a paid seat, so the whole distribution list costs you nothing extra. For a one-to-15-person firm running 30 to 100 reports a year at $2,000 to $5,000 each, the meaningful comparison is not the $52 — it is the single forwarded report or unbilled AI question-list that the tool prevents. Pricing lives on the pricing page.

How do I add a per-viewer watermark to a 300-page Phase 1 report?

Turn on dynamic watermarking and it applies to every rendered page automatically — you do not stamp 300 pages by hand or bake a static mark into the PDF. A dynamic per-viewer watermark embeds each viewer's own identity (email and access time) into the pages as they view them, so a screenshot or phone photo of any page carries the identity of the exact person who took it. That is different from a static watermark, which is the same for everyone and proves nothing about who leaked. In Peony, dynamic per-viewer watermarking is on the Data Room plan ($52 per admin per month) and works across the full report and its appendices regardless of page count, on desktop and mobile. It pairs with screenshot protection (Business plan, $30 per admin per month), which blocks capture shortcuts, recording, and extensions in modern desktop browsers — though no software can stop a separate phone camera, which is exactly why the attributable watermark matters. See the dynamic watermarking guide for the full mechanics.