// Canary · tripwires for your files

Know the instant a baited file is opened.

Canary generates innocuous-looking decoy documents — PDF, Word, or HTML — each carrying a unique, unguessable callback. The moment someone opens one, their viewer quietly phones home, and you get an alert with the time, source IP, and user agent. The file renders perfectly normally; the intruder never knows.

Create a free account → Sign in

Mint a token

Pick a file type and name. Canary forges a decoy with a one-of-a-kind callback baked in.

Plant the bait

Download the file and drop it wherever you want to detect snooping — a share, a laptop, a vault.

It gets opened

The viewer auto-loads the embedded resource. Canary logs the hit and returns an invisible pixel.

You get the signal

Email, Slack, or a webhook fires — deduplicated, with the who, when, and where of the access.

Completely silent

The callback returns a 1×1 transparent pixel. Documents render normally; nothing tips off the opener.

Three trigger vectors

Word's remote images, a PDF open-action, and HTML image tags — each fires on open, not on a click.

Alerts that don't storm

Every fetch is logged, but alerts are deduplicated per token so one open is one notification.