Do clients need to create an account to use the portal?

No. Clients access the portal through a magic link sent by email. The link authenticates them without a password. There is no account to create or app to download. Magic links expire after a configurable period — the default is 30 days.

What happens if a client closes the portal before finishing?

Their progress is saved automatically after each completed field. When they return using the same portal link, they pick up exactly where they left off. Nothing is lost if they close the browser or switch devices.

Can a client upload documents from a mobile device?

Yes. The portal is mobile-responsive. Clients can upload files from their phone's camera roll or file storage, and fields with camera capture enabled let clients photograph documents directly using the device camera. Clients can also complete text fields, sign documents using touch input, and submit payment — all from a mobile-optimized form.

What if a client's magic link expires?

You can resend the portal link from the client record. Go to the client record, click 'Send Portal Link,' and the client receives a new magic link email. Their progress from the previous session is preserved.

Can two contacts at the same client organization use the portal simultaneously?

Each portal invitation is issued to a specific email address. If different people at the same organization need to complete different steps, each person should receive their own invitation for their specific steps. This is common for business clients where one person handles documents and another handles signatures or payment.

Is client data secure in the portal?

Yes. All data transmitted to and from the portal is encrypted in transit using TLS. Files are stored in encrypted cloud storage. Portal links are unique to each client and each session. We do not store payment card data — payments are processed through Stripe and your firm never sees raw card numbers.

Can I set the passcode myself for the client?

No. The firm enables the passcode requirement, but only the client can set their own passcode. This is by design — you never know your client's passcode, which protects both parties. The client receives a setup link by email and creates the code themselves.

What if the client never sets up their passcode?

You can resend the setup email from the client's Settings panel under Portal access control. Until the client actually creates a passcode, the original magic link continues to work. Once setup is completed, future visits prompt for the passcode before access continues.

Does the passcode gate apply to the checklist, signatures, and payments?

Yes. All portal pages — checklist, documents, payments, and files — sit behind the same passcode gate when protection is enabled. There is no way to access any part of the portal without first passing the passcode entry.

Can I use passcode protection without the client having an email?

No. The setup flow and the reset flow both require email delivery. A client must have a reachable email address to receive the setup link and, if needed, a reset OTP.

Do passcode-protected sessions expire?

Yes. Passcode-protected sessions expire automatically. When that happens, the client is prompted to enter their passcode again. They do not need to repeat the setup flow unless they are creating a passcode for the first time or resetting a forgotten one.

Do clients need to create an account to use the portal?

No. Clients access the portal through a magic link sent by email. The link authenticates them without a password. There is no account to create or app to download. Magic links expire after a configurable period — the default is 30 days.

What happens if a client closes the portal before finishing?

Their progress is saved automatically after each completed field. When they return using the same portal link, they pick up exactly where they left off. Nothing is lost if they close the browser or switch devices.

Can a client upload documents from a mobile device?

Yes. The portal is mobile-responsive. Clients can upload files from their phone's camera roll or file storage, and fields with camera capture enabled let clients photograph documents directly using the device camera. Clients can also complete text fields, sign documents using touch input, and submit payment — all from a mobile-optimized form.

What if a client's magic link expires?

You can resend the portal link from the client record. Go to the client record, click 'Send Portal Link,' and the client receives a new magic link email. Their progress from the previous session is preserved.

Can two contacts at the same client organization use the portal simultaneously?

Each portal invitation is issued to a specific email address. If different people at the same organization need to complete different steps, each person should receive their own invitation for their specific steps. This is common for business clients where one person handles documents and another handles signatures or payment.

Is client data secure in the portal?

Yes. All data transmitted to and from the portal is encrypted in transit using TLS. Files are stored in encrypted cloud storage. Portal links are unique to each client and each session. We do not store payment card data — payments are processed through Stripe and your firm never sees raw card numbers.

Can I set the passcode myself for the client?

No. The firm enables the passcode requirement, but only the client can set their own passcode. This is by design — you never know your client's passcode, which protects both parties. The client receives a setup link by email and creates the code themselves.

What if the client never sets up their passcode?

You can resend the setup email from the client's Settings panel under Portal access control. Until the client actually creates a passcode, the original magic link continues to work. Once setup is completed, future visits prompt for the passcode before access continues.

Does the passcode gate apply to the checklist, signatures, and payments?

Yes. All portal pages — checklist, documents, payments, and files — sit behind the same passcode gate when protection is enabled. There is no way to access any part of the portal without first passing the passcode entry.

Can I use passcode protection without the client having an email?

No. The setup flow and the reset flow both require email delivery. A client must have a reachable email address to receive the setup link and, if needed, a reset OTP.

Do passcode-protected sessions expire?

Yes. Passcode-protected sessions expire automatically. When that happens, the client is prompted to enter their passcode again. They do not need to repeat the setup flow unless they are creating a passcode for the first time or resetting a forgotten one.

Client portal | SwiftChecklist Help Centre

Help clients finish onboarding from one branded link instead of bouncing between email attachments, signatures, and payment requests.

The client portal is the onboarding experience your clients see. It is the branded, secure link where clients complete everything — intake questions, document uploads, signature, and payment — without creating an account or downloading software.

The portal should feel like the front door to your firm: professional, clear, and organized. A well-configured portal tells clients you have done this before.

How clients access the portal

When you send a checklist invitation, the client receives an email from your firm. The email contains a unique magic link — a one-click URL that authenticates the client when they open it.

No password. No account creation. The link is the authentication.

When the client clicks the link, they land on the portal home screen, which shows:

Your firm's name and logo
The title of their onboarding checklist
A list of the steps they need to complete
A progress indicator showing which steps are complete and which are pending

The client experience, step by step

Arriving at the portal: The client sees a welcome screen with your firm's branding and the checklist title. If you have configured a welcome message, it appears here. This is a good place to explain what the onboarding process covers and roughly how long it takes.

Completing fields: The client moves through each step in order. Required fields must be completed before the next section unlocks. Optional fields are labeled clearly and can be skipped.

Uploading documents: File upload fields show a clearly labeled upload area. Clients can drag and drop files or use the file picker. On mobile devices, fields with camera capture enabled also show a "Take a Photo" button that opens the device camera directly — useful for photographing documents, receipts, or ID cards without leaving the portal. After upload, the file name and size are displayed as a confirmation. Clients can replace a file by uploading a new one to the same field.

Signing documents: Signature fields display the document in a readable format with a signature widget below. The client can sign using a mouse, trackpad, or touch input. After signing, they receive an immediate confirmation that the signature was recorded. A copy of the signed document is sent to the email address on the checklist instance.

Completing payment: Payment fields display the amount, a brief description, and a payment form. Payment is processed through Stripe. The client's card information is entered directly in the Stripe-hosted form and is never transmitted to or stored by SwiftChecklist. After payment, the client receives a receipt email from Stripe.

Finishing the checklist: After the last required step is completed, the client sees a completion screen. The completion message should confirm what was received and explain what happens next. Clients often return to the portal after submission to re-read the completion message or download their signed documents.

Writing good portal copy

The quality of your portal copy directly affects how often clients complete onboarding without asking for help. Every field should answer these questions without the client having to email you:

What specifically are you asking them to do?
Why do you need it?
What counts as a valid response?
What should they do if they cannot complete this step?

Poor field label: "Documents" Better field label: "Upload your most recent business bank statements (January–March 2026)"

Poor field instructions: "Please provide the required documents." Better field instructions: "Upload all pages as a single PDF. If you have statements from multiple accounts, upload each account as a separate file. If March is not yet available, upload January and February and note the missing month in the comments."

The second version answers every question the client was going to ask.

Customizing the portal appearance

All portal customization is controlled from Settings → Branding:

Logo: Appears in the portal header. Upload a horizontal version of your logo at high resolution. The portal scales it automatically, but blurry logos at any size indicate a low-resolution source file.

Brand colors: The Primary Color is used for buttons, progress indicators, the portal banner, and highlighted active steps. The Secondary Color is used for backgrounds and secondary visual elements. Both are set using hex values.

Portal welcome message: An optional introductory message shown to the client when they first open their portal. Use this to confirm what the checklist is for and how long it takes to complete.

Portal completion message: Shown to the client after they submit. This message should confirm what was received and what happens next. "You're all set — we'll review your submission and contact you within one business day to confirm your account is open" is an example that does both.

Plan note: Custom branding (logo and colors) requires Pro or above. Removing the "Powered by SwiftChecklist" badge requires Firm or above.

Sending and resending portal links

First invitation: From any checklist, use the Send button (top-right in the checklist builder, or via the Send Link option in the checklist card menu). Enter the client's email address and an optional personal message, then click Send.

Resending after a link expires or goes unopened: From the client record, click Send Portal Link. A new magic link is generated and the previous link is invalidated. The client receives a fresh email with the new link.

Sharing the link manually: In some cases, you may need to share the portal link directly rather than through email — for example, if a client asks you to text them the link. Copy the portal URL from the instance view and share it through your preferred channel. Note that the link authenticates the client, so treat it like a password — do not share it with anyone other than the intended recipient.

Handling common client questions

"I didn't receive the email" Ask the client to check their spam or junk folder. If it is not there, confirm the email address is correct from the client record, then click Send Portal Link. If delivery continues to fail, confirm the address, resend the link, and contact support if the message still does not arrive.

"The link says it has expired" Magic links expire after 30 days by default (configurable). Open the client record and click Send Portal Link to generate a fresh link. Their progress is preserved.

"I uploaded the wrong document" The client can replace a file by opening the same upload field and uploading the new file. They do not need to complete the whole checklist again.

"I'm not sure what you're asking for" This is a signal to improve the field instructions. After answering the client's question, go back to the template and update the instructions for that field so the next client does not have the same question.

"I already signed but it's still showing as incomplete" This occasionally happens if the browser is interrupted during the signing step. Ask the client to re-open the portal link and check the status of the signature field. If it still shows incomplete, contact support with the instance ID.

Portal access control

By default, portals are open: any client who has the portal link can view their content immediately after clicking it. That is sufficient for most engagements.

Portal access control adds an optional numeric passcode layer on top of the magic link. When the client has finished setting it up, they must enter that passcode before opening the portal. Use this for sensitive engagements — legal matters, mergers and acquisitions, high-value financial work, or any situation where link forwarding is a meaningful risk.

How the passcode system works

The firm enables the passcode requirement. The client creates the passcode. Your firm does not retrieve or view the client's passcode.

The flow from start to finish:

You toggle Require passcode on in the client's Settings panel
The client receives a setup email with a secure token link
The client clicks the link, enters the passcode twice to confirm, and the passcode is set
From that point forward, every visit to the portal begins at the passcode entry screen
When the portal session expires, the client is prompted to enter the passcode again

If a client forgets their passcode, they complete a reset flow through verified email access. The passcode is not something your team can look up for them.

Enabling passcode protection

Open the client record → click the Settings tab
Find the Portal access control section
Toggle Require passcode to on
The client receives a "Set up your secure portal access" email immediately
If the client has not completed setup yet, you can resend the setup email from the same panel
Once the client sets their passcode, subsequent visits require it before any content loads

If the client did not receive the setup email or needs it resent, click Resend setup email in the Portal access control section.

What the client experiences

Initial setup:

Client receives the "Set up your secure portal access" email
Client clicks the link → lands on the passcode setup page
Client enters the passcode in both fields to confirm
After confirming the codes match, the portal opens immediately
All future visits begin at the passcode entry screen

Returning visits:

Client opens their portal link (or visits the universal login page)
Passcode entry screen appears
Client enters their passcode
Portal opens — same as a normal visit

Sessions persist for a limited period after successful entry. During that window, the client can return without being re-prompted. After the session expires, the passcode entry screen appears again.

Clients who have lost their portal link, or who want to access all their portals from one place, can use the universal login page at swiftchecklist.com/client-login.

Two login methods are available:

Email OTP:

Client enters their email address
A one-time code is sent to that email
Client enters the code → sees a list of all portals tied to that email address
Selecting a portal opens it directly

If that portal has passcode protection, the passcode gate appears after the portal is selected.

Email and passcode:

Client enters their email address and their passcode
They are taken directly to the portal associated with that combination
No separate passcode gate appears — successfully entering here counts as the session authentication

The universal login page works whether or not passcode protection is enabled. Clients without passcode protection can use the email OTP tab to recover access to a portal whose link they have lost.

Handling failed attempts and lockouts

Repeated incorrect passcode entries trigger a temporary lockout. During that time, the client cannot keep guessing indefinitely and should use Forgot passcode? if they no longer know the passcode.

The lockout clears automatically, and a successful reset also restores access.

Resetting a forgotten passcode

Client-initiated reset:

On the passcode screen, click Forgot passcode?
Enter the email address on the account — a one-time code is sent to that address
Enter the OTP, then enter a new 6-digit passcode twice
The new passcode is active immediately and the portal session begins

Firm-assisted reset:

The firm has no direct way to view or reset the client's passcode. To trigger a fresh setup:

Open the client record → Settings tab → Portal access control
Toggle Require passcode off — you will be prompted to enter the current passcode to confirm
If you do not know the passcode (which is expected), the client must complete the client-initiated reset above first, or you can go through the setup cycle: disable and re-enable passcode protection
Toggle Require passcode on again — a new setup email is sent and the client creates a new code

This cycle is the recommended path when a client is fully locked out and cannot receive email.

Disabling passcode protection

Open the client record → Settings tab → Portal access control
Toggle Require passcode off
Enter the current client passcode when prompted — this confirms the change is intentional
Passcode protection is removed immediately
All active session tokens for that client are invalidated — existing sessions end

After disabling, the portal returns to link-only access. Anyone with the portal link can open it without a passcode prompt.

Note: Disabling passcode protection requires entering the current passcode. Only the client knows their passcode. If neither you nor the client knows the passcode, disable protection by having the client complete a passcode reset first (Forgot passcode? flow), then use the newly set passcode to disable protection.

Clients who know their current passcode can also turn passcode protection off from their own portal settings.

Security details

Client-created verification: The client sets their own passcode. Your team does not retrieve it.
Verified recovery: Forgotten passcodes are reset through verified email-based recovery.
Additional safeguards: Repeated failed attempts trigger protective controls to reduce unauthorized access.

Continue with

Client records — managing the client relationship record
Review and handoff — what happens after the client submits
Send for signature — configuring the signature step