State of M&A Data Rooms — Q2 2026 Read the report →
Peony LogoPeony

How to Share Price Lists and Product Catalogs Securely (2026 Guide)

Co-founder and CEO at Peony. I built the data room platform with a background in document security, file systems, and AI. Founded Peony in 2021 in San Francisco.

How to Share Price Lists and Product Catalogs Securely (2026 Guide)

Last updated: July 2026

Quick answer: In B2B wholesale, your price list is your margin structure, printed — and the catalog with pricing is a confidential document, not marketing. Emailing it as a PDF or Excel attachment loses control of it the instant you hit send: it can be forwarded to a competitor, it freezes at a stale version, exposes other accounts' tiers, and leaves you no record of who opened it — and distributing it without restriction can even undercut its trade-secret protection. The workflow that holds up replaces the attachment with an access-controlled link and layers six controls on top: per-account tier isolation so each buyer sees only their prices (visitor groups), version currency so recipients always open the current list (update links), revision-day hygiene (link expiry plus instant revoke), leak tracing (dynamic watermarks with viewer identity), engagement tracking (page-level analytics), and an access gate (NDA, password protection, verified email). A data room like Peony does all six with a send-a-link motion — Free to start, Business $30/admin/month, Data Room $52/admin/month, and recipients free, so a few hundred trade accounts don't multiply your cost.

I'm Deqian Jia, co-founder of Peony, a secure document-sharing and data-room company serving 5,900+ customers. Most writing about product catalogs is about making them pretty — flip-book animations, distribution reach, brand polish. This one is about the opposite problem, the one every commercial director at a wholesale distributor knows and no catalog tool solves: the catalog with your prices in it is confidential, and you are emailing it around as an attachment.

The people who search for this are not looking for a design tool. They are the commercial director or head of sales at a distributor or manufacturer — 10 to 200 staff, 200 to 2,000 SKUs, 50 to 500 active trade accounts, three to five pricing tiers, quarterly revisions — watching their price list get forwarded to competitors, watching buyers quote last quarter's numbers, and having no idea which accounts even opened the new catalog. If your business is heavily regulated — pharmaceutical distribution, medical devices, chemicals, ingredients — the confidentiality is not a preference but a legal necessity, and we go deep on the flagship case in the data room for pharmaceutical distribution. This post is the horizontal playbook that sits above it.

One framing before we start, because it prevents the wrong tool choice: this is outbound controlled distribution — you sending confidential pricing out to trade accounts. It is the mirror image of collecting documents from clients (inbound intake, files coming in) and distinct again from e-signing customer agreements at scale (signature workflows). Same underlying room; different direction of trust. Get the direction right and the rest follows.


Why is your price list a confidential document when your catalog is public marketing?

Because they encode two completely different things, and B2B wholesale is the one context where they fuse. A product catalog, on its own, is marketing — you want it seen, indexed, flipped through, shared. But the moment you print your prices into it — and especially your per-account, tiered prices — you have printed your margin structure, and that is the most closely guarded number in the business.

Here is the asymmetry that trips up so many distributors. Your list price might be semi-public. What is secret is the discount off list each account gets — the spread between what you pay to acquire or manufacture and what each tier of buyer pays you. That spread is your margin, and it is your negotiating position. A competitor who sees your price sheet does not just learn your prices; they learn exactly how much room you have to move, which accounts you favor, and where to undercut you with surgical precision. A buyer who sees another account's tier learns that they are paying more for the same goods — and now every renewal is a fight.

So the catalog is public marketing everywhere else in the economy, and in B2B wholesale the catalog-with-pricing is a confidential document. That single reframing is why the tools built to make catalogs beautiful — the flip-book makers, the distribution platforms — are solving a different problem than the one you have. They optimize for reach. You need the opposite: control.


Does sharing your price list without restriction weaken its trade-secret protection?

Yes — and this is the angle almost nobody in this market talks about, which is exactly why it matters. Your confidential pricing is, in legal terms, plausibly a trade secret: information that has commercial value precisely because it is not generally known. But trade-secret protection is not a status you own automatically. It is one you have to earn and maintain through conduct — and the central requirement is that you take reasonable measures to keep the information secret.

What a leaked price list costs: discount disputes, competitor undercutting, and in pharma an estimated 12-19% price erosion from parallel trade

That requirement has teeth. Courts have generally held that when a business distributes confidential information broadly and without restriction — emailing it freely, letting it circulate, never marking it, never controlling who receives it — it undercuts its own argument that the information was ever treated as a secret at all. You cannot claim in a dispute that your price list is a closely guarded trade secret if your actual practice was to attach it to any email that asked. Loose distribution does not just risk a leak; it can eviscerate the legal protection that would let you do anything about the leak.

The instinct is to fix this with an NDA, and you should have one — but here is the crucial nuance: the NDA is necessary but not sufficient. A non-disclosure agreement is a promise. It gives you a contractual claim after the fact. What it does not do is control access or prove that you restricted it. The measures that actually read as "reasonable secrecy" are the practical, technical ones:

  • Access restriction — the price list goes only to a defined, need-to-know list of accounts, not to anyone who asks.
  • Marking — the document is visibly labeled confidential, so no recipient can claim they didn't know.
  • Need-to-know segmentation — each account sees only its own tier, so the circle of exposure is as small as the business allows.
  • Audit trails — a log of exactly who accessed what and when, which is your evidence that access was controlled.

Notice what those four are: they are precisely what a data room does. Access restriction, confidential marking, per-tier isolation, viewer-identity watermarking, and a per-viewer audit trail are not just leak prevention — they are the technical enforcement layer that also serves as evidence you took protection seriously. The NDA is the promise; the access controls are the proof. That combination is the part nobody sells as a package, and it is the part that turns "we asked them not to share it" into "we restricted access, marked it, and can show exactly who opened it."

(This is general information, not legal advice. Trade-secret law varies by jurisdiction — confirm your specific position with qualified counsel.)


What does a leaked price list actually cost you?

More than the abstract fear suggests, and in ways that compound. Break the cost into three buckets, from the everyday to the extreme.

Per-account discount disputes. This is the quiet, constant tax. The moment one account sees another's tier — through a forwarded sheet, an all-tiers master document, or a rep's mistake — you get the "why is my price higher?" conversation. It is corrosive because it is unwinnable: the buyer now knows you have room to move, so every renewal starts from a worse anchor, and the trust that let you hold a tier erodes. Multiply that across a book of 50 to 500 accounts and a few leaks a year, and the margin bleed is real even though no single incident makes the news.

Competitor undercutting. A competitor holding your price sheet does not compete on your terms; they compete on theirs, because they can see exactly where to sit to win your accounts without leaving a cent on the table. A leaked list turns a negotiation into a known-answer test where they hold the key. This is the leak that costs you customers, not just margin.

The regulated extreme — reference pricing and parallel trade. In verticals where prices propagate across markets, a single leak can drag your whole price structure down. Pharmaceuticals are the clearest example. International reference pricing (IRP), used in 75 or more countries, means a low price surfacing in one market can become the benchmark that reference-pricing regulators elsewhere anchor to — so a leak does not stay local, it travels. And in the EU, parallel trade — arbitrage on cross-border price gaps — has been found to reduce manufacturers' prices by roughly 12 to 19 percent according to health-economics research, with manufacturers running quota systems specifically to blunt it. (These figures are directional and drawn from published research; treat them as the shape of the risk rather than a guarantee for any given product.) Germany's 2024 reforms even introduced confidential reimbursement prices for the express purpose of impeding international reference pricing — a regulator building secrecy in because leaked prices are that damaging.

You do not need to be a pharma wholesaler for the logic to bite. Any business with tiered pricing, tender bids, or cross-market exposure carries some version of this. The catalog with prices is the document that, leaked, costs the most — which is exactly why it deserves the most control.


How do you build the control stack for confidential pricing?

You map each pain to a specific mechanism, and you send a link instead of an attachment. The whole stack is six controls; here is each one, answer first, with the pain it kills.

The price-list control stack: gate access, isolate tiers, watermark, update in place, revoke, track opens

How do you isolate pricing tiers so each account sees only its own?

You segment access at the group level, so each account is walled into exactly one tier. Instead of maintaining separate PDFs per account and praying you attach the right one, you build a group per pricing tier — Tier A distributors, Tier B resellers, Tier C direct — assign each account to one group, and each group sees only its own catalog and price sheet. In Peony this is visitor groups: per-group access, its own NDA gate, and pre-qualification questions before anyone gets in. A Tier C buyer cannot scroll into Tier A's discounts because the file was never in their room. Cross-tier leakage — the source of most discount disputes — moves from something you police to something that is structurally impossible.

How do you keep buyers on the current version after a revision?

You give every account a permanent link and swap the file behind it. The stale-catalog problem is created entirely by attachments: once a PDF lands in 300 inboxes, it is frozen at that version forever. A persistent link inverts that — with update links, you replace the underlying file in place, and the next time any account opens their existing link, they see the current catalog with no resend. You publish the quarterly revision once, and every trade account is looking at accurate pricing the moment they next click through. No blast email, no version numbers in filenames, no buyer quoting a number you retired last quarter.

How do you handle revision day cleanly?

You expire the old and revoke on demand. On revision day you set link expiry on the outgoing quarter so the previous sheet stops opening on a date you choose, and you keep instant revoke ready to kill any link the moment a price changes mid-quarter or an account relationship ends. Revocation takes effect the next time anyone tries to open the link — no email chain, no "please delete the old one" request that nobody honors. Between update-in-place (which prevents stale copies) and expiry-plus-revoke (which cleans up any that exist), the whole version-chaos problem that plagues emailed pricing simply stops.

How do you trace a leak back to who leaked it?

You burn the viewer's identity into every page. Dynamic watermarks stamp each view with the viewer's email and a timestamp, so a screenshot that escapes still names the account it came from. You cannot make a document physically unshareable, but you can make sharing it a self-incriminating act — and that is most of the deterrent. Watermarking is available on the Data Room plan ($52/admin/month). Combined with an access-controlled link (there is no loose PDF to forward, only a link you can kill), leaking moves from a free, invisible act to a traceable, costly one.

How do you see which accounts engaged with the new catalog?

You read the analytics on the link. Page-level analytics log each open with the account's email and timestamp, and go further — showing which product pages each account read and how long they lingered. So you know your biggest reseller opened the new line sheet twice and dwelt on the premium range, that three accounts haven't opened it yet and need a nudge, and which products are drawing attention. The catalog stops being a document you fire into the void and becomes an engagement signal your reps act on the same week.

How do you gate access before anyone opens anything?

You put a door in front of the room. Before a buyer sees a single price, they clear an NDA gate, a password, or a verified-email check — whichever the sensitivity warrants. The NDA gate matters doubly here: it captures the contractual promise and, combined with the access log, forms part of your evidence of reasonable secrecy. Verified email ties every open to a real, named account. The gate is what turns "here's a link" into "here's a controlled, identified, agreement-bound act of access."

That is the stack: gate, isolate, update, expire-and-revoke, watermark, track. Six mechanisms, one send-a-link motion, and every one of them maps to a pain that emailed PDFs cannot touch.


Which tool actually fits: catalog software, a B2B portal, a digital sales room, or a data room?

This is the real decision, and the honest answer is that these four categories solve four different jobs — the trick is matching the tool to the job you actually have, and I'll concede plainly where Peony is the wrong choice.

Catalog software — Flipsnack, DCatalog, Publitas, Catalog Machine, Akeneo Shared Catalogs — does the presentation and distribution job, and does it beautifully. Flip-book animations, rich media, embeddable galleries, PIM-driven product data at scale. If your catalog is public marketing you want seen far and wide, this is unequivocally the better tool, and you should use it. Security in this category is a footnote — a password field, maybe an OTP or SSO bolt-on — because reach, not confidentiality, is the point. Where they fall down is exactly your problem: they are not built to isolate per-account pricing tiers, watermark by viewer identity, or give you an audit trail that could stand as evidence. A catalog tool makes it pretty. It does not make it confidential.

B2B portals and e-commerce — Salesforce B2B Commerce, SuiteDash, Shopify B2B — do the full logged-in self-service job: accounts, catalogs, real-time stock, self-service ordering, reorder history. If your operation is transaction-heavy — buyers place their own orders, you need commerce running end to end — this is the right category, and I won't pretend a data room replaces it. The honest caveat is scope and time: a portal is a build project, typically a quarter or more of implementation and budget, and it is a lot of machinery if all you actually need is to get confidential pricing to the right accounts. You buy the portal for transactions, not for a document you revise quarterly.

Digital sales rooms — GetAccept, Dock — do the single-deal job: a curated microsite per prospect for one sales cycle, mutual action plans, one buyer at a time. Excellent for a complex individual deal; a mismatch for standing, multi-account confidential distribution to 50 to 500 trade buyers every quarter. Different tempo entirely.

A data room does the control and confidentiality job with a send-a-link motion. Access restriction, per-tier isolation, viewer-identity watermarking, version currency, revoke, and per-viewer audit trails — the exact stack confidential pricing needs — with no build and no login for buyers to learn. It is not prettier than a catalog tool and it does not process orders like a portal. What it does is make the confidential catalog controlled.

The one-line cut that decides it:

A catalog tool makes it pretty. A portal takes a quarter to build. A data room makes it controlled this afternoon.

Many distributors run more than one — a catalog tool for the public marketing catalog, a portal for ordering, and a data room for the confidential document layer that neither of the other two was built to protect. That is not a contradiction; it is matching each job to the tool that does it.


What does the pharmaceutical example teach the rest of us?

It teaches the general lesson in its sharpest form: sometimes the catalog legally cannot face the public at all. A pharmaceutical wholesaler distributing prescription-only medicines operates under advertising rules that prohibit promoting those products to the general public — the catalog of what they stock, and the price list against it, can lawfully be shown only to qualified trade buyers like pharmacies and prescribers, never posted openly. So for a pharma distributor, gating is not a security preference; it is a legal necessity, and the confidential set — price lists, product availability, specials lists, batch-specific certificates, credit terms — has to move through controlled, access-restricted, audit-logged channels by law. The full regulated-vertical deep dive lives in the data room for pharmaceutical distribution. And pharma is not alone: its regulated cousins — medical devices, industrial chemicals, food ingredients — carry their own versions of the same constraint, where confidential specs, certificates, and pricing cannot circulate freely. What is a strong best practice for a general wholesaler is a legal requirement for them, which makes them the clearest proof that controlled distribution is a real category, not a nice-to-have.


What does it cost to share price lists securely — and does it beat emailed PDFs?

It costs a handful of internal seats, because Peony is priced per admin seat, not per recipient — which is the whole reason it works at 50 to 500 trade accounts. The plans:

  • Free — $0. Enough to test the motion: create a room, gate a link, send it.
  • Business — $30/admin/month. Adds the working stack: visitor groups, update links, page-level analytics, NDA gating, and e-signatures.
  • Data Room — $52/admin/month. Adds the confidentiality layer that this use case leans on: dynamic watermarks with viewer identity, granular permissions, Screenshield (enhanced screenshot protection), instant revoke, and link expiry — plus unlimited rooms.

The load-bearing detail: your trade buyers are free on the other side of the link. Whether you distribute to 50 accounts or 500, the cost is your few internal admin seats — it does not multiply with your customer list. Contrast that with per-external-user portal or seat-based tools, where onboarding hundreds of trade accounts can run into thousands of dollars a year before you have shared a single price.

Is it worth it over "free" emailed PDFs? Weigh the seat price against one leaked price sheet: one competitor undercutting you on a leaked list, or one season of discount disputes after a buyer sees another's tier, costs more than years of a seat. Emailed PDFs only feel free — they carry the full, unbilled cost of every leak, every stale-price dispute, and every hour a rep spends chasing forwarded files. For a document that literally encodes your margin, a controlled seat is the cheap side of the trade.


Frequently Asked Questions

Our price list keeps getting forwarded to competitors — how do we actually stop it?

You cannot make a document unforwardable, but you can make forwarding pointless and traceable, which is what actually deters it. Three mechanisms do the work. First, stop attaching the file at all — share an access-controlled link that opens the price list in the browser, so there is no PDF to forward, only a link that dies when you kill it. Second, stamp every view with a dynamic watermark carrying the viewer's email and a timestamp, so a leaked screenshot names the account that leaked it. Third, gate access behind a named email and, where warranted, an NDA, so opening the list is an identifiable, logged act. With Peony you get all three: the link opens in-browser, watermarks are burned in per viewer on the Data Room plan, and every open is logged. A forwarded link now points back to the leaker or simply stops working.

How can I tell if a trade customer forwarded our confidential pricing to someone else?

You watch the analytics on the link, not the file. When a price list is shared as an access-controlled link instead of an attachment, every open is logged with the viewer's email, IP, device, and timestamp — so an account that opens from three cities in an afternoon, or an email domain you never granted, surfaces the leak. Dynamic watermarks close the loop: a screenshot that escapes still carries the name of the account it came from, because their identity is burned into the page. In Peony, page-level analytics show you exactly who opened the catalog and which product pages they read, and the audit trail is per-viewer. You will not catch every casual forward, but the combination of a revocable link, a per-viewer log, and identity watermarking turns leaking from a free, invisible act into a traceable one — which is most of the deterrent.

Does emailing our price list around without restrictions weaken its trade-secret protection?

It can, and this is the part most distributors miss. Trade-secret protection is not automatic — it depends on the information having commercial value from being secret and on the owner taking reasonable measures to keep it secret. Courts have generally held that if you distribute confidential information broadly and without restriction, you undercut the argument that you treated it as a secret at all. An NDA is a necessary starting point, but on its own it is a promise, not a control. The measures that read as reasonable secrecy are the practical ones: restricting access to a need-to-know list, marking the document confidential, and keeping an audit trail of who accessed it. Those are exactly the controls a data room applies — access restriction, confidential marking, watermarking, and per-viewer logs — so the technical enforcement doubles as evidence you took protection seriously. This is general information, not legal advice; confirm your position with counsel.

How do I share different pricing tiers so each of our 300 accounts only sees their own prices?

You segment access at the group level so each account is walled into its own tier and never sees another's. Instead of maintaining 300 separate PDFs and hoping you attach the right one, you create a group per pricing tier — say Tier A distributors, Tier B resellers, Tier C direct — and assign each account to exactly one group, with that group seeing only its own catalog and price sheet. In Peony this is the visitor-groups feature: per-group access, its own NDA gate, and pre-qualification questions before anyone gets in. The buyer opens their link and sees their prices, full stop; there is no shared document where a Tier C account can scroll into Tier A's discounts. When a tier's pricing changes, you update that group's file once and every account in it sees the new number. Cross-tier leakage — the source of most discount disputes — becomes structurally impossible rather than something you police.

A buyer quoted a discount tier that wasn't theirs — how did they see it, and how do we prevent it?

Almost always it happened because a single document carried every tier, or someone forwarded a better-priced account's sheet. If your master price list is one spreadsheet with all tiers in adjacent columns, any recipient who scrolls sees the whole ladder — and one forward exposes it to an account it was never meant for. The prevention is isolation, not redaction: give each pricing tier its own file and its own access group, so a Tier C buyer literally cannot open Tier A's numbers because they were never granted the file. In Peony, visitor-groups enforce that separation, and dynamic watermarks mean any sheet that does leak names the account it came from, so the forwarder is identifiable. Stop distributing an all-tiers master document externally; distribute per-tier links. The buyer sees their price and only their price, and cross-tier disputes stop starting.

We just pushed a quarterly price revision — how do we revoke the old list so buyers stop quoting stale prices?

You revoke the old links and, better still, you never had loose copies to chase. If the last revision went out as emailed PDF attachments, there is no clean way to recall them — the fix is to move the current cycle onto access-controlled links you can turn off. On revision day you do two things: set link expiry on the outgoing quarter so the old sheet stops opening on a date you choose, and use instant revoke to kill any link immediately if a price changes mid-quarter. In Peony both are built in, and revocation takes effect the next time anyone tries to open the link — no email chain, no please-delete request. The deeper fix is version currency: with update links, buyers reopen the same URL and always land on the current file, so the stale-PDF problem never starts. Revoke handles the legacy copies; update-in-place prevents the next round of them.

How do we make sure buyers always open the current catalogue without re-emailing 300 accounts?

You give every account a link that never changes and swap the file behind it, so the URL is permanent and the contents are always current. The stale-catalog problem is created by attachments: once a PDF lands in 300 inboxes it is frozen at that version forever, and your only recourse is to email a correction and hope people open the newest one. A persistent link inverts that — you replace the underlying file in place, and the next time any of the 300 accounts opens their existing link, they see the new catalog with no resend. In Peony this is the update-links feature: recipients always open the current version at the same address. You publish the quarterly revision once, and every trade account is looking at accurate pricing the moment they next click through. No blast email, no version numbers in filenames, no buyer quoting a number you retired last quarter.

How do I track which of our trade accounts actually opened the new catalogue?

You read page-level analytics on the shared link, which turn a silent send into a visible one. Emailed attachments give you nothing — an open rate on the email at best, and no idea whether anyone actually looked at the catalog. An access-controlled link logs each open with the account's email and timestamp, and page-level analytics go further: they show which product pages each account read and how long they lingered, so you can see that your biggest reseller opened the new line sheet twice and dwelt on the premium range. In Peony, this feeds directly into sales follow-up — you know which accounts have seen the new pricing, which have not opened it yet and need a nudge, and which products are drawing attention. The catalog stops being a document you fire into the void and becomes an engagement signal your reps can act on the same week.

Is emailing per-account price lists as PDF or Excel attachments a real security risk?

Yes — it is the single riskiest habit in B2B distribution, because email inverts every control you would want. Once you attach a price list, you lose it: the file lands unencrypted in an inbox, syncs to phones and laptops, can be forwarded to a competitor in one click, and cannot be recalled. Excel is worse than PDF, because hidden columns, other tiers, and formula-linked cost bases often travel inside the workbook without the sender realising. You get no record of who opened it, no way to expire it after a revision, and no way to prove — if trade-secret status is ever tested — that you restricted access at all. The alternative is not to encrypt the attachment but to stop sending one: share an access-controlled, watermarked link that opens in the browser, logs every view, and dies when you revoke it. The file never leaves your control because there is no loose file.

It depends on whether you are running transactions or distributing documents. A full B2B portal — logged-in accounts, self-service ordering, real-time stock, reorder history — is the right tool when buyers place orders themselves and you need commerce, but it is a build project measured in months and budget. If your actual job is getting the current confidential catalog and each account's price sheet into the right hands, controlled and tracked, a secure document link does that this afternoon with no build. The honest test: if buyers need to transact online, you need a portal or B2B e-commerce; if they need to receive and view confidential pricing, you need controlled sharing. In Peony you set up per-tier groups and send links today — no login for buyers to learn, no quarter-long implementation. Many distributors run both: a portal for ordering and a data room for the confidential document layer that a storefront was never built to protect.

Is a data room overkill just for sharing price lists with wholesale customers?

Not if the price list is confidential and the tiers must stay separate — that is precisely the job a data room does, minus the M&A baggage the name implies. The word conjures billion-dollar deals, but the underlying capability is narrow and exactly what a price list needs: restrict access to named accounts, isolate each pricing tier, watermark every view, keep the current version live, revoke on revision day, and log who opened what. A consumer file-sharing tool gives you a link and a password; it does not give you per-account tier isolation, viewer-identity watermarking, or an audit trail that could stand as evidence of reasonable secrecy. For a one-off, non-confidential public catalog, a data room is indeed more than you need — use a catalog tool. For confidential per-tier pricing sent to 50 to 500 trade accounts every quarter, it is the right-sized control, and on Peony it starts free and runs to $52 per admin per month with recipients free.

What does it cost to share price lists securely with a few hundred trade accounts — and is it worth it over emailed PDFs?

Peony is priced per admin seat, not per recipient, which is what makes it viable at 50 to 500 accounts: Free at $0, Business at $30 per admin per month, and Data Room at $52 per admin per month, with your trade buyers free on the other side of the link. So whether you send to 50 accounts or 500, the cost is your handful of internal seats — it does not multiply with your customer list, unlike per-external-user portal pricing that can run into thousands. On the worth-it question, weigh it against a single leaked price list: one competitor undercutting you on a leaked sheet, or one round of discount disputes when a buyer sees another's tier, costs more than years of a seat. Emailed PDFs feel free, but they carry the full cost of every leak, every stale-price dispute, and every hour spent chasing forwarded files. The seat price buys control over the document that encodes your margin.


I'm the finance analyst asked to evaluate a tool for sharing our price lists — how do I build the business case?

Frame it as margin protection with an audit trail, not software spend. Three numbers carry the case. One: the cost of a single cross-account pricing dispute — one renegotiated tier typically exceeds a year of tooling. Two: the pricing model — Peony charges per admin seat ($30-$52/admin/month) and recipients are free, so 300 trade accounts cost the same as 30; per-user-external tools scale the bill with your customer list. Three: the evidence value — per-viewer logs and identity watermarks double as the documented reasonable-secrecy measures counsel wants behind a trade-secret position, and as the who-saw-what record finance owns at audit time. Put that against the incumbent free workflow, whose real costs surface as leaked tiers, stale-price disputes, and zero visibility.

The bottom line: control the document that encodes your margin

Your price list is your margin structure, printed — and in B2B wholesale, the catalog that carries it is a confidential document, not marketing. Emailing it as a PDF or Excel attachment loses control of it at the exact moment control matters most: it forwards to competitors, freezes at a stale version, exposes other accounts' tiers, leaves no record of who opened it, and can even erode the trade-secret protection that would let you fight a leak. Every one of those failures is a direct consequence of sending a loose file.

The workflow that holds up is the same whether you distribute industrial parts, ingredients, medical devices, or medicines: stop sending the file, send an access-controlled link, and layer the six controls — gate, isolate per tier, keep the version current, expire and revoke on revision day, watermark by viewer, and track opens. Match the tool to the job honestly: a catalog tool for the public marketing catalog, a portal for transactional ordering, and a data room for the confidential document layer neither was built to protect.

  • A public marketing catalog you want seen widely: use a catalog tool — Flipsnack, Publitas, DCatalog. Peony is the wrong tool for that, and I'll say so.
  • Buyers placing their own orders, transaction-heavy: you need a B2B portal or e-commerce. That's a build; plan for it.
  • Confidential per-tier pricing sent to 50 to 500 trade accounts every quarter: run it in a Peony room — visitor groups, update links, watermarks, analytics, expiry, and revoke, with the NDA gate that doubles as evidence of reasonable secrecy, SOC 2 Type II underneath, and 5,900+ customers already on it.

Set up a room at peony.ink in under five minutes, build your tier groups, and send each account a link that shows only their prices — current, watermarked, revocable, and off the email-attachment treadmill for good. Start free or compare plans.



Sources

  • Trade-secret / reasonable-secrecy principle: general trade-secret doctrine (information with commercial value from secrecy, maintained by reasonable measures — access restriction, confidential marking, need-to-know, and audit trails as evidence of those measures). Framed generically; jurisdiction-specific — not legal advice.
  • International reference pricing: international/external reference pricing is used in 75+ countries as a price-setting mechanism (published pharmaceutical-pricing policy literature); Germany's 2024 reform introduced confidential reimbursement prices to impede reference-pricing propagation.
  • Parallel trade price effect: health-economics research finding parallel imports reduced manufacturers' prices by roughly 12-19% (Ganslandt & Maskus, Journal of Health Economics, 2004). Directional; product- and market-dependent.
  • Pharmaceutical advertising restriction (context): prescription-only-medicine advertising to the general public is prohibited under UK medicines regulation, with trade communication to qualified persons permitted — the legal basis for gated pharma catalogs. See the data room for pharmaceutical distribution.
  • Catalog / portal / DSR landscape: category positioning of catalog software (Flipsnack, DCatalog, Publitas, Catalog Machine, Akeneo Shared Catalogs), B2B commerce/portals (Salesforce B2B Commerce, SuiteDash, Shopify B2B), and digital sales rooms (GetAccept, Dock) per their 2026 product pages and G2/Capterra listings.
  • Peony capabilities: Peony product pages — visitor groups, update links, watermarks, page-level analytics, link expiry, revoke access, NDA gate, password protection, and pricing (Free / Business $30 / Data Room $52 per admin/month, recipients free; SOC 2 Type II; 5,900+ customers).

This guide is general information for teams distributing confidential price lists and catalogs, and is not legal, tax, or compliance advice. Tool features, pricing, and regulatory obligations change — verify current plans and requirements, and consult qualified counsel before relying on any workflow for trade-secret or regulated data. Peony controls, permissions, marks, and logs documents; it is not an e-commerce/ordering system and is not a substitute for legal trade-secret protection. Reference-pricing and parallel-trade figures are directional and drawn from published research; verify for your specific market and product.