Superfile

Designing secure monetization for a zero-trust file platform.

Superfile is a venture-backed cybersecurity startup building sovereign file control — files that stay secure and under the creator's control even after they're shared. I led design for its pay-to-unlock system: a way to sell access to a file without ever surrendering ownership, built on a zero-trust foundation across macOS and web.

Role
Founding Product Designer
Industry
Cybersecurity · Fintech · B2C
Team
CEO, CTO, PM · 7 engineers
Timeline
2024 – 2025

The problem space

Traditional file sharing means losing control the instant someone downloads a copy — ownership, rights, and access are gone. For creators, real value isn't tied only to the file, but to its journey: who has it, how it's used, and whether it stays protected.

Superfile changes the model — upload, grant access, monitor usage, modify permissions, revoke access, maintain ownership. It flips ownership from a lost event into an adaptive, monitored, revocable system where the file stays an asset, not a liability. The challenge I owned was letting people sell access to those files without ever weakening security or trust.

Building a new mental model

To shift digital ownership, we designed around permission states and resilient access control. Instead of files being infinitely replicable, the system tracks provenance, authenticates viewers, and adapts permissions dynamically.

Ownership context loops from the creator through the file; permissions are then layered and states enforced for every viewer — much like enterprise SaaS documentation, but for creative rights.

Superfile's file-native capabilities — trackable, unhackable, and take-backable files

The product ecosystem

The Superfile ecosystem spans a macOS app, web platform, secure viewers, payments, permissioning, ownership verification, accounts, and tracking. Together these systems enforce digital rights and enable creative monetization.

The system map lays out roles, relationships, and routes of value across the platform — making the complexity navigable for every audience, from engineers to investors.

The Superfile product ecosystem map — macOS app, web, secure viewers, payments, permissioning, ownership verification, and tracking

Context: why this mattered

Payment wasn't meant to replace security — it was meant to sit on top of it.

The push for monetization came directly from leadership and investors, with a focus on the ownership of files. The audience wasn't just creators — it was owners of digital assets who want control, protection, and the ability to sell access without giving up ownership.

That framing immediately ruled out traditional paywall patterns. If access could be copied, bypassed, or granted prematurely, the product would undermine the very idea of ownership it claimed to protect.

The real question wasn't whether to monetize. It was how to do so without breaking Superfile's zero-trust foundation.

Building with Stripe

I owned this work end-to-end across product strategy, UX, and engineering execution.

Stripe was used intentionally as the transaction layer rather than reinventing payments in house. The work wasn't simply integrating a checkout form — it was defining how an external payment provider could safely trigger access inside a security-first system. I led the design and implementation strategy for how Stripe events connected to Superfile's access model.

Payments were treated as a prerequisite for access, not proof of ownership. A successful transaction didn't unlock a file by default — it only allowed the system to release access after payment confirmation was validated and matched against the correct file and recipient. This let Superfile support retries, failures, and revocation without exposing sensitive states or granting premature access.

The system map became a shared contract between design and engineering, defining ownership boundaries and distinguishing which states were technically impossible versus simply undesired.

Pay-to-unlock system map — how Stripe events safely trigger access without granting ownership

A controlled payment surface

Monetization had to exist inside the product without weakening its zero-trust foundation.

Rather than relying on Stripe's default checkout, I designed a custom pay-card component that lived natively inside the Superfile experience. This let us control how payment intent was expressed and validated, while ensuring transactions could never directly grant ownership or bypass the security model.

Component architecture

The pay-to-unlock surface is a layered component structure that separates payment intent from access authority, so monetization never weakens Superfile's security model. Each layer increases system authority while intentionally reducing user-controlled outcomes — from primitive inputs like card number and cardholder name, up through the transaction-intent layer, to the container that finally grants access.

Component architecture — primitive inputs → transaction-intent layer → the pay-to-unlock container that releases access

Cross-platform decisions & trade-offs

A major decision was whether to implement platform-specific payment logic for macOS versus web. Native implementations felt appealing but introduced long-term risk of divergence in payment behavior, webhook handling, and security assumptions. I proposed embedding a lightweight web view inside the macOS app so both platforms reused the same Stripe checkout flow and backend logic — reducing the surface area for bugs and security drift.

Investor storytelling

Complex technology only matters if people understand it. Before, investors saw technical diagrams and processes; after, they grasped the narrative — problem, ownership, monetization, control, market opportunity. Visual storytelling became a core tool for bridging technical depth and business value.

Reframing infrastructure as narrative

What investors saw beforeWhat they understood after
Technical diagrams & processesA story: problem → ownership → monetization
Raw infrastructure detailControl and market opportunity
Product depth without contextBusiness value made legible

My contribution

Discovery, product definition, architecture, design systems, investor demos, user testing, engineering collaboration, and fundraising support — every phase required systems thinking, from inside the interface to the pitch deck.

Execution, checks & learnings

Throughout the project I ran structured sprints alongside the product manager, prioritized work in Jira, and documented system flows, UI decisions, and constraints in Figma and Notion. These artifacts weren't just deliverables — they were safeguards against misalignment in a security-sensitive feature, crucial while Superfile pivoted and changed features often.

The product launched internally and was tested and used by investors, who successfully experienced the pay-to-unlock feature while logged into their invite-only Superfile accounts.

Reflection

Superfile's journey was less about pixels and more about frameworks, relationships, and outcomes — a lesson in product narrative as much as product design.

The challenge was never designing secure file sharing. It was designing confidence, control, and trust in a digital environment where ownership often feels temporary.