Yes, reputable online fax services are safe to use for most everyday sending. The real question is what "safe" means for your specific document, and whether a given provider’s behaviour behind the scenes matches that. The good news is that the things that matter are concrete and observable. You can check them before you sign up.
The reason the question keeps coming up is that an online fax service is, by design, a third party in the middle of a transmission. Your document does not go directly from your computer to the recipient’s fax machine. It travels to the service’s servers, is converted to a fax, dialed out over the phone network, and delivered. The service touches the document. That is the trust you are extending. The interesting question is whether that trust is warranted, and what to look for.
The four things that actually matter
The medium itself (fax versus email versus secure file transfer) is the wrong unit of comparison. We cover that in detail in Is fax more secure than email?. For the narrower question of trusting an online fax provider specifically, four provider behaviours determine how secure the service actually is.
1. Transport: how your document reaches them
The browser-to-provider hop should be TLS-encrypted. In practical terms, that means the sending page is served over HTTPS, with a valid certificate, and any upload happens within that secure channel. This is the bare minimum in 2026, and every reputable provider does it. If you ever see a fax provider serving an upload form over plain HTTP, that is a hard pass.
The provider-to-recipient hop is more interesting. If the recipient is a traditional fax machine, the last segment is an unencrypted phone-line transmission, which is a property of the PSTN and not something any provider can fix. If the recipient is another online fax service that delivers as email, the hop between the two providers should also be TLS, but you cannot guarantee what happens past your provider’s edge.
2. Storage: what they keep, for how long, and who can read it
This is where providers diverge most sharply, and where the most useful questions live.
Most subscription-based services keep a copy of your sent and received faxes in your account. The copy can sit there for years, so you can view it in the dashboard later. That is a feature for high-volume business users and a liability for one-off senders of sensitive material. The relevant questions:
- How long is the document kept by default?
- Can you delete it manually, and does the deletion actually remove the bits or only the account-facing reference?
- Is the storage encrypted at rest?
- Who internally can access it, and under what process?
A pay-as-you-go service that purges the file shortly after delivery has materially less storage exposure than a subscription service that keeps every send for years. Neither posture is "better" in the abstract. They serve different needs. The point is to know which one you are choosing.
3. Identity: who can sign in and send as you
If the service has accounts, the relevant questions are:
- Is two-factor authentication available, and is it required for sensitive plans?
- Are credentials hashed correctly, and is there a history of breaches?
- Is there an audit trail showing who sent what from your account?
- Can the provider’s staff impersonate you in the dashboard, and is that access logged?
For workflows that need to satisfy a regulator (HIPAA-covered exchanges, legal record-keeping, financial services), most reputable providers offer a regulated tier that comes with stronger controls and a business associate agreement. The standard consumer plan is rarely the right tool for that traffic, even at a service that is otherwise reputable.
4. Exit: what happens when you stop using it
This one gets skipped most often. When you cancel a subscription or stop using a pay-as-you-go service, what happens to the documents and account data the provider has?
A trustworthy provider will tell you, in writing, how long data is retained after closure and what is deleted versus what is kept for legal or billing compliance. If a provider cannot answer that question in plain English, that tells you something.
Red flags to watch for
A few patterns reliably mark a provider that is not worth your trust on sensitive material:
- An upload page served over plain HTTP, or with an invalid certificate.
- Vague or absent language about how long sent and received faxes are retained.
- Marketing copy that claims "encrypted fax" without distinguishing between encryption of the transmission itself (which is essentially impossible over the PSTN) and encryption of the email or web hop on either side.
- No documented way to delete an account or its history.
- A history of breaches with no follow-up disclosure of what changed.
None of these is an automatic dealbreaker, but each one means the provider has more explaining to do.
How PayPerFax’s posture maps to these questions
PayPerFax is a pay-as-you-go service, and that shape has direct security consequences that are worth being explicit about.
- No account by default. You do not create a profile to send a fax. There is no permanent username, password, or account dashboard for an attacker to target.
- No stored history attached to you. Because there is no account, there is no growing archive of past faxes sitting on our servers under your name. We retain the minimum the business and the law require, and no more.
- No inbound number. PayPerFax does not give you a fax number that others can send to. There is no inbox of your incoming documents on our servers, because there is no inbox.
- Pay only on successful delivery. No subscription to forget about, no card billed for a fax that never arrived, no recurring charge to cancel.
That posture is not a stand-in for HIPAA, and we say so plainly. If you need a business associate agreement, an audit log you can pull years later, or a dedicated incoming number for a long-running workflow, PayPerFax is not the right tool, and a regulated subscription service is. For the senders we are built for (occasional, one-off, no-strings), the small surface area is the security argument.
For the broader honest comparison between fax and email as media, see Is fax more secure than email? on this site.
Per-provider safety summaries
For the major services in the pay-as-you-go and subscription brackets, we keep a brief honest read on each provider’s security and reputation posture. If you have a specific provider in mind:
- eFax is a long-running mainstream service with HIPAA-covered plans at the enterprise tier. The safety FAQ on that page covers what the standard plans deliver versus the regulated tier.
- FaxZero is a freemium service useful for non-sensitive personal sends. The safety read is honest about what the free tier is and is not designed for.
- GotFreeFax sits in the same freemium bracket as FaxZero, with comparable tradeoffs. The safety summary covers the same ground.
We are filling in this short safety summary on every entry in our fax-service comparison set over time, so the list will grow.
Bottom line
For everyday sending of non-regulated documents, reputable online fax providers are safe. For sensitive material, the safety of any specific service comes down to four concrete provider behaviours: transport encryption, storage and retention, identity controls, and exit. Ask those questions of any provider you are considering, and the answer to "is this safe?" stops being mysterious.
If your situation is "I have one sensitive document and I do not want to leave a trail," a pay-as-you-go, no-account service like PayPerFax is built for exactly that intent. If your situation is ongoing, regulated, or auditable, pick a service whose posture and contracts match that need, and use the four questions above to choose between them.

