Free Word download • Edit online • Save & share with Drive • Export to PDF
A Non Disclosure Agreement Between Two Companies is a mutual (bilateral) legal contract in which both corporate parties agree to protect each other's confidential information — trade secrets, financial data, product roadmaps, client lists, and proprietary technology — from unauthorized disclosure or competitive misuse. Unlike a one-way NDA that protects only a single disclosing party, a mutual NDA creates reciprocal obligations: each company is simultaneously a disclosing party entitled to protection and a receiving party bound by confidentiality duties. This free Word download gives you a professionally structured mutual NDA you can edit online and export as PDF, ready to execute before any sensitive business exchange begins.
Without a signed mutual NDA in place before negotiations begin, every slide deck, financial summary, and product specification you share is unprotected — and any confidential information the other company shares with you carries no binding obligation on your side either. A breach can mean a competitor gains access to your pricing strategy, a potential acquirer walks away with your technical architecture, or a partner repurposes your client data for their own benefit, all without legal recourse. Courts regularly award injunctive relief and damages for NDA breaches, but only when a valid, signed agreement exists at the time of disclosure. This template closes that gap in the 15 minutes it takes to complete and execute — protecting both parties before a single sensitive word is exchanged.
| If your situation is… | Use this template |
|---|---|
| Only one company is sharing confidential information | One-Way Non Disclosure Agreement |
| Sharing confidential information with an individual consultant or contractor | Non Disclosure Agreement with Individual |
| Protecting information during employee onboarding | Employee Confidentiality Agreement |
| Full M&A due diligence with a potential acquirer | Merger and Acquisition NDA |
| Sharing information with a vendor before a procurement decision | Vendor Non Disclosure Agreement |
| Protecting information shared in a joint venture structure | Joint Venture Confidentiality Agreement |
| Technology integration or API partnership discussions | Technology Partnership NDA |
Why it matters: Any confidential information shared before execution is unprotected. Courts will not retroactively apply confidentiality obligations to pre-signature disclosures unless the agreement explicitly covers them.
Fix: Execute the NDA before any email, presentation, or call involving sensitive information. If pre-signature disclosures were made, include a clause expressly covering prior disclosures within the past [X] days.
Why it matters: A one-way NDA only protects the named disclosing party. If both companies are sharing sensitive information — as in most partnership or M&A negotiations — the company not named as disclosing party has no protection at all.
Fix: Use a mutual (bilateral) NDA whenever both parties will share confidential information. Confirm at the outset of every negotiation which party — or both — will be disclosing.
Why it matters: If the confidentiality obligation expires with the agreement term, all information shared during the engagement becomes freely usable the day after termination, regardless of how sensitive it is.
Fix: Add an explicit survival clause stating that confidentiality obligations continue for 2–5 years after the agreement terminates, and that trade secrets are protected indefinitely under applicable law.
Why it matters: Most substantive disclosures in business negotiations happen verbally or via unmarked slide decks. A marking requirement leaves nearly everything unprotected in practice.
Fix: Define confidential information to include anything that 'reasonably should be understood to be confidential' given the context, in addition to formally marked materials.
Why it matters: Without a notice obligation, a party that receives a subpoena can hand over all confidential materials with no warning, eliminating the disclosing party's ability to seek a protective order before disclosure occurs.
Fix: Include a clause requiring the receiving party to give prompt written notice of any compelled-disclosure demand and to cooperate reasonably in seeking a protective order.
Why it matters: Without an explicit injunctive relief provision, the injured party must prove monetary damages to get emergency court relief — which is nearly impossible when the harm is competitive intelligence already disclosed.
Fix: Include language acknowledging that breach causes irreparable harm and that either party may seek injunctive relief without the need to post a bond or prove actual damages.
In plain language: Identifies both companies by their full legal names and entity types, and states the business purpose for which confidential information will be shared.
This Mutual Non Disclosure Agreement ('Agreement') is entered into as of [DATE] by and between [COMPANY A LEGAL NAME], a [STATE] [ENTITY TYPE] ('Party A'), and [COMPANY B LEGAL NAME], a [STATE] [ENTITY TYPE] ('Party B'), for the purpose of evaluating a potential [PARTNERSHIP / TRANSACTION / INTEGRATION].
Common mistake: Using trade names instead of registered legal entity names. If enforcement becomes necessary, a mismatch between the contract party and the legal entity complicates standing to sue.
In plain language: Specifies what qualifies as confidential — typically any non-public business, technical, or financial information shared in any form, with or without a confidential marking.
'Confidential Information' means any non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.
Common mistake: Requiring a written confidentiality marking for oral disclosures to be protected. In fast-moving business discussions most sensitive information is shared verbally — requiring a marking leaves it unprotected.
In plain language: Sets out what each company must do to protect the other's confidential information — maintain secrecy, limit internal access to a need-to-know basis, and use it only for the permitted purpose.
Each party agrees to: (a) hold the other party's Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information, but not less than reasonable care; (b) disclose Confidential Information only to its employees, officers, and advisors who have a need to know; and (c) use Confidential Information solely for the Permitted Purpose.
Common mistake: Setting the standard of care to 'best efforts' rather than a reasonable care floor. Courts have found 'best efforts' unenforceable in confidentiality contexts; a 'reasonable care, no less than own-information care' standard is more consistently upheld.
In plain language: Limits how the receiving party may use confidential information to a specific defined objective, preventing the information from being used for any other competitive or commercial purpose.
Each party may use the other party's Confidential Information solely to evaluate and pursue the potential [PARTNERSHIP / ACQUISITION / COMMERCIAL RELATIONSHIP] described in the recitals ('Permitted Purpose') and for no other purpose.
Common mistake: Defining the permitted purpose too broadly — for example, as 'any business purpose between the parties.' A broad purpose clause gives the receiving party near-unlimited license to use disclosed information.
In plain language: Carves out four standard categories that are not protected: information already public, information already known to the receiver, information independently developed, and information received from a third party without restriction.
Confidential Information does not include information that: (a) is or becomes publicly known through no breach of this Agreement; (b) was rightfully known to the receiving party before disclosure; (c) is independently developed by the receiving party without use of the Confidential Information; or (d) is received from a third party without restriction on disclosure.
Common mistake: Omitting the exclusions clause entirely to appear more protective. Without standard exclusions, courts may refuse to enforce the NDA on the grounds that it attempts to protect non-protectable information.
In plain language: Addresses what happens if a court, regulator, or government body orders a party to disclose confidential information — typically requiring prompt notice to the disclosing party so it can seek a protective order.
If either party is compelled by law or court order to disclose Confidential Information, it shall provide the other party with prompt prior written notice (to the extent legally permitted) and reasonably cooperate with the other party's efforts to obtain a protective order or other appropriate remedy.
Common mistake: No compelled-disclosure clause. Without it, a party that receives a subpoena may disclose confidential information with no notice, eliminating the disclosing party's ability to seek a protective order in time.
In plain language: States how long the NDA remains in force, how either party can terminate it, and how long confidentiality obligations survive after termination.
This Agreement commences on the date first written above and continues for [2] years unless earlier terminated by either party with [30] days' written notice. Each party's confidentiality obligations with respect to information disclosed during the term shall survive termination for a period of [3] years.
Common mistake: Setting a confidentiality tail that ends with the agreement term — for example, a 1-year NDA with no survival clause. Information shared in month one is fully unprotected 12 months later, regardless of its sensitivity.
In plain language: Requires each receiving party to return or certify destruction of all confidential materials, including copies and notes, upon termination or upon the disclosing party's written request.
Upon termination of this Agreement or upon written request, each party shall promptly return or destroy all tangible materials containing the other party's Confidential Information and certify in writing that it has done so, except for archival copies retained by legal counsel.
Common mistake: No exception for legal archive copies. Requiring complete destruction with no carve-out for compliance or litigation-hold copies can put the receiving party in breach of its own document-retention obligations.
In plain language: Acknowledges that monetary damages may be insufficient for a breach and explicitly preserves the injured party's right to seek immediate injunctive relief without posting a bond or proving actual damages.
Each party acknowledges that a breach of this Agreement may cause irreparable harm for which monetary damages would be an inadequate remedy. Accordingly, either party shall be entitled to seek injunctive or other equitable relief without the requirement to post bond, in addition to all other remedies available at law or in equity.
Common mistake: Omitting the 'without bond' language. In many jurisdictions, a party seeking a temporary restraining order must post a security bond — the waiver clause eliminates this cost barrier in an emergency.
In plain language: Specifies which jurisdiction's law governs the agreement, where disputes will be litigated or arbitrated, and whether the prevailing party recovers attorney's fees.
This Agreement is governed by the laws of the State of [STATE], without regard to conflict-of-law principles. The parties consent to exclusive jurisdiction of the state and federal courts located in [CITY, STATE]. The prevailing party in any dispute shall be entitled to recover reasonable attorney's fees and costs.
Common mistake: Choosing a governing law jurisdiction with no connection to either party's operations. Courts in some states can decline to apply the chosen law if neither party has ties to that jurisdiction, creating unpredictability in enforcement.
Fill in the full registered legal name, entity type (LLC, Inc., Ltd., etc.), and state or country of incorporation for both Party A and Party B. Do not use trade names or DBAs in the parties block.
💡 Pull the exact entity name from your corporate registry or certificate of incorporation — a one-word difference can complicate enforcement.
Write a one- to two-sentence description of the specific transaction or relationship being evaluated — for example, 'evaluating a potential technology integration agreement' or 'assessing a potential acquisition of Party B.' Avoid vague language like 'general business discussions.'
💡 The narrower the permitted purpose, the stronger the protection. A broad purpose effectively licenses the other party to use your information for any related initiative.
Choose whether oral disclosures are automatically protected or require a written follow-up confirmation within a set number of days (typically 5–10 business days). For fast-moving negotiations, automatic protection is preferred.
💡 If you require written confirmation for oral disclosures, set a calendar reminder to send confirmation notes after every substantive meeting.
Enter the active term during which disclosures will be made (typically 1–2 years) and the separate survival period after termination during which confidentiality obligations continue (typically 2–5 years after the term ends).
💡 For highly sensitive technical or financial information — product roadmaps, unpublished financials, trade secrets — use a 5-year survival tail rather than the standard 2–3 years.
Specify whether confidential materials must be returned or destroyed upon termination, and decide whether to allow a legal-archive exception. Include a written certification requirement so you have documented proof of compliance.
💡 Add a 30-day deadline for the return or destruction certification — an open-ended obligation is easy to ignore.
Select the state or country whose law governs the agreement and the venue for any litigation or arbitration. Both parties should agree on a jurisdiction that is neutral or practical for both — typically the state of incorporation of the party initiating disclosure.
💡 If the two companies are in different countries, consider arbitration under ICC or AAA rules rather than court litigation — arbitration awards are more easily enforced cross-border under the New York Convention.
Both authorized signatories — with actual authority to bind their respective companies — must sign and date the agreement before any sensitive information changes hands. Execution should be by officers with signing authority, not department heads.
💡 Use a timestamp-enabled e-signature platform so you have an auditable record of when each party executed, in case a dispute arises over what information was shared before or after signing.
A non disclosure agreement between two companies is a mutual (bilateral) contract in which both companies agree to protect each other's confidential information from unauthorized disclosure or use. Unlike a one-way NDA — where only one party discloses — a mutual NDA creates reciprocal obligations, making both companies simultaneously a disclosing party and a receiving party. It is typically signed before partnership discussions, vendor negotiations, M&A due diligence, or any other business relationship involving sensitive information from both sides.
A one-way NDA protects only the named disclosing party's confidential information — the receiving party has no protection under the same document. A mutual NDA protects both parties simultaneously, since each is both disclosing and receiving confidential information. Use a mutual NDA any time both companies will share proprietary information. Use a one-way NDA when only one company needs protection — for example, sharing a product demo with a prospect who discloses nothing in return.
A mutual NDA is generally enforceable when it is properly executed by authorized representatives of both entities, defines confidential information with reasonable specificity, includes a permitted purpose, and contains standard exclusions. Courts will typically enforce a well-drafted NDA and can award injunctive relief, monetary damages, and attorney's fees. Overly broad definitions, unreasonable terms, or agreements signed after the sensitive information was already shared can limit enforceability. Consider having a lawyer review the agreement before signing for high-stakes negotiations.
The active term — during which new disclosures are made — typically runs 1–2 years. The confidentiality obligation should survive termination for an additional 2–5 years for standard business information, and indefinitely for trade secrets under applicable law. The total protection window should reflect the sensitivity of the information: a product roadmap shared today may be commercially irrelevant in 18 months, while proprietary manufacturing processes may warrant indefinitely extended trade-secret protection.
A complete mutual NDA covers: full legal entity names of both parties, a precise definition of confidential information, a clearly stated permitted purpose, obligations of each receiving party (including need-to-know access limits), standard exclusions, a compelled-disclosure notice obligation, term and termination provisions, a confidentiality survival clause, return or destruction of materials, injunctive relief language, and governing law. Missing the survival clause or the injunctive relief provision are the two most common gaps that undermine enforcement.
Notarization is not required for a non disclosure agreement to be enforceable in most jurisdictions. A signed agreement between authorized representatives of both companies is generally sufficient to create binding obligations. Notarization may be required in certain civil-law countries or for agreements intended to be recorded in a public registry, but this is uncommon for standard commercial NDAs. Timestamp-enabled e-signatures provide a comparable level of authentication without notarization.
The NDA's contractual obligation typically expires after the stated survival period. However, trade secrets are separately protected under the Defend Trade Secrets Act (US), the Uniform Trade Secrets Act (most US states), the EU Trade Secrets Directive, and equivalent statutes in other jurisdictions — for as long as the information remains non-public and is subject to reasonable secrecy measures. A well-drafted NDA should state that trade-secret obligations survive indefinitely and that the contractual term does not limit statutory trade-secret protections.
The injured party can typically seek injunctive relief to stop ongoing or threatened disclosure immediately, monetary damages for any quantifiable harm caused, disgorgement of any profits the breaching party gained from misusing the confidential information, and attorney's fees if the agreement includes a fee-shifting clause. Courts generally grant temporary restraining orders for NDA breaches more readily than for other commercial disputes because the harm — information already disclosed — is irreversible and difficult to value in monetary terms.
For standard commercial negotiations — partnership evaluations, vendor discussions, and integration exploratory talks — a high-quality mutual NDA template is sufficient. Custom drafting by a lawyer is worth the cost when the transaction involves particularly sensitive IP, when one party is in a heavily regulated industry (healthcare, financial services), when the parties are in different countries requiring cross-border enforcement, or when the potential damages from a breach are substantial enough to warrant bespoke protective language. A lawyer review of a completed template typically costs $200–$500 and covers most mid-stakes situations.
A one-way NDA protects only the named disclosing party — the other company has no confidentiality rights under the same document. A mutual NDA is appropriate when both companies are sharing sensitive information. Use a one-way NDA only when the disclosure is strictly one-directional, such as sharing a product demo with a prospect who reveals nothing in return.
A confidentiality agreement with an individual covers disclosures to a single person — a consultant, advisor, or employee — rather than a corporate counterparty. It lacks the entity-level provisions (authorized representatives, corporate authority, subsidiary coverage) included in a company-to-company NDA. Use the individual form for contractors and advisors; use the mutual company NDA for corporate partnerships.
An employee confidentiality agreement is part of the employment relationship and binds a single employee to protect their employer's information. It typically runs for the duration of employment and beyond, and is embedded in or attached to an employment contract. A company-to-company NDA is a standalone commercial contract between two legal entities and is used before and during external business negotiations.
A letter of intent outlines the proposed terms of a transaction — price, structure, timeline — and is typically signed as a precursor to a definitive agreement. An NDA governs the information shared during the due diligence that follows the LOI. Both documents are often needed in sequence: execute the NDA first, then the LOI, then the definitive transaction agreement.
Source code, algorithms, API specifications, and product roadmaps shared during integration or acquisition discussions require broad technical definitions of confidential information and a residuals-clause carve-out decision.
Client data, proprietary trading strategies, and deal-flow information are subject to regulatory confidentiality requirements that must be layered on top of the NDA's contractual protections.
Clinical trial data, drug formulas, and patient information are protected by both the NDA and HIPAA or equivalent statutes — the NDA should explicitly reference applicable regulatory frameworks without superseding them.
Proprietary formulations, tooling specifications, and supplier pricing shared in contract-manufacturing negotiations benefit from a precise technical-information definition and a strong return-or-destruction obligation for physical samples and drawings.
Trade secrets are protected federally under the Defend Trade Secrets Act (DTSA) of 2016 and in most states under the Uniform Trade Secrets Act (UTSA). California does not ban mutual NDAs between companies, though it restricts employee non-competes separately. Courts in Delaware and New York are generally favorable to enforcing well-drafted commercial NDAs. Include a DTSA-compliant immunity notice if any individual whistleblower disclosures are possible.
Canada does not have a single federal trade-secrets statute; protection is primarily contractual and through common-law breach-of-confidence actions. Provincial courts in Ontario and British Columbia have consistently enforced mutual NDAs that meet the standard three-part test: information was confidential, communicated in confidence, and disclosed without authorization. Quebec follows civil-law principles under the Civil Code; ensure the agreement's language is compatible with Quebec courts if either party operates there.
The UK Trade Secrets (Enforcement, etc.) Regulations 2018 align UK trade-secret protection broadly with EU standards post-Brexit. English courts will enforce mutual NDAs and commonly grant springboard injunctions — preventing a party from using a head start gained from misusing confidential information even after the information becomes public. NDA terms are interpreted strictly, so precise drafting of the confidential-information definition and permitted purpose is critical.
The EU Trade Secrets Directive (2016/943) harmonizes trade-secret protection across member states and requires that the holder take 'reasonable steps' to keep information secret for protection to apply — the NDA itself constitutes evidence of such steps. GDPR applies if confidential information includes personal data; the NDA should reference applicable data processing agreements. Enforceability of post-termination confidentiality obligations may be limited in some member states if the term is deemed disproportionate.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Standard commercial negotiations between domestic companies where both parties are sharing business, marketing, or product information | Free | 15–30 minutes |
| Template + legal review | Cross-border partnerships, negotiations involving sensitive IP or regulated data, or any deal where breach damages would exceed $250K | $200–$500 | 1–2 days |
| Custom drafted | M&A due diligence, heavily regulated industries, international counterparties requiring multi-jurisdiction enforcement, or material trade-secret disclosures | $800–$3,000+ | 3–7 days |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever Plan · No credit card required
