Sharing

Share analyses and proposals with team members and external stakeholders via secure, token-based access control

Updated 2026-03-3032 min read

Cothon's enterprise sharing system enables secure collaboration with team members, teaming partners, and external stakeholders. Share bid analyses and proposals with granular permission control, time-limited access, and comprehensive audit trails.

Whether you're coordinating with internal teams, collaborating with subcontractors on joint pursuits, or providing read-only access to executives, Cothon's flexible sharing options balance security with collaboration efficiency. Track who accesses your content, revoke access instantly, and maintain complete control over sensitive procurement data.

Cothon provides three distinct sharing approaches optimized for different collaboration scenarios:

Sharing Method	Best For	Access Control	Audit Trail	Use Case Example
Team Member Sharing	Internal collaboration within organization	Per-user permissions, role-based	Full activity log with user attribution	Share analysis with proposal team for collaborative editing
Public Link Sharing	External stakeholders without Cothon accounts	Token-based, time-limited, optional password	Anonymous access log (IP, timestamp, actions)	Share read-only analysis with teaming partner for review
Organization-Wide	Company templates, guidelines, reference materials	Organization-default permissions	Organization-level analytics	Make capability statement template accessible to all writers

Share directly with colleagues in your organization for seamless internal collaboration:

Smart Suggestions: When you start typing, Cothon suggests people based on:

Previous collaboration history (people you've shared with before)
Organization chart relationships (direct reports, manager, peers)
Project team memberships
Frequent collaborators on similar analyses

Tip

Bulk Individual Sharing: Paste comma-separated email addresses or names to add multiple people at once. Example: sarah@company.com, john@company.com, alice@company.com. All will receive the same permission level, which you can then adjust individually.

For recurring collaboration patterns, share with entire teams:

Creating Teams (Admin/Manager only):

Go to Settings > Organization > Teams
Click Create Team
Name team (e.g., "Proposal Writers", "Technical SMEs", "Pricing Team")
Add members from organization
Set default permission level for team

Sharing with Teams:

Team Sharing Benefits:

Automatic Updates: New team members automatically gain access to all content shared with their team
Consistent Permissions: Ensure entire team has appropriate access level
Simplified Management: Update team's permission once instead of individually
Audit Clarity: Activity logs show team-level access patterns

Example Team Structure:

Proposal Development
├── Leadership Team (Manage permission)
│   ├── Proposal Manager
│   ├── Capture Manager
│   └── Technical Director
├── Writing Team (Edit permission)
│   ├── Technical Writers (5)
│   ├── Subject Matter Experts (8)
│   └── Compliance Specialist
└── Review Team (Comment permission)
    ├── Quality Reviewers (3)
    ├── Executive Sponsors (2)
    └── Legal Review

Make content accessible to entire organization:

When to Use:

Company capability statements
Proposal templates and style guides
Best practice examples
Reference materials and past performance summaries
Training analyses for onboarding

How to Enable:

Note

Permission Hierarchy: Individual permissions override organization-wide defaults. If organization has View access but you explicitly grant Sarah Edit access, Sarah can edit while others can only view.

Organization Library: All organization-wide content aggregates in Organization Library (accessible from main navigation):

Filter by content type (analyses, proposals, templates)
Sort by popularity (most viewed), recency, or alphabetically
Tag system for categorization (technical, financial, compliance, etc.)
Curated collections created by admins

Create shareable links for external stakeholders who don't have Cothon accounts:

Creating Public Links

Link Settings Explained

Permission Levels in Detail:

Permission	Can View Content	Can Add Comments	Can Edit Content	Can Download/Export	Can Reshare
View	✓	-	-	✓ (unless disabled)	-
Comment	✓	✓	-	✓ (unless disabled)	-
Edit	✓	✓	✓	✓	-

Note: Public link recipients can never reshare content, regardless of permission level. Only organization members with Manage permission can share.

Expiration Strategies:

Use Case	Recommended Expiration	Rationale
Quick review with partner	24-48 hours	Forces timely review, limits exposure window
Teaming partner collaboration	7-14 days	Adequate for review cycle, auto-cleanup after decision
Client deliverable sharing	30-90 days	Allows client access through award decision period
Public portfolio piece	Never (with watermark)	Permanent showcase of capabilities
Emergency share	6-12 hours	Absolute minimum exposure for urgent needs

Password Protection Best Practices:

Generate strong passwords (use password manager: uV9$kL2@pQ4!)
Share password via different channel than link (link via email, password via phone/Slack)
Rotate password if suspected compromise (regenerate link with new password)
Use password for all Edit-level public links (prevent unauthorized modifications)

Managing Multiple Links

Create multiple links for same content with different settings:

Use Case: Share analysis with multiple partners, each with different access levels

Link Management Dashboard: Access all your active public links in one place:

Go to Settings > Shared Links
See all active links across all your analyses
Filter by:
- Expiration status (active, expiring soon, expired)
- Permission level
- Content type
- Access count (popular vs. unused)
Bulk actions:
- Extend expiration for multiple links
- Revoke multiple links at once
- Export access analytics to CSV

Warning

Security Reminder: Public links can be accessed by anyone who obtains the URL. While tokens are cryptographically secure (impossible to guess), links can be forwarded. For highly sensitive content, prefer team member sharing or use password protection + expiration + email collection.

Permission Levels Deep Dive

Understanding capabilities at each permission level:

View Permission

Can Do:

Read all analysis content (summary, requirements, recommendations)
View comments and discussions (but not participate)
Export to PDF/Word (unless downloads disabled)
See requirement status and categorization
View attachments and linked documents
Access version history (read-only)

Cannot Do:

Edit any content
Add or reply to comments
Change requirement status or priority
Share with others
Modify analysis settings or metadata
Resolve comment threads

Ideal For: Executives, clients, external reviewers who need awareness but not interaction

Comment Permission

Can Do: All View permissions, plus:

Add new comments on requirements or sections
Reply to existing comment threads
@mention other users in comments
Attach files to comments
Mark comments as important/question/suggestion
Edit their own comments (within 5 minutes of posting)

Cannot Do:

Edit analysis content
Resolve comments (only comment authors and Editors+ can resolve)
Change requirement status
Share with others
Delete others' comments

Ideal For: Compliance reviewers, quality assurance, subject matter experts providing feedback, teaming partners

Edit Permission

Can Do: All Comment permissions, plus:

Edit all analysis content (summary, requirements, justifications)
Change requirement status, priority, complexity scores
Add, remove, and organize requirements
Resolve any comment threads
Upload attachments
Create and restore version snapshots
Modify analysis metadata (tags, folder, custom name)

Cannot Do:

Share analysis with others (requires Manage)
Delete the analysis
Change ownership
Modify sharing permissions

Ideal For: Proposal writers, technical leads, contributors who need full content control

Manage Permission

Can Do: All Edit permissions, plus:

Share analysis with other team members
Create and manage public links
Change permissions for existing shares
Revoke access for specific users
View comprehensive access analytics
Configure workflow assignments
Delegate management to others

Cannot Do:

Delete the analysis (only owner can delete)
Transfer ownership
Change organization-wide settings

Ideal For: Proposal managers, capture leads, team leads who orchestrate collaboration

Owner (Automatic)

Can Do: All Manage permissions, plus:

Delete the analysis permanently
Transfer ownership to another user
Recover deleted content (within 30-day retention window)
Export full audit trail
Configure data retention policies

Note: Only one owner per analysis. Owner is automatically set to user who created the analysis. Ownership can be transferred via ⋮ More > Transfer Ownership.

Access Tracking and Analytics

Monitor who accesses your shared content and what they do:

Real-time Activity Feed

View recent access activity:

Access Analytics Dashboard

Aggregate analytics across all shares:

Navigate to: Settings > Shared Links > Analytics tab

Metrics Available:

Engagement Metrics:

Total views across all shared content
Unique viewers
Average viewing duration
Engagement rate (viewers who took action vs. passive viewers)
Most viewed content (ranked list)

Collaboration Metrics:

Comments per viewer (engagement depth)
Edit contributions by user
Response time to shared content (how quickly do people view after sharing?)
Completion rate for assigned workflows

Security Metrics:

Public link access attempts (successful and failed)
Access from new geographic locations (potential security flag)
Password failures (if password-protected links)
Expired link access attempts

Time-Based Analytics:

Access patterns by time of day (when is team most active?)
Day-of-week collaboration patterns
Access velocity before deadlines

Visual Reports:

Heat map of access times
Geographic access map (where are external viewers located?)
User contribution breakdown (pie chart)
Access trend lines (growing or declining engagement)

Tip

Actionable Insights: Use analytics to identify:

Bottlenecks (who hasn't reviewed shared content?)
Engagement gaps (content shared but not viewed)
Security anomalies (unexpected access locations)
High-value contributors (who provides most feedback?)

Access Notifications

Get proactive alerts when content is accessed:

Notification Configuration:

Open Share dialog on analysis
Click ⋮ More > Notification Settings
Configure alerts:

Notification Triggers:

First Access - When someone first views shared content (confirm they received it)
Download/Export - When someone exports to PDF/Word (track distribution)
New Location - When content accessed from new IP/location (security)
Comment Added - When recipient adds comment (engagement)
Daily Digest - Summary of all access activity (avoid notification overload)

Delivery Channels:

In-app notification (bell icon)
Email notification (immediate or batched)
Slack/Teams message (for high-priority shares)
SMS (for critical security alerts, requires setup)

Smart Filtering:

Suppress Known Users: Only notify for external/unknown accessors
Threshold Alerts: Notify only if >N people access (avoid noise for popular content)
Anomaly Detection: Notify only for unusual patterns (access at 3am, from unexpected country)

Watermarking and Attribution

Track content distribution beyond Cothon:

Watermark Configuration: When creating public link, enable Watermark Exports:

Watermark Contains:

Your organization name
Access date and time
Unique watermark ID (traces back to specific share link)
Viewer identifier (email if collected, otherwise link ID)
"Confidential - Do Not Redistribute" notice (if enabled)

Watermark Placement:

Header/footer on every page (PDF export)
Semi-transparent diagonal overlay (aggressive mode for sensitive content)
Metadata embedded in PDF (invisible but trackable)

Use Cases:

Track if content is forwarded beyond intended recipient
Demonstrate content provenance in legal disputes
Discourage unauthorized distribution
Comply with export control or proprietary markings

Note

Watermark Limitations: Watermarks deter casual redistribution but don't prevent determined actors from copying content. For truly sensitive information, use View-only links with downloads disabled and consider screenshot prevention (enterprise plan feature).

Revoking Access

Immediately remove access to shared content:

Remove Individual User Access

Graceful Revocation (Optional): Instead of immediate revocation, you can:

Downgrade permission (Edit → Comment → View)
Set expiration (maintain access for N more hours, then auto-revoke)
Notify user of pending revocation (give them time to save notes)

Useful when collaborator needs to finish their current work before losing access.

Disable Public Links

Bulk Link Revocation: Revoke multiple links at once:

Go to Settings > Shared Links
Select checkboxes next to links to revoke
Click Bulk Actions > Revoke Selected
Useful when cleaning up old shares or during security incident response

Emergency Revocation (All Shares): In security emergency (e.g., departing employee, suspected breach):

Open analysis ⋮ More menu
Click Emergency: Revoke All Access
Immediately revokes ALL shares (team members AND public links)
Only you (owner) and organization admins retain access
Requires mandatory reason documentation for audit trail

Warning

Revocation Doesn't Delete Downloads: Revoking access prevents future access but doesn't delete copies recipients may have already downloaded. For sensitive content, use "Disable Downloads" setting from the start.

Access Revocation Notifications

When you revoke access, recipients are notified:

Notification Contents:

Which analysis they lost access to (name and brief description)
Who revoked access (your name)
When access was revoked (timestamp)
Reason (optional, you can add explanation)
Next steps (e.g., "Contact owner if you believe this is an error")

Suppress Notifications (Stealth Revocation): Disable notification checkbox when revoking if:

Security incident requiring stealth action
Preventing notification spam during bulk cleanup
Departed employee (notification would fail anyway)

Security Best Practices

For Sensitive Government Bids:

Never use permanent public links - Always set expiration (24-72 hours max)
Require passwords - Generate strong passwords, share via separate channel
Collect emails - Enable "Require email before access" for accountability
Disable downloads - Prevent uncontrolled distribution
Watermark everything - Track content if it leaks
Regular audits - Monthly review of all active shares, revoke unused
Separate workspaces - Use different Cothon organizations for classified vs. unclassified

For Teaming Partnerships:

Comment permission only - Give Edit only when absolutely necessary
Limited duration - Match expiration to teaming agreement timeline
Individual accountability - Share with named individuals, not generic company emails
Track carefully - Monitor what sections partners view (indicates interest/capacity)
Revoke post-decision - Immediately revoke access after go/no-go decision

For Internal Teams:

Use teams, not individuals - Share with "Proposal Team" not 10 individual members
Least privilege - Give minimum permission needed for their role
Time-bound access - Remove access after project completion
Separate by project - Don't give blanket access to all analyses

Organizational Best Practices

Naming Conventions for Shares:

Tag analysis names with sharing level: [Internal] RFP-2024-123, [External] RFP-2024-456
Label public links descriptively: "Partner Review Link - Expires 3/20", "Client Deliverable - Read Only"
Use folders to separate shared vs. private analyses

Documentation: Maintain sharing log (especially for compliance-heavy industries):

Who was given access to what
What permission level
Business justification
Duration of access
Revocation date

Cothon's activity log provides this automatically, but exporting to central repository ensures long-term compliance.

Access Review Cadence:

Monthly: Review public links, revoke expired/unused
Quarterly: Audit team member access, remove departed employees
Annually: Comprehensive access review across all analyses

Sharing Approval Workflows (Enterprise): For organizations requiring approval before external sharing:

Enable Share Approval Workflow in organization settings
When user creates public link, request routes to manager
Manager reviews justification, approves/denies
Link activates only after approval
Audit trail includes approver attribution

Communication Best Practices

When Sharing, Always Include:

Context: Why you're sharing (review, feedback, collaboration)
Expectations: What you need from them and by when
Permission explanation: Why they have this permission level
Expiration notice: If time-limited, remind them when access ends
Contact info: How to reach you with questions

Sample Sharing Message:

Hi Sarah,

I'm sharing our draft technical approach for RFP-2024-789 with you for review.

Please focus on Section 3 (Network Security Requirements) and verify our proposed solution meets NIST 800-171 controls. I need your feedback by EOD Friday 3/22 to incorporate before final review.

You have Comment permission - please leave inline comments on specific requirements where you see gaps or concerns. @mention me if anything is urgent.

This share link expires in 7 days (3/27). Let me know if you need more time.

Questions? Reply to this message or ping me on Teams.

Thanks,
John

Follow-up Protocol:

Send reminder 48h before expiration for unviewed shares
Thank reviewers when they add comments (encourages engagement)
Notify when you address their comments (close the feedback loop)
Share final version after incorporating feedback (show their input mattered)

Shared With Me

Manage content others have shared with you:

Accessing Shared Content

Navigation:

Click Shared With Me in main navigation (left sidebar)
Or use quick switcher: Press and type "shared"

View Options:

List View (default):

Chronological list of all shared content
Shows: Title, owner, shared date, permission level, unread status
Quick actions: Open, Remove from list (doesn't revoke your access, just hides)

Grid View:

Visual cards with content previews
Larger thumbnails for quick identification
Grouped by owner or project

Filter Options:

By owner: See all content shared by specific person
By permission: Show only content you can edit vs. view-only
By content type: Analyses vs. proposals vs. templates
By date shared: Recent vs. older shares
By read status: Unread (new) vs. already viewed

Sort Options:

Most recent (default) - Latest shares first
Priority - Owner-flagged urgent shares first
Alphabetical - By content title
Owner - Grouped by who shared

Managing Your Shared Content

Actions on Shared Content:

Open and Collaborate:

Click any item to open full analysis
Your permission level displayed in top banner
Presence indicators show if owner or others currently viewing

Mark as Unread:

Right-click > Mark Unread to flag for later review
Unread badge appears on navigation icon

Add to Favorites:

Star icon to add to favorites
Quick access from Favorites folder in sidebar

Remove from View:

Hide from "Shared With Me" list without rejecting share
Content remains accessible via search or direct link
Useful for decluttering long shared lists

Request Different Permission:

Click ⋮ More > Request Edit Access (if currently Comment/View)
Owner receives notification with your request
They can approve/deny directly from notification

Leave Shared Content (Reject Share):

Click ⋮ More > Remove My Access
You can no longer access content
Owner notified of your rejection (optional)
Useful if mistakenly shared or no longer relevant

Notifications for Shared Content

When Content is Shared With You:

In-app notification (bell icon) with preview
Email notification with direct link
Slack/Teams notification (if integrated)
Badge on "Shared With Me" navigation item

Configure Notification Preferences:

Go to Settings > Notifications > Sharing
Choose notification triggers:
- All shares - Notified for every share
- Urgent shares only - Only when owner marks urgent
- @Mentions only - Only when explicitly mentioned in share message
- Daily digest - Batch notifications into daily summary

Smart Notification Grouping: If same person shares multiple items at once, notifications group: "John shared 3 analyses with you: RFP-123, RFP-456, RFP-789"

Efficiently share multiple analyses at once:

Bulk Share Use Cases:

Project handoff: Share entire project folder with new team member
Client deliverables: Share all final analyses with client at once
Training: Share example analyses with new proposal writer
Portfolio: Share past performance examples with teaming partner

Create sharing templates for recurring patterns:

Example Templates:

"Executive Review" - Share with exec team, Comment permission, 48h expiration
"External Partner" - Public link, View only, password protected, 7 day expiration, watermarked
"Team Collaboration" - Share with proposal team, Edit permission, no expiration

Share content that auto-reveals based on conditions:

Time-delayed sharing: Grant access at future date/time
Milestone-based: Access granted when analysis reaches specific status
Approval-gated: Access granted only after manager approval

Embed Cothon analyses in external platforms:

Supported Platforms:

Notion - Embed live analysis as interactive block
Confluence - iFrame embed with SSO integration
SharePoint - Web part embedding
Custom internal portals - iFrame or API integration

How to Embed:

Note

Authentication Requirement: Embedded content respects same permission model as direct access. Viewers must be logged into Cothon or accessing via valid public link. SSO integration recommended for seamless embed experience.

Programmatically share content via Cothon API:

Use Cases:

Auto-share analyses created via integrations
Bulk sharing driven by external systems (CRM, ERP)
Custom approval workflows
Integration with identity management systems

Example API Call (create team member share):

curl -X POST https://api.cothon.ai/v1/bid-analyses/{analysis_id}/shares \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "share_type": "user",
    "shared_with_user_id": "uuid-of-recipient",
    "permission_level": "comment",
    "message": "Please review by EOD"
  }'

Example API Call (create public link):

curl -X POST https://api.cothon.ai/v1/bid-analyses/{analysis_id}/shares \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "share_type": "link",
    "permission_level": "view",
    "link_expires_at": "2026-04-05T23:59:59Z",
    "password": "SecurePassword123"
  }'

See API Documentation for complete reference.

Compliance and Audit

Sharing features designed for regulated industries:

Audit Trail

Every sharing action logged with:

Who: User ID and name of person performing action
What: Action taken (shared, revoked, permission changed, accessed)
When: Timestamp with timezone
Why: Optional justification field (required in some configurations)
Where: IP address and geographic location
How: Method (UI, API, bulk operation)

Accessing Audit Trail:

Open analysis ⋮ More > View Audit Log
See complete chronological log of all sharing events
Filter by action type, user, date range
Export to CSV for external audit systems

Compliance Reports

Generate compliance-ready reports:

Navigate to: Settings > Compliance > Sharing Reports

Report Types:

External Access Report:

All public links created in date range
Who accessed, when, what they did
Any security anomalies (failed password attempts, unusual locations)
Useful for: ITAR compliance, export control audits

Permission Changes Report:

All permission escalations (View → Edit, etc.)
Who authorized the change
Business justification
Useful for: SOC 2 audits, internal security reviews

Data Sharing Inventory:

All currently active shares across organization
Categorized by sensitivity level (if configured)
External vs. internal shares breakdown
Useful for: GDPR data mapping, privacy impact assessments

Regulatory Compliance

ITAR / Export Control:

Geographic restrictions on public links (block countries via org settings)
Mandatory justification for external shares
Automatic watermarking with export control notices
Access logging for government audit requests

GDPR / Privacy:

Data Processing Agreements (DPA) with external recipients
Right to access: Recipients can download their access logs
Right to erasure: Delete all traces of recipient from system
Data retention: Auto-delete old share logs per policy

SOC 2 / Security Frameworks:

Principle of least privilege enforced via permission levels
Access reviews required quarterly
Multi-factor authentication for sensitive shares
Encryption in transit (TLS 1.3) and at rest (AES-256)

Troubleshooting

Symptoms: Cannot click Share button on analysis.

Causes & Solutions:

Cause	Solution
Insufficient permissions	You need Manage permission to share. Request access upgrade from owner.
Analysis locked	Owner locked analysis for review. Wait for unlock or contact owner.
Organization policy	Admin disabled sharing for your role. Contact organization admin.
Free plan limit	Upgrade plan or remove old shares to make room.

"Recipient Can't Access Shared Link"

Symptoms: External recipient says link doesn't work or shows access denied.

Troubleshooting Steps:

"Notifications Not Sending"

Symptoms: Recipients not receiving share notifications.

Solutions:

For Team Members:

Verify recipient's notification preferences (they may have disabled share notifications)
Check email spam/junk folder
Verify email address correct in organization profile
Try re-sharing with "Force notification" option

For Public Links:

Public link access doesn't send automatic notifications unless "Require email" enabled
Enable email collection to send access confirmations

"Access Revoked Accidentally"

Symptoms: You meant to downgrade permission, but accidentally revoked entirely.

Recovery:

Prevention: Use "Downgrade Permission" instead of "Remove Access" when you want to reduce (not eliminate) access.

FAQ

Next Steps

Real-time Editing - Work simultaneously with shared users
Comments - Discuss content via threaded comments
Activity Feed - Track all team actions on shared content

Team Setup - Configure organization and team structures
Security Settings - Organization-wide security policies
Compliance - Audit trails and regulatory features

Quick Wins

First Time Sharing? Try this:

Share an analysis with one teammate (Comment permission)
Ask them to add a comment
Review activity log to see their access tracked
Create a public link (View only, 24h expiration, password-protected)
Access your own link in incognito window to see external experience
Revoke the public link and verify it stops working

Advanced Practice:

Create sharing template for your common use case
Bulk share multiple analyses with a team
Configure access notifications for high-priority analysis
Export activity log to CSV and review in Excel
Set up embedded analysis in Notion or Confluence

Effective sharing amplifies team productivity while maintaining security. Master these controls to collaborate confidently.

real time editing security teams

Was this page helpful?

Related Articles