The honest premise: expire access, do not "destroy" files

Embedding a script that tries to delete the PDF when opened sounds clever, but modern viewers sandbox or disable that scripting specifically so documents cannot tamper with the reader’s system — so it does not run, and even when it does it cannot remove copies elsewhere. Every workable approach keeps control where you actually have it: at the link, the licence server, or the password. The recipient’s downloaded copy is the part you can never fully reclaim, which is why reducing what the file contains matters as much as how you send it.

Methods compared

Step by step — set up a 7-day expiring PDF

1. Trim the file before you share it. Redact sensitive content and strip metadata so that even a retained copy exposes the minimum. The less the file contains, the less an expired-but-saved copy matters.
2. Pick the method that matches the stakes. Low stakes: an expiring share link. High value or regulated: a secure data room or DRM with expiry and an access log. Informal: a disappearing-message app. Avoid in-PDF "self-destruct" scripts.
3. Encrypt the file regardless. Apply an open password (AES-256) so that if a link leaks or a copy is intercepted, the content is still protected. Send the password by a separate channel.
4. Set the expiry to 7 days and confirm the behaviour. In your hosting tool, set link or licence expiry to a week, then test from a fresh browser before and (ideally) after expiry to confirm access actually stops.
5. Tell the recipient the terms. A one-line note — "this link expires in 7 days; please do not redistribute" — sets the human expectation that no technical control can enforce on its own, and is worth more than it looks.

Related reading

• Share a PDF securely: the channels that support expiry and logging.
• PDF security for legal documents: encryption, redaction, and audit trails in depth.
• Add a password to a PDF: the encryption step every method should include.
• Redact a PDF: reduce what a retained copy can expose.
• Share a huge PDF: hosting options when the file is large.

FAQ

Can a PDF file really delete itself after 7 days?

Not on its own, in any reliable way. A PDF is a static document; it has no clock and no permission to delete itself from someone else’s device. Some tricks embed JavaScript that tries to erase the file when opened, but modern PDF viewers disable or sandbox that scripting precisely to prevent files from tampering with your system — so it simply does not run for most readers. Anything marketed as a "self-destructing PDF" is really controlling access at a server you own (an expiring link or a licence check), not destroying the file on the recipient’s machine. Set expectations accordingly.

What is the most reliable way to make a PDF stop being accessible after a week?

Host it behind an expiring share link or a secure data room and set the expiry to seven days. Because the file lives on your server and the recipient streams or downloads it through a gated link, you can switch access off on schedule. The important caveat: if the recipient downloaded a copy while the link was live, that copy persists — expiry stops new access, not existing copies. For documents where retained copies are unacceptable, you need DRM with a continuous licence check, and even that depends on a cooperating viewer.

Does DRM actually prevent the recipient from keeping the file?

DRM raises the cost and adds control, but it is not absolute. A DRM-protected PDF opens only in a viewer that validates a licence against a server, which lets you revoke or time-limit access and often blocks printing and copying. But once content is rendered on a screen it can be photographed or screen-captured, and DRM that depends on a specific viewer can be bypassed by determined users. Treat DRM as strong deterrence and good control for a managed audience, not as a guarantee the content can never escape.

Is the password-rotation trick a real solution?

It is a lightweight, no-platform option with clear limits. You encrypt the PDF with an open password and share it; after seven days you stop sharing the password (or, if you re-issue the file periodically, you change it). This prevents anyone who has not yet opened the file from opening it later — but anyone who already decrypted it keeps their unlocked view, and a saved decrypted copy stays readable. It is useful for low-stakes, time-boxed sharing where you mainly want to discourage late access, not for hard revocation.

Are disappearing messages (Signal, WhatsApp) a good way to send a time-limited PDF?

For informal, low-sensitivity sharing, yes — they are convenient and the message auto-removes from the conversation after the set interval. But the protection is best-effort: the recipient can screenshot, the file may be cached or saved to the device’s downloads, and you have no audit trail. For anything confidential or where you need proof of handling, use a secure data room with per-user access and logging instead.

If true self-destruction is impossible, what should I actually do?

Match the method to the stakes. For ordinary "please do not keep this forever" sharing, an expiring link is simple and effective. For valuable or regulated content, use a secure data room or DRM with expiry and an audit trail. Always reduce what is in the file first — redact and strip metadata so that even a retained copy exposes the minimum. And remember the human layer: a short note stating the document is confidential and time-limited sets expectations that technology alone cannot enforce.

Citations

1. Wikipedia — Digital rights management (access control and revocation)
2. Adobe — Securing PDFs with passwords (encryption basics)
3. NIST — FIPS 197, the AES standard behind PDF encryption
4. Wikipedia — PDF (format capabilities and scripting limits)