The "Never Share" Rule: Protecting Core Marketing IP

The challenge with IP protection is that it often involves judgment calls: "should I share this with this client?" "Is this sensitive enough to warrant special controls?" "Will the client need this or not?"

Judgment calls are where consistency breaks down. Under time pressure, people default to "easier" — which usually means "more permissive." The "never share" rule eliminates the judgment call for your most important IP.

What the "Never Share" Category Includes

The never-share category is a predefined list of document types that categorically never enter a client-accessible area. The list typically includes:

• Framework source documents: The actual structured frameworks you use across engagements
• Cross-client benchmark data: Even anonymised, this aggregates insights from multiple clients
• Internal playbooks: Your "how we do this" operational documentation
• Template master files: Source templates before client-specific population
• Pricing and margin documents: Your cost structure, margins, and pricing logic
• Multi-client comparative analyses: Any document that compares clients (even without naming them)

The rule isn't "these need careful consideration each engagement" — it's "these never, under any circumstances, go in a client folder." No exceptions.

How Firma's "Never Share" Tagging Works

In Firma, documents and folders can be tagged as "Never Share," which removes them from the client-facing portal view regardless of where they sit in the underlying Google Drive structure.

This means you can have a comprehensive engagement folder that includes your working documents alongside client deliverables — and the portal shows clients only what you've designated as shareable. Your working documents, framework references, and internal notes stay invisible.

This solves the most common source of accidental framework disclosure: the "working folder share" where the client sees everything, including the internal working context.

Making the Rule Stick

The never-share rule only works if it's applied consistently — which requires making it a default decision, not a per-engagement decision.

Implementation:

1. Create your never-share document list (write it down, make it explicit)
2. Before every portal setup, review the engagement folder against the list
3. Tag or exclude everything on the list before granting client access
4. As part of every engagement close, verify the list was applied correctly

The five-minute pre-delivery review is a forcing function that catches the "I'll deal with it later" exceptions before they become IP leakage events.

---

Frequently Asked Questions

What is a "never share" document category for marketing agencies?

It's a predefined list of document types that are categorically excluded from client-accessible areas, regardless of engagement context. The list typically includes framework source files, cross-client benchmark data, internal playbooks, and template masters. The rule is binary — never share — not a judgment call per engagement.

How does "never share" tagging work in Firma?

In Firma, documents or folders tagged as "Never Share" are excluded from the client-facing portal view even if they exist in the underlying Google Drive folder structure. The tag creates a client-visibility layer separate from storage organisation, so you can keep your working context in one place while controlling exactly what clients see.

What happens if I accidentally put a "never share" document in a client portal?

Catch it before the client accesses it: review the portal before sending the client link and verify your never-share list was applied. If the client has already accessed it: assess what was exposed (if it's a framework document, not just a populated output), revoke access to that specific document immediately, and if warranted, have a conversation about the confidentiality of methodology information — framed calmly as a correction, not an accusation.