Abstract: A method and computer product are disclosed that permit the creation of secure invitations containing no sensitive information. The invitations contain encrypted tokens that are received by authorized invitees, thereby providing secure access to a communications session that may involve the exchange of sensitive information. Invitations contain only pointers to information about invitees and the communications session, so that all sensitive information may be retained in a master database on the host server rather than being communicated to the invitee in the invitation. Secure communication sessions may thus be conducted by sending invitations with encrypted tokens to eligible participants without the risk of the information in the tokens being decrypted and used by unauthorized parties to gain access to the secure session, because the tokens contain no information about the invitee or the session.