Sharing Proposals

Cothon's proposal sharing features enable secure collaboration with team members, stakeholders, and external partners. Share proposals via public links with granular access control, track viewing activity, and maintain security throughout the proposal development lifecycle.

Overview

Proposal sharing serves multiple purposes:

• Internal Collaboration: Share with team members for review and editing
• Stakeholder Review: Provide access to executives or clients for feedback
• Partner Coordination: Collaborate with teaming partners or subcontractors
• Client Previews: Share drafts with agency contacts (if allowed)
• Archival Access: Provide read-only access to historical proposals

Sharing Methods

Public Link Sharing

Create shareable links that anyone with the link can access:

Public Link Format:

https://app.cothon.com/shared/proposals/abc123def456

Public Link Features:

• No login required (unless password-protected)
• Token-based authentication
• Shareable via any channel
• Trackable (view who accessed and when)
• Revocable at any time

Organization User Sharing

Share directly with specific users in your organization:

User-Based Sharing Benefits:

• Requires authentication (more secure)
• Integrated with organization permissions
• Audit trail of who accessed
• Role-based access control
• Can't be forwarded to unauthorized users

Email Sharing

Share directly via email from within Cothon:

Email Content:

Subject: Proposal for RFP #ABC-2026-001 - Review Requested

John Doe has shared a proposal with you:

Title: Technical Solution for VA Modernization
RFP: #ABC-2026-001
Permission Level: Reviewer (can view and comment)

Click here to access: [Secure Link]

This link expires in 7 days. If you need continued access, please contact the proposal owner.

Permission Levels

Viewer

Can:

• View all proposal content
• Download exported versions (PDF, Word)
• See comments (but not add comments)
• View compliance matrix and scores

Cannot:

• Edit content
• Add comments
• Change settings
• Share with others
• Delete proposal

Best for:

• Executive review
• Client previews
• Archival access
• Stakeholder visibility

Reviewer

Can:

• Everything Viewers can do
• Add comments on sections
• Reply to comment threads
• Mark comments as resolved
• @mention other users
• Export with comments

Cannot:

• Edit content directly
• Regenerate sections
• Change structure
• Share with others
• Delete proposal

Best for:

• Peer review
• Subject matter expert feedback
• Quality assurance review
• Compliance checking

Editor

Can:

• Everything Reviewers can do
• Edit all proposal content
• Regenerate sections
• Use AI refinement
• Add/remove sections
• Manage attachments
• Export in all formats

Cannot:

• Delete proposal
• Change ownership
• Modify sharing settings
• Manage team access

Best for:

• Team collaboration
• Content contributors
• Technical writers
• Proposal coordinators

Owner

Can:

• Everything Editors can do
• Delete proposal
• Transfer ownership
• Manage all sharing settings
• Revoke access
• Set permissions for others
• Archive or restore

Best for:

• Proposal managers
• Project leads
• Primary responsibility holders

Access Control Features

Password Protection

Add an extra layer of security to shared links:

Password Best Practices:

• Use unique passwords for each shared proposal
• Don't include password in the same email as the link
• Change password if you suspect it's been compromised
• Use password managers to generate/store strong passwords

When to Use:

• Highly sensitive proposals
• Competitive procurement information
• Proprietary technical details
• Client-confidential data
• Pre-submission proposal drafts

Expiration Dates

Set automatic expiration for time-limited access:

Common Expiration Settings:

• 24 hours: Quick review, urgent feedback
• 7 days: Standard review cycle
• 30 days: Extended review, major proposals
• 90 days: Long-term access for partners
• Custom: Set specific date/time

After Expiration:

• Link becomes inactive
• Users see "This share link has expired" message
• No access to proposal content
• Activity log preserved
• Can regenerate new link if needed

Access Revocation

Immediately revoke access to shared proposals:

Revocation Effects:

• Link becomes invalid instantly
• Users currently viewing are logged out
• No new access allowed
• Activity log preserved for audit
• Can recreate new share if needed

When to Revoke:

• Team member leaves organization
• Proposal no longer relevant
• Security concerns or leak suspicions
• Submission completed (no more reviews needed)
• Accidental sharing to wrong person

IP Whitelisting

Restrict access to specific IP addresses or ranges (Enterprise feature):

Use Cases:

• Limit to company network only
• Restrict to specific client locations
• Prevent access from certain countries
• Compliance with data residency requirements

Configuration:

Allowed IP Ranges:
- 192.168.1.0/24 (Corporate network)
- 10.0.0.0/8 (VPN range)
- 203.0.113.50 (Client office)

Access attempts from other IPs are blocked with "Access Denied - IP Not Allowed" message.

Share Management

View All Shares

See all active and expired shares for a proposal:

Share List Columns:

• Type: User, Link, Email
• Recipient: User name or "Public Link"
• Permission: Viewer, Reviewer, Editor, Owner
• Created: When share was created
• Expires: Expiration date (if set)
• Last Accessed: Most recent access time
• Status: Active, Expired, Revoked
• Actions: Edit, Extend, Revoke

Update Share Settings

Modify existing shares without creating new ones:

Editable Settings:

• Permission level (upgrade or downgrade)
• Expiration date (extend or shorten)
• Password (change or remove)
• Access restrictions (add/remove IP limits)

Not Editable:

• Share URL (fixed, must revoke and recreate to change)
• Creation date
• Historical activity log

Bulk Share Management

Manage multiple shares at once:

Bulk Actions:

• Extend expiration for all shares
• Revoke all public links (keep user shares)
• Change all Viewers to Reviewers
• Add password protection to all shares
• Set uniform expiration (e.g., all expire in 30 days)

Collaboration Features

Commenting

Collaborators can add comments on specific sections:

Comment Types:

• Section Comments: Feedback on an entire section
• Inline Comments: Comments on specific paragraphs or sentences
• General Comments: Proposal-level comments not tied to specific content

Comment Features:

• Threaded replies
• @mentions with notifications
• Attachments (images, files)
• Mark as resolved
• Comment history and edit tracking

Comment Etiquette:

• Be specific and constructive
• Reference requirement numbers when suggesting changes
• Provide rationale for feedback
• Use @mentions to assign action items
• Mark comments resolved when addressed

Real-Time Collaboration

Multiple users can work on the same proposal simultaneously:

Features:

• See who else is viewing/editing (presence indicators)
• Section-level locking prevents conflicts
• Real-time content updates
• Cursor position indicators
• "User X is typing" notifications

Conflict Prevention:

• When you start editing a section, it's locked for others
• Others see "Section locked by User X"
• Auto-unlock after 10 minutes of inactivity
• Force unlock available to Owners

Change Tracking

Track all changes made to shared proposals:

Activity Log Records:

• Content edits (who, when, what section)
• Comments added/resolved
• Sections regenerated
• AI refinements applied
• Exports created
• Shares created/modified/revoked
• Permission changes

Activity Retention:

• 30 days: Free plan
• 1 year: Professional plan
• Unlimited: Enterprise plan

Version History

Every save creates a version snapshot:

Version Information:

• Version number (auto-incremented)
• Timestamp and author
• Change summary
• Full proposal snapshot
• Comparison with previous version

Version Restore:

• Creates a new version (doesn't delete history)
• All users notified of restore
• Comment and activity log preserved
• Can restore multiple times

Security & Compliance

Data Protection

All shared proposals use enterprise-grade security:

Encryption:

• Data encrypted at rest (AES-256)
• Data encrypted in transit (TLS 1.3)
• End-to-end encryption for sensitive fields
• Secure token generation (cryptographically random)

Access Logging:

• Every access attempt logged
• IP address and user agent recorded
• Failed access attempts tracked
• Suspicious activity alerts (e.g., many failed password attempts)

Data Residency:

• Choose data storage region (US, EU, Canada)
• Compliant with GDPR, PIPEDA, SOC 2
• Data not transferred across regions without consent

Audit Trail

Complete audit trail for compliance:

Logged Events:

• Share creation, modification, revocation
• Every access attempt (successful and failed)
• Content views and exports
• Comments and edits
• Permission changes
• Password changes
• IP address and geolocation

Audit Reports:

• Generate reports for specific proposals
• Filter by date range, user, or event type
• Export as CSV or PDF for compliance documentation
• Includes metadata and activity timelines

Compliance Use Cases:

• SOX compliance (who accessed financial data)
• ITAR compliance (restrict access by citizenship)
• Legal discovery (prove who saw what when)
• Security investigations (trace unauthorized access)

Confidentiality Notices

Add legal notices to shared proposals:

Standard Notices:

• Proprietary Information Warning
• Non-Disclosure Reminder
• Export Control Restrictions
• Confidentiality Agreement Reference

Example Notice:

PROPRIETARY INFORMATION

This proposal contains confidential and proprietary information
of [Company Name]. By accessing this proposal, you agree not to
disclose, copy, or distribute any information without prior
written consent. Unauthorized use may result in legal action.

This proposal is subject to the Non-Disclosure Agreement dated
[Date] between [Company] and [Recipient].

Display Options:

• Banner at top of every page
• Pop-up on first access (must acknowledge)
• Watermark on printed/exported versions
• Footer on every page

Access Restrictions

Additional security measures for sensitive proposals:

Geographic Restrictions:

• Block access from certain countries
• Require access from specific regions
• Comply with export control regulations (ITAR, EAR)

Device Restrictions:

• Require corporate-managed devices
• Block mobile access
• Require specific OS versions
• Enforce device encryption

Time-Based Restrictions:

• Only accessible during business hours
• Weekend access blocked
• After-hours access requires approval
• Time zone considerations

Download Prevention:

• Disable export/download for Viewers
• Prevent copy-paste of content
• Disable browser print function
• Watermark screenshots (if detected)

Use Case Examples

Internal Team Review

Scenario: Proposal manager wants team feedback before submission.

Setup:

1. Share with team members as Reviewers
2. Set 7-day expiration (review deadline)
3. Send notification: "Please review and comment by Friday"
4. Track who has reviewed via activity log
5. Address comments and mark as resolved
6. Final owner approval before submission

Permissions:

• Technical leads: Editor (can refine their sections)
• Peer reviewers: Reviewer (can comment)
• Executive sponsor: Viewer (visibility only)

Teaming Partner Collaboration

Scenario: Prime contractor needs subcontractor input on their sections.

Setup:

1. Share relevant sections only (not full proposal)
2. Grant Editor access to assigned sections
3. Lock other sections (view-only)
4. Set 14-day expiration with extension option
5. Require password (shared separately)
6. Track edits and review before acceptance

Security:

• Separate shares for each partner (can't see each other's comments)
• Password-protected links
• Expiration after proposal submission
• Revoke access if teaming arrangement changes

Client Preview

Scenario: Agency allows draft proposal review before submission (rare but happens).

Setup:

1. Create public link with password
2. Set Viewer permission (no edits)
3. Disable export/download
4. Add confidentiality notice
5. Set 48-hour expiration
6. Monitor access closely

Considerations:

• Only share if explicitly allowed by RFP
• Remove pricing and proprietary details
• Create separate "client preview" version
• Track exactly what client views
• Revoke immediately after review period

Executive Approval

Scenario: Need C-level sign-off before submission.

Setup:

1. Share Executive Summary only (not full proposal)
2. Viewer permission
3. Email share with context: "Requesting approval to submit"
4. No expiration (archive access)
5. Track when viewed
6. Request comment approval or rejection

Escalation:

• If not viewed within 24 hours, send reminder
• If concerns raised, schedule meeting
• Document approval in activity log
• Include approval timestamp in submission records

Post-Submission Archive

Scenario: Preserve proposal access for team learning and future reference.

Setup:

1. Change status to "Submitted" or "Archived"
2. Create read-only share for organization
3. No expiration (permanent archive)
4. Index with metadata (agency, outcome, date)
5. Add lessons learned in comments
6. Tag for searchability

Content:

• Original submitted proposal (PDF)
• All working versions
• Comment history
• Evaluation feedback (if received)
• Win/loss analysis notes

Sharing Analytics

Access Metrics

Track engagement with shared proposals:

Metrics Tracked:

• Total views
• Unique viewers
• Average time spent
• Sections viewed most/least
• Comments per section
• Export/download count
• Share forwards (if re-shared)

Dashboard View:

Proposal: VA Modernization Technical Approach
Shared with: 12 users, 2 public links

Views: 47
Unique Viewers: 14
Avg. Time: 23 minutes
Most Viewed: Executive Summary (47 views)
Least Viewed: Appendices (12 views)

Comments: 23 (18 resolved, 5 open)
Exports: 8 (PDF), 3 (Word)

Engagement Insights

Understand how recipients interact with proposals:

Viewer Behavior:

• Which sections get the most attention?
• Where do viewers spend the most time?
• What sections are skipped?
• When are proposals viewed (time of day)?
• Which exports are most popular?

Action Items:

• Low engagement on key sections → May need strengthening
• High comment density → May indicate confusion or problems
• Quick skim-throughs → May need better executive summary
• Repeated views of same section → Possible concern or interest

Heatmaps:

• Visual representation of section engagement
• Darker colors = more views/time
• Identify hot spots and cold spots
• Optimize content based on engagement

Activity Reports

Generate reports on sharing activity:

Report Types:

• Share Activity Report: All shares created, by whom, permissions
• Access Report: Who accessed, when, for how long
• Engagement Report: Views, comments, exports per user
• Security Report: Failed access attempts, password changes, revocations

Use Cases:

• Compliance: Document who had access for audits
• Process Improvement: Understand review workflows
• Security: Identify suspicious access patterns
• Team Management: Track team engagement and contribution

Best Practices

Security Best Practices

✅ Use the right permission level - Don't give Editor access when Reviewer is sufficient

✅ Set expiration dates - Especially for external shares

✅ Use passwords for sensitive proposals - Competitive or proprietary information

✅ Revoke old shares - Clean up shares after reviews are complete

✅ Monitor access logs - Watch for unusual activity

✅ Limit public links - Prefer user-based sharing when possible

✅ Separate channels for link and password - Don't send both in same email

✅ Review share list regularly - Audit who has access monthly

❌ Don't share via unencrypted email - Use Cothon's built-in sharing

❌ Don't reuse passwords - Unique password per share

❌ Don't share full proposal when excerpt is enough - Share only necessary sections

❌ Don't leave shares active indefinitely - Set reasonable expiration

Collaboration Best Practices

✅ Assign section owners - Clear responsibility for each section

✅ Set review deadlines - Use expiration dates to enforce

✅ Use @mentions for action items - Direct comments to specific people

✅ Resolve comments promptly - Keep review process moving

✅ Communicate changes - Notify team of major edits

✅ Lock sections during major edits - Prevent conflicting changes

✅ Save frequently - Create version snapshots

✅ Document decisions - Use comments to record why changes were made

❌ Don't edit without notifying section owner - Coordinate changes

❌ Don't resolve comments without addressing - Mark resolved only when fixed

❌ Don't work offline and re-upload - Use real-time collaboration

❌ Don't ignore version history - Learn from past versions

Workflow Best Practices

Phase 1: Draft Development (Days 1-7)

• Share with core team as Editors
• Collaborative content creation
• Real-time editing
• Frequent saves and versions

Phase 2: Internal Review (Days 8-10)

• Share with reviewers as Reviewers
• Collect feedback via comments
• Editors address comments
• Track resolution progress

Phase 3: SME Validation (Days 11-12)

• Share relevant sections with subject matter experts
• Reviewers-only access
• Technical accuracy verification
• Final refinements

Phase 4: Executive Approval (Day 13)

• Share Executive Summary + key sections with leadership
• Viewer access
• Request approval
• Document sign-off

Phase 5: Final QA (Day 14)

• Limited access during final checks
• Only proposal manager has edit access
• Others have Viewer access for reference
• Prepare for submission

Phase 6: Submission & Archive (Day 15+)

• Revoke all external shares
• Change to read-only for organization
• Archive with metadata
• Preserve for future reference

Troubleshooting

Can't Access Shared Proposal

Problem: Shared link shows "Access Denied" or "Not Found"

Likely Causes:

• Link expired
• Access revoked
• Wrong password
• IP not whitelisted
• Browser cache issues

Solutions:

1. Verify link is correct (full URL copied)
2. Check with sender if link is still active
3. Confirm password (case-sensitive)
4. Try different browser or incognito mode
5. Check if VPN is required/prohibited
6. Contact sender to regenerate link

Permission Issues

Problem: Can't edit content despite having Editor access

Likely Causes:

• Section locked by another user
• Proposal in read-only status (e.g., Submitted)
• Permission downgraded
• Browser cache showing old permissions

Solutions:

1. Check section lock status
2. Verify current permission level (may have changed)
3. Refresh page to reload permissions
4. Contact owner if permissions incorrect
5. Check proposal status (can't edit submitted proposals)

Missing Comments

Problem: Comments not visible or notifications not received

Likely Causes:

• Comment on different version
• Filter applied
• Notification settings
• Permission doesn't include comments (Viewer)

Solutions:

1. Check version history (comments may be on older version)
2. Clear comment filters (show all, not just unresolved)
3. Verify permission level (Viewers can't see comments in some configurations)
4. Check notification settings in profile
5. Refresh page

Export Not Working

Problem: Can't export shared proposal

Likely Causes:

• Permission level doesn't include export
• Download prevention enabled
• Browser blocking download
• File size too large

Solutions:

1. Verify permission (Viewers may not have export rights)
2. Contact owner to enable export
3. Check browser download settings
4. Try different browser
5. Export sections individually if full proposal fails

Frequently Asked Questions

Next Steps

• Exporting - Export proposals for sharing outside Cothon
• Templates - Create templates to speed up future proposals
• Collaboration - Learn more about team collaboration features
• Security Settings - Configure organization-wide security policies
• Organization Management - Manage team members and permissions