When you share sensitive business information — trade secrets, proprietary processes, financial data, client lists, or product designs — you need assurance that the recipient will keep it confidential. A non-disclosure agreement (NDA) provides that assurance in a legally binding form. NDAs are among the most widely used legal documents in business, yet many people sign them without fully understanding what they are agreeing to. This guide explains exactly what an NDA is, the different types, what every NDA should contain, and the situations where you genuinely need one.
What Is a Non-Disclosure Agreement?
A non-disclosure agreement — also called a confidentiality agreement, confidential disclosure agreement (CDA), or proprietary information agreement (PIA) — is a legally binding contract in which one or both parties agree to keep specified information confidential and not disclose it to third parties without authorization. When properly drafted and signed, an NDA gives you legal recourse if the other party discloses your confidential information without permission.
NDAs are used in virtually every type of commercial relationship: between businesses negotiating a merger or acquisition, between employers and employees, between companies and their contractors, between startups and potential investors, and between partners entering a new joint venture. The common thread is that one or more parties will be exposed to information that the disclosing party has a legitimate interest in protecting.
Types of Non-Disclosure Agreements
One-Way (Unilateral) NDA
In a one-way NDA, only one party discloses confidential information, and only the receiving party is bound by the confidentiality obligation. This is the most common type. For example, when a company shares its product roadmap with a potential contractor, the company is the disclosing party and the contractor is the receiving party. The contractor agrees to keep the information confidential; the company has no reciprocal obligation because it is not receiving confidential information from the contractor.
Mutual (Bilateral) NDA
In a mutual NDA, both parties disclose confidential information to each other, and both are bound by confidentiality obligations. This type is common in business partnerships, joint ventures, and merger and acquisition negotiations, where both sides share sensitive financial, operational, or technical data as part of due diligence or collaboration discussions.
Employee Non-Disclosure Agreement
Employee NDAs are a specific type of unilateral NDA used in employment relationships. Employees are routinely exposed to confidential business information including client data, pricing strategies, internal processes, and trade secrets. An employee NDA creates a clear legal record that the employee understood their confidentiality obligations.
Contractor and Vendor NDA
When you hire an independent contractor, consultant, or vendor who will have access to confidential information, a standalone NDA or a confidentiality clause in the services agreement protects you. Unlike employees, contractors are not automatically bound by fiduciary duties, making a written agreement especially important.
What Should an NDA Include?
A well-drafted NDA should address the following elements to be enforceable and effective.
Definition of Confidential Information
This is the most critical clause. The NDA must clearly define what information is considered confidential. A definition that is too broad can be unenforceable or impractical. A definition that is too narrow may leave important information unprotected. Best practice is to define confidential information broadly but with examples — for instance: "all technical data, trade secrets, know-how, research, product plans, products, services, customers, markets, software, developments, inventions, processes, formulas, technology, designs, drawings, engineering, hardware configuration information, marketing, finances, and other business information disclosed by Disclosing Party."
Exclusions from Confidentiality
Every NDA should list the types of information that are NOT considered confidential. Standard exclusions include: information that is already publicly known at the time of disclosure; information that becomes publicly known through no fault of the receiving party; information the receiving party already possessed before the disclosure; information independently developed by the receiving party without use of the confidential information; and information disclosed under legal compulsion, provided the receiving party gives prompt notice to the disclosing party.
Obligations of the Receiving Party
The NDA should specify what the receiving party must do with confidential information: keep it confidential, use it only for the defined purpose, protect it with at least the same degree of care they use for their own confidential information, and not disclose it to third parties without written consent. The NDA should also address whether the receiving party may share confidential information with their own employees or contractors, and under what conditions.
Purpose of Disclosure
A well-drafted NDA specifies why the confidential information is being shared — for example, "to evaluate a potential business partnership" or "to perform software development services under the services agreement dated [date]." Defining the purpose limits how the receiving party may use the information, preventing them from using your confidential information for purposes you never intended.
Duration and Termination
The NDA should state how long the confidentiality obligations last. Common approaches include a fixed term (for example, three to five years from the date of signing), a term measured from when disclosure occurred, or obligations that survive indefinitely for trade secrets specifically. Courts generally disfavor NDAs with no time limit on ordinary business information, though perpetual protection for genuine trade secrets is often upheld.
Remedies for Breach
The NDA should acknowledge that a breach of confidentiality obligations may cause irreparable harm for which monetary damages would be inadequate, and that the disclosing party is therefore entitled to seek injunctive relief in addition to other remedies. This language positions you to quickly obtain a court injunction to stop unauthorized disclosure before your information spreads further.
Return or Destruction of Information
When the relationship ends or upon the disclosing party's request, the NDA should require the receiving party to promptly return all confidential materials or certify their destruction. This clause becomes particularly important when an employee leaves or a business relationship sours.
When Do You Need an NDA?
- Before sharing your business plan, financial projections, or product roadmap with investors or potential partners
- When hiring employees who will have access to trade secrets, client lists, or proprietary processes
- When engaging contractors, consultants, or vendors who will see sensitive internal systems or data
- During merger and acquisition due diligence, when both sides share detailed financial and operational information
- When pitching a new product or invention to a manufacturer, distributor, or licensee
- When a new employee is being onboarded and will access customer data, pricing, or proprietary software
When an NDA May Not Be Enough — or Necessary
An NDA is only as useful as your ability and willingness to enforce it. Suing for breach of an NDA requires proving that the information was actually confidential, that the defendant disclosed it, and that you suffered damages. This can be expensive and time-consuming. Before sharing highly sensitive trade secrets, consider whether additional protections — such as patents, copyrights, or trade secret protection under state law — might be more appropriate or more enforceable.
On the other hand, not every conversation requires an NDA. Many investors refuse to sign NDAs before initial pitch meetings, viewing them as a sign of naivety or excessive paranoia. In early-stage discussions where you are not yet revealing proprietary technical details, an NDA may be premature. Use judgment about what information you are actually sharing before requiring a formal agreement.
State Law Considerations for NDAs
NDA enforceability varies by state. California, for example, has some of the most employee-friendly laws in the country and places significant limits on the enforceability of non-compete clauses (though NDAs focused on confidentiality alone are generally enforceable). Washington state passed legislation in 2019 restricting the use of NDAs to silence workplace misconduct allegations. Several other states have followed with similar laws. When drafting an NDA, always consider the law of the state where the agreement will be enforced.
The Defend Trade Secrets Act (DTSA) of 2016 created a federal cause of action for trade secret misappropriation, giving companies a powerful federal remedy in addition to state law options. If your NDA protects trade secrets, including a reference to the DTSA can strengthen your position in federal court.
Download our free NDA Template to protect your confidential business information. Available in state-specific versions.
Common NDA Mistakes to Avoid
- Defining confidential information too vaguely: Courts may not enforce an NDA that fails to clearly identify what is protected.
- Forgetting to have all parties sign: An NDA is only binding on those who sign it. Ensure all relevant people sign.
- Setting an unreasonably long term: Courts sometimes refuse to enforce NDAs with extremely long durations for ordinary business information.
- Not tailoring to your jurisdiction: Use an NDA that reflects the law of the state where it will be enforced.
- Sharing information before the NDA is signed: Once information is disclosed, you cannot retroactively protect it with an NDA.