Collecting Files and Documents Through Tellop: A Security-First Approach
Set up secure file collection during client intake with presigned URLs, automatic cleanup, and professional review β no public storage buckets.
Why File Collection Matters for Intake
For many professionals, text-based forms are not enough. A dermatologist needs to see photos of the skin condition before the appointment. A lawyer needs the contract or correspondence in question. An architect needs site photos and existing floor plans. A consultant needs the project brief.
Without files, you walk into appointments blind. With files collected during intake, you walk in prepared β and your client notices the difference.
Tellop integrates file upload directly into the AI chat intake flow, so collecting documents feels as natural as answering a question. Here is how to set it up and how the security model works behind the scenes.
Step 1: Identify What Files You Need
Before configuring anything, list the documents that would make your appointments more productive. Think about what you currently ask clients to bring or email ahead of time:
- Medical practices: Insurance cards, referral letters, symptom photos, prior test results
- Legal firms: Contracts, correspondence, court documents, identification
- Creative agencies: Brand guidelines, reference images, existing assets, project briefs
- Consultants: Financial statements, organizational charts, existing reports
Separate these into required (the appointment cannot proceed without them) and optional (helpful but not blocking).
Step 2: Add File Upload Fields to Your Intake Form
Navigate to your procedure's Intake Form configuration and add file upload fields. For each field, configure:
- Field label β A clear, descriptive name like "Upload your insurance card" or "Attach relevant photos"
- Accepted file types β Restrict uploads to specific formats. Common configurations:
- Documents: PDF, DOC, DOCX
- Images: JPG, PNG, HEIC
- Mixed: PDF, JPG, PNG (covers most use cases)
- Maximum file size β Set a reasonable limit based on the file type. 10 MB covers most documents and photos. Increase for high-resolution images or large reports
- Required or optional β Mark fields as required when you cannot proceed without the file
The AI agent will guide clients through these uploads during the chat conversation. Clients tap to upload, select their file, and the agent confirms receipt before moving on.
Step 3: Understand How Presigned URLs Work
This is where Tellop's approach to file handling differs from most platforms. Many systems store uploaded files in publicly accessible cloud storage or proxy them through their own servers. Both approaches have serious security implications.
Tellop uses a presigned URL system with three distinct steps:
- Upload URL request β When a client is ready to upload, the system generates a time-limited presigned POST URL (valid for 15 minutes) that allows the file to be uploaded directly to encrypted cloud storage
- Direct upload β The file goes straight from the client's device to storage. It never passes through the Tellop application server, reducing exposure and improving upload speed
- Confirmation β After the upload completes, the system records the file metadata (name, type, size, location) without storing the file content in the database
When you or the client need to view the file later, a presigned GET URL is generated on demand β also time-limited. This means there is never a permanent, publicly accessible link to any uploaded file.
Never configure your storage buckets for public access. Tellop's entire file security model depends on private buckets with presigned URL access. Public buckets would expose every uploaded file β including medical records, legal documents, and personal identification β to anyone with the URL. This is a serious compliance and privacy risk.
Step 4: Configure File Requirements Per Procedure
Different procedures may need different files. A first-visit intake might require insurance documentation and symptom photos, while a follow-up procedure might only need a progress update form.
Create separate file upload fields for each procedure based on what that specific service requires. This keeps the intake process focused β clients are not asked for documents that are irrelevant to their particular appointment type.
For example:
Initial Dermatology Consultation:
- Upload insurance card (required, PDF/JPG, 5 MB max)
- Upload photos of the area of concern (required, JPG/PNG/HEIC, 10 MB max)
- Upload referral letter if applicable (optional, PDF, 5 MB max)
Follow-Up Visit:
- Upload progress photos (required, JPG/PNG/HEIC, 10 MB max)
- Upload any new test results (optional, PDF, 10 MB max)
Step 5: Review Uploaded Files in the Approval Step
When a client completes intake β including all file uploads β their submission arrives in your approval queue. From the review screen, you can:
- View all uploaded files β Each file is accessible through a secure, time-limited viewing URL
- Verify completeness β Check that required documents are present and legible
- Assess readiness β Determine whether the uploads give you enough information to prepare for the appointment
- Request additional files β If something is missing or unclear, you can communicate that before approving
The files are displayed alongside the client's form responses and chat history, giving you a complete picture of the inquiry in one place.
Step 6: Understand the Security Benefits
Tellop's file handling architecture provides several layers of protection:
- No public bucket access β Files are stored in private cloud storage with no public URLs
- Time-limited access β Every viewing URL expires after a short window, preventing link sharing
- No server proxy β Files upload directly to storage, so your data never sits on an application server
- Encrypted storage β Files are encrypted at rest in Cloudflare R2 storage
- Automatic cleanup β Unclaimed or expired uploads are cleaned up on a regular schedule
- Audit trail β File access is logged, so you know who viewed what and when
For practices that handle sensitive documents β medical records under HIPAA, legal files under attorney-client privilege, financial records β this architecture provides meaningful protection that consumer-grade file sharing tools do not offer.
Presigned URLs are generated fresh each time you or a client need to view a file. Even if someone saved a previous URL, it will not work after the expiry window. This is by design β it ensures that file access is always current and authorized.
Common File Collection Patterns
Here are configurations that work well for different practice types:
| Practice | Required Files | Optional Files | Max Size |
|---|---|---|---|
| Dermatology | Insurance card, symptom photos | Referral letter | 10 MB |
| Immigration law | Passport, visa documents | Supporting correspondence | 15 MB |
| Architecture | Site photos, existing plans | Inspiration images | 20 MB |
| Therapy | None (privacy-sensitive) | Referral form | 5 MB |
| Consulting | Project brief | Financial statements | 15 MB |
Adjust based on your specific needs. The key is to collect what genuinely helps you prepare without creating unnecessary friction in the intake process.
Ready to automate your client intake?
Tellop handles inquiries, collects intake data, and books appointments β so you can focus on what you do best.
Get started freePutting It All Together
File collection during intake transforms your appointments. Instead of spending the first ten minutes catching up on background information, you start the session already informed. The client feels heard, you feel prepared, and the appointment is more productive for everyone. Configure your file upload fields, trust the security model, and let the intake flow handle the rest.
