Non‑disclosure agreements (NDAs) are the legal glue that keeps confidential information from leaking when two parties start talking business. Whether you’re a freelancer protecting a client’s prototype, a startup sharing a pitch deck, or a corporation onboarding a vendor, an NDA sets clear expectations and gives you a fallback if the trust is broken. The hardest part for most people isn’t the legal jargon—it’s deciding what to include, how to phrase obligations, and where to draw the line between “confidential” and “publicly known.” This guide walks you through every decision point, gives you a ready‑to‑use outline, and highlights the pitfalls that turn a solid NDA into a paper‑thin promise.
Step by Step
- Identify the parties
Write the full legal names of every signatory (individuals or entities) and include any “doing business as” (DBA) names. Add the jurisdiction (state or country) that will govern the agreement. Example:
`ABC Technologies, Inc., a Delaware corporation (“Disclosing Party”)` and `Jane Doe, an independent consultant (“Receiving Party”).`
- Define “Confidential Information”
Use a precise definition that covers the types of data you want to protect (e.g., technical specifications, business plans, customer lists) and the formats (written, oral, electronic, visual). Include a clause that “confidential information” does not include information that is (a) already public, (b) already known to the receiving party without breach, (c) independently developed, or (d) disclosed by a third party with no confidentiality obligation.
- Set the purpose and scope
State why the receiving party is getting the information (e.g., “to evaluate a potential partnership”) and limit use to that purpose. A narrow purpose reduces the risk of over‑reach and makes enforcement easier.
- Specify the obligations
List the duties the receiving party must follow, such as:
- Keep the information in a secure location.
- Restrict access to employees or contractors who need it and who have signed a similar NDA.
- Not copy, reverse‑engineer, or disclose the information without written consent.
Include a “reasonable care” standard (often “at least the same degree of care the receiving party uses for its own confidential data”).
- Determine the term
Decide how long the confidentiality obligation lasts. Common choices are:
- Duration of the business relationship plus a fixed period (e.g., “for two years after termination”).
- Indefinite for trade secrets that retain value indefinitely.
Keep the term realistic; overly long periods can be deemed unenforceable in some jurisdictions.
- Add boilerplate clauses
Include standard sections that protect both sides:
- Return or destruction of materials upon request or termination.
- No license clause (the NDA does not grant any IP rights).
- Governing law and venue (e.g., “laws of the State of New York, exclusive jurisdiction of New York courts”).
- Severability (if any part is invalid, the rest remains enforceable).
- Entire agreement (the NDA supersedes prior oral or written understandings).
- Signature block
Provide space for each party’s authorized representative to sign, date, and print their name and title. If the agreement is executed electronically, note that electronic signatures are acceptable.
A Simple Structure to Follow
Below is a reusable outline you can copy into a word processor or plain‑text editor. Replace bracketed placeholders with your specifics.
```
NON‑DISCLOSURE AGREEMENT
This Non‑Disclosure Agreement (the “Agreement”) is entered into as of [Date] by and between:
- Disclosing Party: [Full Legal Name], a [State/Country] [entity type] with its principal office at [Address] (“Disclosing Party”);
- Receiving Party: [Full Legal Name], a [State/Country] [entity type] with its principal office at [Address] (“Receiving Party”).
- Purpose
The Receiving Party will receive Confidential Information solely for the purpose of [brief description of purpose].
- Definition of Confidential Information
“Confidential Information” means any non‑public information disclosed by the Disclosing Party, whether oral, written, electronic, or visual, including but not limited to [list categories]. Confidential Information does not include information that is (a) publicly known, (b) already in the Receiving Party’s possession without breach, (c) independently developed, or (d) received from a third party without restriction.
- Obligations of Receiving Party
a. Maintain confidentiality using at least the same degree of care it applies to its own confidential data, but no less than reasonable care.
b. Limit access to employees or contractors who have a need‑to‑know and who have executed a comparable NDA.
c. Not disclose, copy, or use the Confidential Information for any purpose other than the Purpose.
- Term
The obligations set forth in this Agreement shall continue for [X] years after the date of termination of the business relationship, or indefinitely for trade‑secret information, whichever is longer.
- Return or Destruction
Upon written request or termination, the Receiving Party shall promptly return or destroy all Confidential Information and certify such destruction.
- No License
Nothing in this Agreement grants the Receiving Party any rights to the Disclosing Party’s intellectual property.
- Governing Law
This Agreement shall be governed by the laws of [State/Country], and any dispute shall be resolved in the courts of [Venue].
- Miscellaneous
a. Severability – If any provision is held invalid, the remainder remains in effect.
b. Entire Agreement – This document constitutes the entire agreement between the parties concerning confidentiality.
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date first written above.
_____________________________ _____________________________
[Name, Title] – Disclosing Party [Name, Title] – Receiving Party
Date: _____________ Date: _____________
```
Common Mistakes to Avoid
- Over‑broad definitions – Including “all information whatsoever” can render the clause unenforceable because it’s unreasonable to protect everything.
- Missing “purpose” limitation – Without a clear purpose, the receiving party may argue they can use the data for any activity.
- Failing to specify a reasonable care standard – Vague language like “use utmost care” may be interpreted differently across jurisdictions.
- Leaving out return/destruction provisions – Forgetting to require the return of materials leaves confidential data lingering on the receiving party’s servers.
- Neglecting jurisdiction – If the parties are in different states or countries, not naming a governing law can create costly venue battles.
A Short Example
> Confidential Information means any technical specifications, source code, product roadmaps, and customer lists disclosed by ABC Technologies, Inc. to Jane Doe, whether in written form, electronic files, or oral presentations, that are not publicly available at the time of disclosure. Confidential Information does not include information that (i) was already known to Jane Doe without breach of any obligation, (ii) becomes publicly known through no fault of Jane Doe, (iii) is independently developed by Jane Doe, or (iv) is received from a third party who is not bound by a confidentiality obligation.
This snippet shows a tight definition, a list of excluded categories, and a clear reference to the parties.
Pro Tips
- Tailor the “reasonable care” clause to your industry – For software firms, cite “industry‑standard encryption and access controls”; for manufacturing, reference “locked cabinets and limited‑access workstations.” Specificity strengthens enforceability.
- Use a “survival” clause for trade secrets – Even after the NDA expires, trade‑secret information should remain protected indefinitely. Add a sentence such as “Obligations concerning trade‑secret Confidential Information shall survive termination of this Agreement.”
- Pre‑approve a list of permitted recipients – Instead of a blanket “employees,” attach a schedule (Schedule A) naming the individuals or roles allowed to see the data. This reduces ambiguity and eases compliance audits.
- Include a “notice of breach” provision – Require the receiving party to notify the disclosing party within a set period (e.g., “within five business days”) of any suspected or actual breach. Prompt notice limits damage and shows good faith.
- Run a quick legal sanity check – Even a short NDA should be reviewed by counsel familiar with the relevant jurisdiction. A 30‑minute call can catch jurisdictional quirks, especially when dealing with cross‑border collaborations.
With these steps, a clear template, and an eye on the common traps, you can draft an NDA that protects your secrets without drowning the recipient in legalese. The result is a concise, enforceable contract that lets both sides share information confidently and focus on the work that matters.