[ericlewis]

I think this is a pragmatic decision. Direct messages are somewhat private (though I do understand that is not always the case with companies). It seems to me to be a privacy / security thing. I am not aware of any companies who solely use DMs, I am sure they exist. But the point of Quill was to not lock up information in DMs and to better organize channels. I would think users of Quill most likely did not solely use DMs, if they did, why bother with Quill in the first place?

Edit: ah the linked tweet (sorry, on a mainstream social media break), well that is certainly one company. I feel for them.

[brendoelfrendo]

Companies with data retention requirements might be legally obligated to keep those DMs, and I don’t see how Quill would be unaware of that. Either they’re confident that none of their clients have such a need or they decided that it would be too hard to export DMs with 4 days notice and said “meh.”

[ipaddr]

If they are legally required for data retention why did they use this product in the first place?

[throwaway19937]

Here are a few possible explanations based on my experience at various employers.

1. Departments/divisions have their own budgets; Quill was purchased before security or compliance was involved.

2. Quill was deployed or piloted for a group without retention requirements then escaped into the wild. Security or compliance wasn't involved until it was in use company wide.

3. A client required using Quill so the usual compliance requirements were waived.