You can run Quip on premises, and it's functional without an Internet connection. So if the security picture matters that much there is an option (priced rather well, too).

There are a number of "shadow IT" single-admin Quip instances popping up both in systems I'm aware of and those I hear about from other folks, so I'm guessing it's easy to administer. I know it works without Internet connectivity because I saw someone install it in an environment that intentionally has no access.

I've always wanted Google Docs on prem so if Quip is it, that's interesting in itself especially for the security reasons. But, Google has incredibly stringent controls around user data after a particular press-involved incident involving an SRE, so while the paranoia of possibilities is well-founded, in practice they'd need a damned good reason (like a critical failure in the product) to even look. They can, and do, walk employees for getting this stuff wrong.

So theoretically, yes (good security mind), practically, not likely.

You're right. I read too much into the "Security/Privacy" section of their website.

So what's the real selling point, then? Like I said it seems like a hybrid of Google Docs and Google Wave.

Yeah I didn't get his comment either. I read their security document. They use SSL to encrypt traffic in transit. That is all. It's not encrypted at rest or in any other fashion. Big deal almost everything is SSL these days during transit the big sales point that catches MY eye are products that encrypt your data at rest like tarsnap, where no one, including the state can access it. THAT is the only products I will use or trust. These guys mine your data just like Google. Don't kid yourself.