NON-DISCLOSURE AGREEMENT (NDA)

What is a Non-Disclosure Agreement (NDA)?

A Non-Disclosure Agreement is a contract that protects confidential information. It sets rules for how you share, use, and guard sensitive content. It can be one-way, where only one side discloses information. It can be mutual, where both sides exchange confidential information.

You use an NDA when you need to talk openly but cannot risk leaks. It creates clear obligations and boundaries around private information. It also provides remedies if someone breaches the deal.

Businesses use them across many stages of work. You use it with potential investors, possible partners, and new vendors. You use it in hiring, consulting, and contractor relationships. You use it during sales talks and technology pilots. You use it for due diligence, IP licensing, and M&A. You also use it to protect client lists, formulas, product roadmaps, and pricing.

Law firms use NDAs in intake, expert engagements, and vendor onboarding. Startups use NDAs to keep stealth plans private. Manufacturers use NDAs to protect designs and prototypes. Agencies use these contracts when reviewing client briefs and creative. Healthcare and life sciences teams use NDAs to protect trial data. Professional services firms use NDAs to protect bids and methodologies.

You need an NDA when disclosure is necessary to move forward. If you need to share details to evaluate a deal, use a Non-Disclosure Agreement. If you need to brief a vendor to get a quote, use an NDA. If an employee or contractor will see sensitive material, use an NDA. If you pitch a concept that could be copied, use an NDA. If you grant access to systems, code, or data, use an NDA.

Typical scenarios are straightforward. You pitch a product to a large retailer. You show early designs, costs, and supplier terms. You have them sign an NDA first. You hire a contractor to audit your cloud setup. You provide credentials and architecture diagrams. You sign a mutual NDA. You explore a joint venture. You both exchange operational and financial details. You use a mutual NDA. You interview a senior hire who needs to see strategy decks. You use a one-way NDA. You evaluate a potential acquisition. You need to share financials and legal exposure. You set a tailored NDA with due diligence terms.

The NDA defines what counts as confidential information. It states how the recipient must protect it. It clarifies what they can do with it, and what they cannot. It lists exceptions, like information that is public or already known. It sets a time period for the obligations. It addresses what happens at the end. It also outlines remedies if the agreement is breached.

When Would You Use a Non-Disclosure Agreement?

You use this contract before you share confidential information with someone outside your team. You use it early, before the first sensitive exchange. If a discovery call will include confidential details, get an NDA signed first. If you need to send a technical spec to a prospective integrator, sign an NDA. If investors ask for a deck with unit economics, use an NDA if appropriate for that investor. If a supplier needs proprietary dimensions, use this contract first.

For business owners, NDAs help control disclosures during vendor selection. You may ask three agencies to propose solutions. Each agency will need details about your systems and strategy. You put an NDA in place with each one. For landlords and tenants, NDAs can assist during lease negotiations. You may review sensitive financial statements. Sign an NDA to limit the use of that information. For startups, NDAs help protect early-stage ideas. You will pitch to manufacturers and potential distributors. You sign NDAs to guard designs and pricing. For professional services firms, NDAs protect client information shared during sales pursuits. You may see a client’s data to scope the work. You sign an NDA to limit use and protect the client.

Use an NDA with employees and contractors when they access protected information. Employment agreements often include confidentiality clauses. Suppose they do not, use a separate NDA. For contractors, always use an NDA, even for short projects. It sets expectations and reduces risk. For joint development, use a mutual NDA to support open design work. You will share source code, product plans, and test results. You both need protection.

Use an NDA in due diligence before mergers or asset purchases. You will exchange financial, legal, tax, and HR data. The NDA will include limits on contact with employees and customers. It will address how to handle personal data and trade secrets. It can include a non-solicit to prevent poaching during the process.

Use an NDA when you must disclose to comply with a process. A regulator may require details from a third-party vendor. An NDA helps manage the flow and restricts misuse. If you must involve advisors, the NDA can allow limited sharing with them. It should require those advisors to maintain confidence as well.

If you are unsure, use an NDA when disclosure would cause harm if leaked. If the information could help a competitor, use an NDA. If the information includes IP, data, or strategy, use an NDA. If the information involves non-public financials, use an NDA. If the information includes someone else’s secrets, use an NDA. The NDA will not stop every leak, but it gives you strong legal tools.

Legal Characteristics of the Non-Disclosure Agreement (NDA)

An NDA is a legally binding contract. It binds the parties once they sign it or accept it. In a mutual NDA, both sides provide consideration by exchanging information or entering talks. In a one-way NDA, the consideration is access to confidential information or a business opportunity. The agreement should clearly state that the disclosure is in exchange for the recipient’s promises.

Enforceability rests on clear terms, reasonable scope, and proper formation. The NDA must identify the parties. It must define confidential information in practical terms. It should also state clear obligations. Avoid vague or sweeping language that covers everything under the sun. Courts look for fair and workable terms. You improve enforceability by being specific and reasonable.

The definition of confidential information should fit the purpose. You can define categories, such as “technical,” “commercial,” or “financial.” You can include formats, such as written, electronic, or oral. You can require marking for written disclosures. For oral disclosures, require prompt confirmation in writing. You can protect unmarked information that should be reasonably understood as confidential. Clarity matters.

The NDA should list common exceptions. Information in the public domain is not protected. Information already known by the recipient is not protected. Information received from a third party without a duty is not protected. Information independently developed without use of confidential information is not protected. These exceptions are standard and aid enforceability.

Obligations should match the risk. Require the recipient to protect the information with reasonable care. If the data is sensitive, raise the standard to the level used for similar data. Limit permitted use to a stated purpose. Prohibit reverse engineering, unless allowed by law. Limit sharing to representatives who need to know. Require those representatives to keep confidence. Impose responsibility on the recipient for their representatives’ breaches.

Include a term for the confidentiality obligation. Many NDAs set two to five years for general business information. Trade secrets can be protected for as long as they remain secret. An indefinite term for trade secrets is common and workable. Tie the duty to the nature of the information. Keep the term reasonable for other data.

Address compelled disclosure. The recipient may get a subpoena or legal demand. Allow disclosure if required by law, after giving prompt notice. Allow the disclosing party to seek protection. Limit the disclosure to what is legally required.

Include return or destruction obligations. On request or at the end of talks, the recipient must return or destroy confidential material. Allow retention of backup copies if required by IT policies. Keep those copies protected. Allow one archival copy for compliance, if needed.

State remedies. Money damages may not fix a leak. Include a clause for injunctive relief. That allows you to seek a court order to stop misuse. You can also add specific performance. You can address limits on liability if needed, but do not undermine deterrence. Many NDAs exclude liability limits for breaches of confidentiality.

Add a no-license clause. The NDA should confirm that no IP licenses are granted. Ownership remains with the disclosing party. If you will develop something together, use a separate development agreement.

Add governing law and venue. Choose a forum that is practical for both sides. If the relationship is local, choose your home forum. If parties are in different places, choose a neutral one. The governing law will guide interpretation and remedies. Keep this section clear and simple.

Electronic signatures are widely accepted. You can use e-signature tools to execute the NDA. You do not need a witness or notary in most cases. Date the agreement on signature.

If employees are involved, ensure obligations are fair and practical. Overbroad terms can face pushback or reduced enforceability. Avoid hidden non-compete terms in this contract. If you need a non-solicit, draft it carefully and separately if needed. Use reasonable scope, duration, and geography. Keep the NDA focused on confidentiality.

You can include a residuals clause for innovators. This clause allows the use of general knowledge retained in unaided memory. Draft it carefully to avoid gutting protection. If you include residuals, exclude source code, personal data, and trade secrets.

Finally, use an integration clause. It confirms that the NDA is the entire agreement on confidentiality. It prevents claims of side promises. Add assignment rules, notice details, and counterparts. These standard clauses help prevent disputes.

How to Fill Out a Non-Disclosure Agreement

Step 1: Identify the parties.

Write the full legal names of each party. Include the type of entity if applicable. Add the jurisdiction of formation for companies. Include principal business addresses. For individuals, include full names and addresses. Confirm who is the disclosing party and the recipient. For a mutual NDA, state that both are disclosing and receiving.

Step 2: Set the effective date.

Choose the date the NDA starts. This is when obligations begin. If you already shared confidential information, include a look-back period. State that prior disclosures are covered from a stated past date.

Step 3: Define the purpose.

State why you are sharing confidential information. Keep it specific but flexible. For example, “to evaluate a potential service engagement.” The purpose limits permitted use. The recipient may only use the information for that purpose.

Step 4: Define confidential information.

Draft a clear, practical definition. Include categories relevant to your deal. Include formats, such as written, digital, oral, and visual. Decide if written information must be marked confidential. If so, add a fallback for unmarked information that is clearly confidential. Add a confirmation window for oral disclosures, such as 15 or 30 days.

Step 5: Add standard exclusions.

List the usual exceptions. These include information that is public, already known, received from another source, or independently developed. Make sure the burden of proof sits with the recipient. This keeps the definition balanced.

Step 6: Set use and care obligations.

Limit use to the stated purpose. Prohibit distribution outside the recipient’s organization. Permit sharing only with “Representatives” who need to know. Define Representatives to include employees, officers, directors, affiliates, contractors, advisors, and lenders. Require the recipient to ensure those people maintain confidence. Set the standard of care. Use “reasonable care” or a higher standard for sensitive data.

Step 7: Address security expectations.

If you have minimum security requirements, attach them as a schedule. Reference the schedule in the main agreement. This is helpful for data rooms, code, or personal data. Keep requirements practical and tied to the risk.

Step 8: Handle compelled disclosure.

Write a clause that covers subpoenas or legal demands. Require prompt notice, if allowed. Require cooperation to seek protective orders. Limit the disclosure to what is necessary. Preserve the confidentiality of the remainder.

Step 9: Choose the term and survival.

Decide how long the confidentiality obligation lasts. Use a fixed term for business information, such as three years. Allow indefinite protection for trade secrets. State that obligations survive expiry or termination for the stated period.

Step 10: Include return and destruction.

Require return or destruction of confidential material on request. Address electronic backups that cannot be deleted. Require continued protection for retained backups. Allow one archival copy for compliance if needed.

Step 11: Add IP and no-license language.

State that disclosure does not grant licenses. Confirm that all rights remain with the disclosing party. If joint work is possible, state that any separate development needs a separate agreement.

Step 12: Add remedies and equitable relief.

State that the breach may cause irreparable harm. Allow the disclosing party to seek an injunction. Confirm that this is in addition to other remedies. Consider excluding liability caps for breaches. Keep the clause balanced to support enforceability.

Step 13: Consider additional restrictions.

If you need a non-solicitation clause, add it here or as a schedule. Limit it to a reasonable period, such as 12 months. Limit it to people the recipient met through the process. Avoid adding a non-compete unless necessary and lawful. Keep the contract focused on confidentiality.

Step 14: Select governing law and venue.

Choose a jurisdiction for disputes and law. Pick a practical forum you can access. Ensure the venue ties to the governing law. Add a clause on service of process if parties are in different places.

Step 15: Add boilerplate.

Include the entire agreement, amendments in writing, and severability. Include assignment limits. Include notices with addresses and email. Include counterparts and electronic signatures. These clauses round out the contract.

Step 16: Tailor schedules and attachments.

Add a schedule with the project description and purpose. Add a schedule listing examples of confidential information. Add a schedule for security standards if relevant. Add a list of permitted recipients, such as named advisors. Reference each schedule in the body.

Step 17: Confirm signatory authority.

Ensure the person signing for a company has authority. Use their proper title. For subsidiaries or affiliates, clarify who is bound. If affiliates need access, include them in the definition of Representatives, or list them in a schedule.

Step 18: Prepare signature blocks.

Create blocks for each party. Include the legal name, signatory name, title, and date. For individuals, include name and signature line. Add space for the effective date if separate from signature dates. Most NDAs do not need a witness or notary.

Step 19: Final check for clarity.

Read the definition of confidential information. Make sure it fits your deal. Confirm the purpose statement is not too narrow or broad. Check that the term is reasonable. Verify that exceptions and remedies are balanced. Remove any conflicts between the main body and schedules.

Step 20: Execute and manage.

Send the final version for signature. Use an e-sign platform for speed and records. Share only after both sides sign. Keep a copy in your contract system. Track the term and any deadlines to return or destroy information.

Real-world example:

You plan to share an API design with a partner. In the purpose clause, state “for evaluating a potential integration.” In the definition, include source code, schemas, and roadmaps. Set a three-year term for business information. Protect source code as a trade secret with no end date. Add a security schedule requiring encryption at rest and in transit. Require the partner to limit access to named engineers. Include an injunction clause. Choose a practical governing law and venue. Sign electronically and share via a secure portal.

Another example: You will receive a customer list from a potential seller. Use a mutual NDA if you will also share your sales data. Define confidential information to include lists, pricing, and customer agreements. Exclude information that is public or known. Limit use to evaluating the transaction. Add a no-solicit of customers and employees for 12 months. Set a two-year confidentiality term for business information. Allow indefinite protection for trade secrets. Include return or destruction on request. Choose the venue you can access. Sign and proceed.

If you follow these steps, you will produce a clear, enforceable NDA. You will set clean expectations. You will protect your information while enabling the discussion you need.

Legal Terms You Might Encounter

• Disclosing Party means the side that shares information. In your NDA, this is the person or company revealing specific facts, data, or documents. You list who they are so everyone knows whose information the agreement protects.
• Receiving Party means the side that gets the information. In your NDA, this is the person or company that must keep the shared information confidential. You name them so their duties are clear and binding.
• Confidential Information covers what the NDA protects. Your form should describe it in practical terms. Think business plans, customer lists, code, formulas, drawings, pricing, or prototypes. Many NDAs include both written and oral disclosures. Some require a “confidential” label. Others protect information that a reasonable person would treat as confidential. Tailor this definition to what you will actually share.
• Purpose limits how the Receiving Party may use the information. You might say “to evaluate a potential partnership” or “to build a proposal.” Keep it specific. The Purpose protects you by stopping any use beyond that scope.
• Non-Use and Non-Disclosure are the core duties. Non-Use means the Receiving Party will not use your information except for the Purpose. Non-Disclosure means they will not share it with anyone except permitted people. Your NDA should state both obligations plainly and together.
• Representatives are people who work with or for a party and may see the information. Think employees, officers, directors, contractors, advisors, and agents. Your NDA should restrict disclosure to Representatives who need to know and bind them to the same or stronger confidentiality duties. This keeps your protections intact when teams get involved.
• Permitted and Compelled Disclosure describes narrow exceptions. Permitted disclosure allows sharing with approved Representatives or as needed to fulfill the Purpose. Compelled disclosure addresses legal demands, like subpoenas. Your NDA should require prompt notice before any compelled disclosure. It should also require cooperation to narrow or challenge the demand where possible.
• Term and Survival deal with timing. The Term sets how long this contract stays in effect. Survival sets how long confidentiality duties last after the NDA ends. For example, the agreement may run for two years, while the duty to keep trade secrets can survive longer. Your form should name both periods clearly.
• Return or Destruction explains what happens at the end. The Receiving Party must return or destroy confidential materials when the NDA ends or on request. Your NDA should describe the process and timing. It should also allow one archival copy if needed for compliance.
• Remedies describe what happens if someone breaches the NDA. You may not undo a leak, so money may not be enough. Many NDAs allow immediate court orders to stop misuse, called injunctive relief. Your form should reserve these rights and any other legal remedies. This puts teeth behind the obligations.
• No License clarifies ownership. Sharing information does not grant rights to your patents, copyrights, trademarks, or other IP. Your NDA should state that all rights remain with the Disclosing Party. This prevents implied rights or unintended licenses.

FAQs

Do you need a mutual or one-way NDA?

Choose mutual if both sides will share sensitive details. Use one-way if only one side discloses. If you are unsure, mutual NDAs are often easier. They create the same duties for both sides, which can feel fair and speed up signing.

Do you need an NDA if you already have a contract?

Check the existing contract first. Many service, consulting, or partnership contracts already include a confidentiality clause. If that clause is robust and covers your new disclosures, you may not need a separate NDA. If not, add an NDA or amend the existing contract to fill the gaps.

Do NDAs cover verbal disclosures?

They can. Some NDAs protect oral disclosures automatically. Others require you to confirm them in writing within a set time. If you plan to share sensitive information in meetings, include oral disclosures in your definition. Add a simple follow-up process, like an email summary.

Do NDAs expire, and how long should they last?

Your NDA should set both a Term and a survival period. The Term governs the agreement while you talk. The survival period governs how long confidentiality lasts after your talks end. Many businesses choose one to five years for general business information. Trade secrets often need protection until they are public through no fault of the Receiving Party. Match the length to the sensitivity and shelf life of the data.

Do you need to mark information “confidential”?

Labeling helps. It removes doubt. Many NDAs require reasonable efforts to mark confidential information. Still, not everything is easy to label, like conversations or live demos. Your form can protect unlabeled information that a reasonable person would treat as confidential. If your NDA requires labels, build a routine to apply them consistently.

Do NDAs stop employees or contractors from using their general skills?

No. NDAs protect defined confidential information. They do not stop someone from using general knowledge or skills learned on the job. Some NDAs include a “residuals” clause that allows use of unprotected know-how retained in memory. If you want to avoid that, do not include a residuals clause. Clarify that general skills are not restricted, but confidential information is.

Do you need signatures from consultants or affiliates?

You need binding obligations on anyone who touches the information. You can do that in two ways. First, your NDA can require the Receiving Party to bind its Representatives to equal or stronger duties. Second, you can have each consultant sign a separate NDA. Choose the method that fits your structure and timeline. If in doubt, require both.

Do e-signatures count?

Most business transactions accept electronic signatures. If you plan to sign electronically, include a clause that recognizes electronic signatures as valid and enforceable. Use a reliable process that records the signer, date, and final document. Keep a clean, countersigned PDF in your records.

Checklist: Before, During, and After the Non-Disclosure Agreement

Before signing

• Identify who will disclose information and who will receive it.
• Define the Purpose in one short sentence.
• List the types of information you will share in the near term.
• Decide how you will label confidential items.
• Decide if both sides will disclose. Choose mutual or one-way.
• Set the Term and confidentiality survival period.
• Agree on how to handle oral disclosures and meeting notes.
• Decide who counts as “Representatives” and who must sign separately.
• Choose how you will sign: wet ink or electronic.
• Confirm return or destruction steps and timing.
• Confirm remedies you need, including injunctive relief.
• Align on whether you need a non-solicit or a non-compete in a separate document.
• Prepare a directory of people who will access the information.
• Draft a short notice plan for possible compelled disclosures.

During signing

• Verify legal names and entity types for both parties.
• Confirm addresses for notice and primary contacts.
• Check that the Purpose matches your actual plan.
• Review the Confidential Information definition for clarity and fit.
• Confirm labeling rules and any follow-up requirements for oral disclosures.
• Verify the list and duties of Representatives.
• Check the Term, survival period, and any renewal or end triggers.
• Confirm return or destruction obligations and timelines.
• Review exclusions, like information already known or public.
• Confirm “No License” and ownership language.
• Review remedies and limitations of liability, if any.
• Check assignment, amendment, and entire agreement clauses.
• Confirm signature blocks, names, titles, and dates.
• Ensure exhibits or schedules, if any, are attached and accurate.

After signing

• Exchange executed copies and confirm receipt.
• Store the final, countersigned version in a secure location.
• Log key dates: effective date, Term end, survival end.
• Share a short internal summary: Purpose, rules, contacts, and timelines.
• Limit access to people who need to know. Update permissions as roles change.
• Label shared files and documents as “Confidential” per the agreement.
• Train Representatives on handling, storage, and sharing rules.
• Set up a process for return or destruction at the end of the relationship.
• Keep a notice template ready for any compelled disclosure event.
• Review the NDA before each new disclosure to confirm coverage.
• Track amendments and store them with the original agreement.
• Schedule a reminder to revisit or renew the NDA if talks continue.

Common Mistakes to Avoid in Non-Disclosure Agreements

Using a vague definition of confidential information

• Consequence: Gaps invite disputes and weaken protection.
• Tip: Describe categories you will actually share. Include examples. Address both written and oral disclosures. Don’t forget digital files and demos.

Failing to limit the Purpose

• Consequence: The Receiving Party may use your information too broadly.
• Tip: Keep the Purpose narrow and specific. If the project expands, amend the NDA to match.

Ignoring Representatives and third parties

• Consequence: Advisors or contractors may access data without clear duties.
• Tip: Require need-to-know access only. Bind all Representatives to equal or stronger obligations. Get separate NDAs where needed.

Skipping survival and return/destruction rules

• Consequence: Duties may end too soon. Information may linger in inboxes or devices.
• Tip: Set a realistic survival period. Mandate return or destruction at the end. Allow one archival copy only if necessary for compliance.

Mixing in non-compete or hiring restrictions without care

• Consequence: Delays, pushback, or unenforceable terms.
• Tip: Keep it focused on confidentiality and use. Put non-solicit or non-compete terms in a separate, tailored agreement if needed. Don’t forget local rules may limit those clauses.

What to Do After Filling Out the Form Non-Disclosure Agreement

1) Finalize the draft

• Confirm names, Purpose, and dates. Check that the definition of confidential information fits what you plan to share first.
• Align on the Term and survival periods. Adjust before you sign, not after.
• Confirm who will sign and in what capacity. Ensure signers have authority.

2) Execute the agreement

• Send the final version for signature. Avoid last-minute edits during signing.
• If using an e-signature, lock the file before routing. Keep a clear audit trail.
• Obtain countersignature. Confirm the effective date.

3) Distribute and store

• Share the executed copy with your internal team. Include a short summary of rules.
• Store the final signed version in a secure, searchable place. Use version control.
• Restrict access to people who need to know. Update permissions as teams change.

4) Operationalize the obligations

• Label each shared item as “Confidential” if required.
• Provide a quick “handling guide” to your Representatives. Cover do’s and don’ts, retention, and sharing rules.
• Set up a secure channel for file sharing. Avoid personal email for sensitive items.
• Log what you share. Keep a record of dates, recipients, and file names.

5) Monitor and maintain

• Track key dates and milestones. Set reminders for the Term and survival end.
• Review it before each new disclosure. Confirm the Purpose still fits.
• If you need to change the scope, draft a short written amendment. Get it signed and store it with the original.

6) Prepare for edge cases

• Create a notice template for compelled disclosure. Include who to notify and how fast.
• Map a response plan for a suspected breach. Identify your contacts, steps, and timelines.
• Keep a process for return or destruction. Schedule a final sweep of devices and backups when the NDA ends.

7) Closeout and lessons learned

• When the relationship ends, trigger return or destruction steps. Request written confirmation of completion.
• Review what worked and what did not. Update your NDA template and process.
• Archive one compliance copy if allowed. Remove all other copies from active systems.