Free Word download • Edit online • Save & share with Drive • Export to PDF
A Non-Disclosure Agreement (NDA) — also called a confidentiality agreement — is a legally binding contract in which one or both parties commit to keeping defined confidential information secret and using it only for the specific purpose the agreement authorizes. It identifies what information is covered, who may access it, how long the obligations last, and what remedies are available if the receiving party discloses or misuses protected information. NDAs are enforced through civil litigation, and courts regularly grant emergency injunctive relief to stop ongoing disclosure — making them one of the most practically effective tools for protecting trade secrets, business plans, customer data, and proprietary technology before they leave your control.
Every time you share sensitive information before a formal contract is in place — pitching to an investor, vetting a vendor, onboarding a contractor, or negotiating a partnership — that information is at risk. Without a signed NDA, a recipient who walks away with your product concept, pricing model, or client list faces no contractual obligation to keep it confidential, and proving a breach-of-confidence claim without a written agreement is expensive and uncertain. The consequences range from a competitor learning your roadmap to a prospective investor sharing your financials with a rival portfolio company. A properly executed NDA, signed before the first disclosure, creates enforceable obligations backed by the right to seek injunctive relief the moment a breach begins — not months later after damages have accumulated. This template gives you a complete, jurisdiction-ready starting point in 15 minutes.
| If your situation is… | Use this template |
|---|---|
| Both parties are sharing confidential information with each other | Mutual NDA |
| Only one party is disclosing — e.g., sharing a business idea with a vendor | One-Way (Unilateral) NDA |
| Protecting confidential information shared with a new employee | Employee Confidentiality Agreement |
| Covering information shared during a potential acquisition or merger | M&A Confidentiality Agreement |
| Engaging an independent contractor on a sensitive project | Independent Contractor NDA |
| Sharing proprietary technology with a potential licensing partner | Technology Non-Disclosure Agreement |
| Protecting client information in a professional services engagement | Client Confidentiality Agreement |
Why it matters: Information shared before the NDA was signed may be treated as voluntarily disclosed without restriction, removing it from the agreement's protection entirely.
Fix: Execute the NDA before any meeting, call, or data room access where confidential information will be discussed — no exceptions.
Why it matters: Courts apply a reasonableness standard; an overbroad definition signals the disclosing party hasn't identified what actually needs protection, and judges may narrow it in ways that leave critical data unprotected.
Fix: Enumerate specific categories — financial data, customer lists, source code, formulas — and use a catch-all only as a supplement, not a substitute.
Why it matters: A 2-year NDA with no survival clause means confidentiality obligations expire on schedule even if the receiving party still holds highly sensitive technical or commercial data.
Fix: Add a separate survival provision stating that trade-secret obligations continue indefinitely and other confidential information obligations survive for at least 3–5 years post-termination.
Why it matters: Without this clause, a court may require the disclosing party to prove quantifiable monetary damages before issuing an emergency stop order — by which time the damage is done.
Fix: Include standard language in which the receiving party acknowledges irreparable harm and consents to injunctive relief without bond, which gives the disclosing party an expedited legal remedy.
Why it matters: A mutual NDA imposes obligations on the disclosing party it did not intend to accept — including restrictions on using information about the receiving party that flows back during the conversation.
Fix: Match the NDA structure to the actual disclosure dynamic. Use a unilateral NDA when only one party is sharing sensitive information; reserve mutual structures for genuine two-way exchanges.
Why it matters: Without it, confidential documents, presentations, and data files remain in the receiving party's possession after the relationship ends — creating ongoing leakage and re-disclosure risk.
Fix: Include a clause requiring return or certified destruction of all confidential materials within 10 business days of termination, with written confirmation provided to the disclosing party.
In plain language: Identifies the disclosing party, receiving party, their legal entity types, and the business context that makes disclosure necessary.
This Non-Disclosure Agreement ('Agreement') is entered into as of [DATE] between [DISCLOSING PARTY LEGAL NAME], a [STATE] [ENTITY TYPE] ('Disclosing Party'), and [RECEIVING PARTY LEGAL NAME], a [STATE] [ENTITY TYPE] ('Receiving Party'), in connection with [PURPOSE OF DISCLOSURE].
Common mistake: Using trade names instead of full registered legal entity names — if a breach occurs, enforcing the agreement against the wrong entity can void the whole claim.
In plain language: Specifies exactly what information is covered — the broader and more precise this definition, the easier it is to enforce.
'Confidential Information' means any non-public information disclosed by the Disclosing Party in any form, including but not limited to technical data, trade secrets, financial projections, customer lists, product roadmaps, and business strategies, whether disclosed orally, in writing, or by inspection of tangible objects.
Common mistake: Relying on a catch-all like 'all information shared' with no specificity — courts applying a reasonableness standard may narrow vague definitions so broadly that key data falls outside protection.
In plain language: Limits the receiving party to using confidential information solely for the specific purpose stated in the agreement — not for any other commercial advantage.
Receiving Party shall use the Confidential Information solely for the purpose of [EVALUATING A POTENTIAL BUSINESS RELATIONSHIP / SPECIFIC PURPOSE] and for no other purpose without prior written consent of Disclosing Party.
Common mistake: Stating the permitted purpose too broadly (e.g., 'business purposes') so that the receiving party can argue almost any use is permitted — define the specific transaction or project.
In plain language: States the core duty: keep the information secret, apply at least the same care as the receiving party uses for its own confidential information, and disclose only to those with a need to know.
Receiving Party shall: (a) hold all Confidential Information in strict confidence; (b) not disclose it to any third party without prior written consent; (c) limit access to employees and advisers who have a need to know and are bound by obligations no less restrictive than this Agreement; and (d) use at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care.
Common mistake: Omitting the 'need to know' limitation, which allows the receiving party to share with any employee — significantly expanding exposure if an insider misuses the information.
In plain language: Carves out information that is already public, independently developed, or lawfully received from a third party — standard exclusions that courts expect to see.
The obligations of this Agreement do not apply to information that: (a) is or becomes publicly available through no act or omission of Receiving Party; (b) was rightfully in Receiving Party's possession before disclosure; (c) is independently developed by Receiving Party without use of Confidential Information; or (d) is lawfully obtained from a third party without restriction.
Common mistake: Drafting exclusions too narrowly or omitting them entirely — this creates an unenforceable agreement because courts impose standard exclusions by default, often in terms less favorable to the disclosing party.
In plain language: Addresses what happens when the receiving party is legally required to disclose — e.g., by subpoena or regulatory demand — and requires prompt notice so the disclosing party can seek a protective order.
If Receiving Party is compelled by law, regulation, or court order to disclose Confidential Information, it shall: (a) provide Disclosing Party with prompt written notice (to the extent permitted by law); (b) cooperate with Disclosing Party's efforts to seek a protective order or other remedy; and (c) disclose only the minimum information required.
Common mistake: No compelled-disclosure clause at all — leaving the disclosing party with no opportunity to challenge or limit a subpoena before production occurs.
In plain language: Sets how long the NDA is in force and how long confidentiality obligations survive after expiry — which may differ for trade secrets versus ordinary business information.
This Agreement shall remain in effect for [X] years from the date of execution. Notwithstanding expiration, obligations with respect to trade secrets shall survive indefinitely, and obligations with respect to other Confidential Information shall survive for [X] years following termination.
Common mistake: Setting a single short term (e.g., 1 year) with no survival clause — a competitor could wait out the term and then freely use information that remains competitively sensitive years after disclosure.
In plain language: Requires the receiving party to return or destroy all confidential materials and certify the destruction upon request or termination of the agreement.
Upon written request by Disclosing Party or termination of this Agreement, Receiving Party shall promptly return or certifiably destroy all tangible materials containing Confidential Information and, upon request, provide written certification of such destruction within [10] business days.
Common mistake: No return-or-destroy clause, leaving confidential materials in the receiving party's systems indefinitely — particularly problematic when an employee changes jobs or a vendor relationship ends badly.
In plain language: Acknowledges that monetary damages may be inadequate for a breach and that the disclosing party is entitled to seek injunctive relief without posting a bond.
Receiving Party acknowledges that breach of this Agreement would cause irreparable harm to Disclosing Party for which monetary damages would be an inadequate remedy, and that Disclosing Party shall be entitled to seek injunctive or other equitable relief without the necessity of posting a bond or proving actual damages.
Common mistake: Relying on damages alone without injunctive-relief language — without it, a court may require proof of monetary harm before issuing an emergency order to stop ongoing disclosure.
In plain language: Specifies which jurisdiction's law governs and how disputes are resolved — arbitration, mediation, or litigation in a named venue.
This Agreement shall be governed by and construed in accordance with the laws of [STATE / PROVINCE / COUNTRY], without regard to conflict-of-law principles. Any dispute shall be resolved by [binding arbitration in [CITY] / litigation in the courts of [JURISDICTION]].
Common mistake: Choosing a governing law with no connection to where either party operates — several jurisdictions, including California, apply local trade-secret law regardless of the chosen governing law clause.
Enter the registered legal entity name — not a brand or DBA — for both the disclosing party and the receiving party. Include entity type (LLC, Inc., LP) and state or country of formation.
💡 Verify the exact legal name against your corporate registry filing before signing — mismatches create enforcement problems if the agreement is ever litigated.
Decide whether both parties will be sharing confidential information (mutual) or only one party is disclosing (unilateral). Mutual NDAs are standard in partnership, M&A, and joint-venture discussions; unilateral NDAs suit vendor or contractor relationships where only the business is disclosing.
💡 Default to mutual when in doubt — receiving parties are more willing to sign an agreement that imposes equal obligations on both sides.
List the categories of information being shared — product roadmaps, financial projections, customer data, source code, formulas — rather than relying solely on a catch-all. If specific documents are known at signing, reference them in a schedule.
💡 Mark physical and digital materials 'CONFIDENTIAL' at the time of disclosure to create a clear record that the receiving party was on notice.
Enter the specific transaction, project, or evaluation that justifies disclosure — e.g., 'evaluating a potential Series A investment,' 'assessing a software integration partnership,' or 'performing contracted development services for Project X.'
💡 A narrow purpose clause is your first line of defense if the receiving party later claims a broader use was implied.
Choose a primary term (typically 1–3 years for commercial NDAs) and a separate survival period for trade secrets. Trade-secret obligations should survive indefinitely or for as long as the information retains its competitive value.
💡 For NDAs covering technical IP or pharmaceutical formulations, a 5-year term with indefinite trade-secret survival is more common than the standard 2-year term.
Select a governing jurisdiction where at least one party is headquartered or where enforcement is practical. Avoid jurisdictions with no connection to either party — courts may decline to apply the chosen law.
💡 If parties are in different states or countries, the disclosing party's jurisdiction is generally the stronger choice because local courts are more familiar with local trade-secret law.
Both parties must sign the NDA before any disclosure occurs. Post-disclosure signatures create an argument that the information was voluntarily shared without restriction, weakening enforceability.
💡 Use a timestamped e-signature tool so you have a verifiable record that the agreement was executed before the first disclosure meeting or data room was opened.
Store the signed NDA alongside a log of what was disclosed, when, and to whom. This documentation is essential if you ever need to prove the scope of the agreement in a dispute.
💡 Create a disclosure log — a simple spreadsheet noting date, recipient, format, and description of each disclosure — starting from day one of the relationship.
A non-disclosure agreement is a legally binding contract in which one or both parties agree to keep specified confidential information secret and to use it only for the purpose defined in the agreement. It creates an enforceable obligation of confidentiality — backed by the right to seek damages and injunctive relief if the receiving party breaches. NDAs are used before sharing trade secrets, business plans, financial data, customer lists, and proprietary technology with potential partners, investors, contractors, or employees.
A mutual NDA imposes confidentiality obligations on both parties because both are sharing sensitive information — common in M&A due diligence, joint ventures, and technology partnerships. A one-way (unilateral) NDA binds only the receiving party because only the disclosing party is sharing sensitive information — typical when a business shares its concept with a vendor or contractor. Using the wrong structure can impose unintended obligations on the disclosing party.
An NDA is generally enforceable when properly executed, the confidential information is adequately defined, the obligations are reasonable in scope, and consideration exists — typically the disclosure itself or an underlying business relationship. Overly broad definitions, unreasonably long terms, or provisions that attempt to restrict publicly available information weaken enforceability. Courts in some jurisdictions — notably California — also limit certain NDA provisions that restrict an employee's ability to report illegal activity.
Commercial NDAs typically run 1–3 years as the primary term, with a separate survival period for trade secrets that may extend indefinitely. Employee confidentiality agreements often survive the employment relationship with no fixed end date. For highly sensitive technical IP or pharmaceutical data, 5-year terms with indefinite trade-secret survival are standard. The right duration depends on how long the information retains its competitive value.
Standard exclusions cover information that was already publicly available before disclosure, was already in the receiving party's possession, is independently developed by the receiving party without using the disclosed information, or is lawfully obtained from a third party with no restriction on disclosure. Courts apply these exclusions as a matter of public policy even if the NDA does not explicitly state them — so it is better to include them explicitly in terms you control.
No. In most jurisdictions, NDAs cannot prevent employees from reporting illegal activity, workplace safety violations, or securities law breaches to government regulators. In the US, the Defend Trade Secrets Act explicitly protects whistleblower disclosures to government agencies even when an NDA is in place. Many jurisdictions now require NDAs to include an express whistleblower carve-out, and agreements that omit it may be partially or fully unenforceable.
For straightforward commercial NDAs covering typical business information, a well-structured template is generally sufficient. Legal review is worth the investment when the NDA covers highly valuable trade secrets or proprietary technology, the other party is a sophisticated enterprise that will negotiate terms, or the agreement spans multiple jurisdictions with different trade-secret laws. A lawyer's review of a template typically costs $200–$500 and takes 1–2 days.
The primary remedies are injunctive relief — a court order stopping ongoing disclosure immediately — and monetary damages for quantifiable losses caused by the breach. Some NDAs include liquidated damages clauses specifying a fixed amount per breach. Proving monetary damages from confidentiality breaches is often difficult, which is why injunctive-relief language is the most practically important clause in an NDA. Attorney's fees provisions, where enforceable, further deter breaches.
A standalone NDA is a dedicated agreement governing confidentiality for a defined relationship or transaction. A confidentiality clause is a single provision embedded in a larger contract — such as an employment agreement, vendor contract, or service agreement — that covers confidentiality within that specific deal. A standalone NDA is appropriate when confidential information will be shared before a broader contract is signed, or when you need a more detailed confidentiality framework than a single clause can provide.
An employment contract typically includes a confidentiality clause as one of several provisions covering salary, duties, and termination. A standalone NDA provides a more detailed and independently enforceable confidentiality framework, and is essential when sensitive information is shared before the employment relationship is formalized — such as during the interview or onboarding process.
An independent contractor agreement covers project scope, fees, IP ownership, and basic confidentiality in a single document. A standalone NDA provides deeper confidentiality protection and is typically executed before the contractor agreement — covering the proposal and scoping phase when sensitive information is disclosed to evaluate whether to engage the contractor at all.
An NDA prohibits disclosure and misuse of confidential information but does not restrict where a party can work or what business they can start. A non-compete agreement restricts post-relationship competitive activity. These serve different protective goals and are frequently signed together — the NDA protects information; the non-compete protects market position.
A letter of intent outlines the proposed terms of a deal — price, structure, timeline — before a binding agreement is finalized. An NDA governs the confidentiality of information shared during the LOI and due-diligence phase. In most transactions, the NDA is signed first, then the LOI, then the definitive agreement. Using an LOI without a prior NDA leaves deal terms and due-diligence materials unprotected.
Source code, algorithms, product roadmaps, and API architecture require broad technical IP definitions and indefinite trade-secret survival to match their long competitive lifespan.
Client data, proprietary trading strategies, and deal terms are subject to both contractual NDA obligations and independent regulatory confidentiality duties under SEC, FINRA, and banking regulations.
Clinical trial data, drug formulations, and patient information carry both NDA protection and independent HIPAA obligations — the NDA must not contradict or undermine regulatory duties.
Proprietary formulas, production processes, and supplier pricing are long-lived trade secrets that benefit from indefinite survival clauses and physical document-handling obligations covering prototypes and samples.
Client strategy, financial data, and competitive intelligence shared during engagements must be protected with permitted-use clauses that prevent cross-client disclosure or internal commercial use of learned insights.
Supplier pricing, customer acquisition data, and private-label product designs are key assets requiring NDA coverage before vendor negotiations or white-label manufacturing discussions begin.
Trade secrets are protected federally under the Defend Trade Secrets Act (DTSA) of 2016 and at the state level under the Uniform Trade Secrets Act (adopted in most states). California prohibits most post-employment non-competes and limits NDA provisions that restrict employees from discussing wages or reporting illegal conduct. The DTSA requires NDAs to include a whistleblower immunity notice for employees and contractors — omitting it prevents the employer from claiming exemplary damages in a DTSA lawsuit.
Canada has no single federal trade-secret statute; protection flows from common-law breach-of-confidence principles and provincial privacy legislation including PIPEDA and Quebec's Law 25. Quebec contracts must be in French for provincially regulated employers, and bilingual NDAs are standard practice. Courts in Ontario and BC apply a reasonableness test to confidentiality scope and term — indefinite obligations on non-trade-secret information are frequently challenged.
UK trade secrets are protected under the Trade Secrets (Enforcement, etc.) Regulations 2018, which align with the EU Trade Secrets Directive. NDAs cannot lawfully prevent disclosure of wrongdoing, workplace harassment, or criminal conduct — a wave of post-2018 legislative attention means NDAs that include such restrictions are increasingly unenforceable and may expose the drafter to professional sanction. Courts apply a proportionality test to scope and duration.
The EU Trade Secrets Directive (2016/943), implemented by all member states, harmonizes the definition of trade secrets and the remedies available for misappropriation. GDPR intersects with NDA obligations where confidential information includes personal data — the NDA must not authorize processing that GDPR prohibits. Post-employment confidentiality obligations that are excessively broad may violate freedom-of-movement principles in some member states, and financial compensation may be required to enforce restrictions beyond a reasonable term.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Standard commercial NDAs for vendor, contractor, or early-stage partnership discussions where the information involved is typical business data | Free | 15–30 minutes |
| Template + legal review | NDAs covering valuable trade secrets, cross-border disclosure, or negotiations with a sophisticated counterparty that will mark up the agreement | $200–$500 | 1–2 days |
| Custom drafted | High-value M&A due diligence, pharmaceutical or biotech IP disclosures, or multi-party NDAs with complex carve-outs and jurisdiction-specific requirements | $1,000–$3,500+ | 3–7 days |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start free · No credit card required
