Publishing Notes with Quill
A look at the encryption, access controls, and expiration behind Quill's note sharing.
The best, most productive conversations are also the most raw. And the notes on those conversations often contain sensitive decisions or details that you want to share with specific people, not with the whole world.
Quill is a meeting assistant that respects your data. We built Quill local-first so that your transcripts, notes, and other data is created and stored on your computer.
But when you do want to share your take-aways, how can you do this both easily and securely?
This document covers how we built an easy link-sharing system for just the content you choose in a way that even Quill’s servers never encounter your raw data, while letting you choose who can see it and being able to audit that access later.
Step 1: Encryption that happens on your machine
When you publish a note, Quill encrypts it on your computer before sending anything to our servers. The note content and meeting metadata get encrypted with AES-256-CBC (a widely trusted encryption standard), and the key used to encrypt them is derived through a process designed to resist brute-force attacks.
What gets sent to our server is the encrypted data — essentially random-looking bytes. The encryption key stays with you.
One clever bit: the encryption key
When you share a published note, the link looks like this:
<https://app.quillmeetings.com/published/notes/abc123#key=HXWKTR9FNBQM4VYZ>
That # matters. In how the web works, everything after the # (called a fragment) is handled entirely by the browser. It's never included in the request to a server. So when someone opens your link, our server receives a request for the note, but the key part of the URL stays in their browser, where the decryption happens.
This means we don't just promise not to read your notes. We architecturally can't. We have the encrypted data, but we never have the key. The decryption happens in the viewer's browser, and we're not involved.
Step 2: Four levels of access control
In addition encryption, you can control who's allowed to access the encrypted note data in the first place:
Anyone with the link — No login needed. Whoever has the URL and the key can view the note.
Any Quill user — The viewer needs to be signed into a Quill account.
My organization — Only people in your Quill organization can view it.
Specific people — You add email addresses, and only those people can view the note.
These checks happen server-side before the encrypted data is served. If someone doesn't meet the requirements, they never receive the encrypted content, so even having the key in the URL wouldn't help them.
View logging
Each time someone views your note, it's recorded — their email and when they viewed it. This log is private to you as the publisher; viewers don't see it.
It's a simple audit trail. If you shared board meeting notes with five people, you can check whether all five opened them.
Expiration
Published notes expire after 7 days by default. You can also choose 30 days, 90 days, or no expiration.
When a note expires, the encrypted data is permanently deleted from our database. There's no way to recover it — not for you, not for us. The only copy that remains is on your local machine in the Quill app.
We think this is the right default. Shared notes should be available long enough for people to read them, but they shouldn't sit on a server indefinitely.
The end-to-end flow
Putting it all together:
- You publish. Quill encrypts the note locally, sends the encrypted data to our server with your visibility and expiration settings.
- You share the link. It contains both a note ID (for our server) and the decryption key (for the browser).
- Someone opens it. Our server checks expiration and access rules. If they pass, it serves the encrypted data.
- Their browser decrypts. The key from the URL fragment decrypts the note. Our server never sees the plaintext.
- The view is logged. You can see who accessed it and when.
- It expires. The encrypted data is deleted from our servers. Your local copy in Quill remains.
Why this approach
Most products store your data in plaintext and rely on access controls alone. That works, but it means you're trusting the company — and anyone who compromises their servers — not to look.
We wanted something stronger for meeting notes. With published notes, the encryption means we can't read the content, the access controls mean you decide who receives it, and the expiration means it doesn't stick around longer than it needs to.
Ready to transform your meetings?
Join thousands of professionals using Quill to capture better notes while keeping their data private.
Download Quill Free