When Do You Need an NDA? (And When You Don't)

You’re about to share sensitive business information. Do you need an NDA? This guide cuts through the legal jargon to help you decide when confidentiality agreements are essential and when they’re overkill.

The Quick Answer

You need an NDA when:

• Pitching your business to investors or potential acquirers
• Sharing proprietary technology, trade secrets, or product roadmaps
• Hiring contractors or employees with access to confidential data
• Entering partnership discussions involving strategic plans or customer lists
• Sharing financial information, pricing strategies, or business models

You probably don’t need an NDA when:

• Having preliminary conversations about general concepts
• Working with established professionals bound by existing confidentiality duties (lawyers, accountants)
• Sharing information already public or easily discoverable
• Discussing ideas without sharing implementation details
• The relationship involves standard purchase/sale transactions

The litmus test: If the information gives competitors an advantage, you need an NDA.

NDA Types: Mutual vs. Unilateral

Unilateral (One-Way) NDAs

When to use: One party shares confidential information, the other receives it.

Common scenarios:

• Employer to Employee/Contractor
• Company to Vendor evaluating a project
• Startup to Potential investor during due diligence

Key characteristic: Only the receiving party has confidentiality obligations. The disclosing party can share freely.

Mutual (Two-Way) NDAs

When to use: Both parties will exchange confidential information.

Common scenarios:

• Strategic partnership discussions
• Merger or acquisition negotiations
• Joint venture planning
• Technology licensing conversations

Key characteristic: Both parties agree to protect each other’s confidential information. More balanced and often preferred in equal-footing relationships.

Pro tip: Start with a mutual NDA even if you think disclosure will be one-sided. The other party may reveal valuable information during discussions, and renegotiating mid-conversation creates friction.

NDA Scenarios by Industry

Industry	When You Need It	What It Protects
Tech/SaaS	Before demos of proprietary software; sharing API documentation; discussing product roadmap with partners	Source code, algorithms, technical architecture, user data, feature plans
Manufacturing	Sharing CAD files, formulas, or production processes; supplier relationships	Manufacturing processes, supplier lists, cost structures, product designs
Healthcare	Beyond HIPAA requirements when sharing research data or device specifications	Clinical trial data, medical device designs, treatment protocols, patient analytics methods
Professional Services	Sharing client lists, pricing models, or operational systems with subcontractors	Client databases, fee structures, proprietary methodologies, strategic plans
E-commerce	Discussing fulfillment strategies, vendor relationships, or customer acquisition tactics	Supplier agreements, conversion data, marketing funnels, customer lifetime value models
Finance	Sharing deal structures, investment strategies, or client portfolios	Investment theses, valuation models, client holdings, deal pipelines

Key Clauses for Enforceability

An NDA without these elements is essentially worthless:

1. Definition of Confidential Information

Must include:

• Specific categories (technical data, business information, financial records)
• Marking requirements (“information marked ‘Confidential’” or “disclosed in writing within 5 days”)
• Exclusions (public information, independently developed information, rightfully obtained from third parties)

Common mistake: Defining confidential information so broadly that courts refuse to enforce it. Examples include “anything disclosed.”

Better approach: “Confidential Information includes source code, customer lists, pricing strategies, and product specifications marked as confidential at the time of disclosure.”

2. Purpose Limitation

Why it matters: Restricts the receiving party to using information only for the stated purpose.

Example: “Recipient may use Confidential Information solely to evaluate a potential partnership with Discloser.”

Red flag: No purpose stated means the recipient can use your information for anything, defeating the entire point.

3. Time Limit

Standard terms:

• 2-3 years for most business information
• 5 years for highly sensitive trade secrets
• Indefinite only for true trade secrets that will never become public

Enforceability issue: “Perpetual” NDAs for ordinary business information are often struck down. Courts expect reasonable time limits.

4. Return or Destruction Clause

What it covers: At the end of the relationship, the recipient must return or destroy all confidential materials.

Critical for: Physical prototypes, documents, USB drives, databases, design files.

Pro tip: Require written certification of destruction. “Recipient will provide written confirmation that all materials have been destroyed within 30 days of termination.”

5. Permitted Disclosures

Must allow for:

• Required disclosures by law, subpoena, or government order (with advance notice to discloser)
• Disclosure to employees, contractors, or advisors who need to know (who must also be bound by confidentiality)

Example: “Recipient may disclose to employees and contractors who have a need to know and are bound by written confidentiality obligations at least as restrictive as this Agreement.”

6. Remedies

Equitable relief clause: “Discloser is entitled to seek injunctive relief without posting a bond.”

Why it matters: Money damages are hard to prove for confidentiality breaches, so injunctions stop the harm before it spreads.

Don’t forget: Attorney’s fees clause. “Prevailing party may recover reasonable attorney’s fees.”

Pro Tips for Effective NDAs

1. Timing: Get It Signed BEFORE Disclosure

Don’t:

• Email the NDA after the meeting where you shared sensitive information
• Assume “we’ll handle the paperwork later”
• Share anything beyond public information before signatures

Do:

• Send the NDA before scheduling the detailed discussion
• Start with high-level conversations that don’t require confidentiality
• Build execution time into your timeline (48-72 hours is reasonable)

2. Scope Definition: Be Specific Without Being Restrictive

Too broad: “Any information disclosed during the relationship.”

• Courts won’t enforce this because it’s impossible to prove what was disclosed orally

Too narrow: “The XYZ Product technical specifications disclosed on January 15, 2024.”

• Requires a new NDA every time you share something new

Just right: “Technical specifications, business plans, and customer data disclosed in writing or orally and identified as confidential within 5 business days.”

3. Reasonable Terms Build Trust

Unreasonable asks that kill deals:

• 10-year confidentiality periods for marketing materials
• Requiring approval before the recipient can talk to their own lawyer
• Prohibiting the recipient from working in the same industry (that’s a non-compete, not an NDA)

Reasonable approach:

• Match the term to the sensitivity (2-3 years is standard)
• Allow consultation with legal/financial advisors under confidentiality
• Focus on protecting information, not restricting careers

4. Track What You Share

Create a disclosure log:

Date	Recipient	Documents Shared	Medium
2024-01-15	Acme Corp	Product roadmap Q1-Q4	Email
2024-01-20	Acme Corp	Customer list (top 50)	Data room

Why it matters: If you need to enforce the NDA, you must prove what information was confidential and when it was disclosed. “I think we shared something sensitive” won’t hold up in court.

5. Consider Alternatives for Simple Situations

Email confidentiality language: For quick exchanges, include: “This email contains confidential information. Recipient agrees not to disclose or use this information except to evaluate [specific purpose].”

Platform terms: Some data rooms and collaboration tools have built-in confidentiality terms that may suffice for document review.

When this works: Quick one-off disclosures where negotiating a full NDA is impractical.

When it doesn’t: Complex relationships, high-value information, or situations where you need injunctive relief.

Common Mistakes That Make NDAs Unenforceable

1. No Consideration (Contract Basics)

The mistake: Asking someone to sign an NDA after they’ve already received the information or performed services.

Why it fails: Contracts require “consideration,” which means something of value exchanged by both parties. A promise to keep information confidential after you already have it isn’t consideration.

Fix: Get the NDA signed before disclosure. If you must backfill, offer something new such as access to additional information, payment, or continued relationship.

2. Overly Broad Restrictions

The mistake: “Recipient will not disclose any information learned during the relationship, directly or indirectly, to any person or entity, for any purpose, forever.”

Why it fails: Courts strike down provisions that:

• Restrict public information
• Prevent recipients from using general knowledge or skills
• Impose unreasonable time limits (10+ years for ordinary business info)

Fix: Use the “exclusions” approach: “Confidential Information does not include information that is (a) publicly available, (b) known to Recipient before disclosure, (c) independently developed, or (d) received from a third party without confidentiality restrictions.”

3. No Geographic or Industry Specificity

The mistake: Using the same NDA template for a software disclosure and a manufacturing disclosure.

Why it matters: Some information requires industry-specific protections. Source code needs different handling than production formulas.

Fix: Customize the definition of confidential information to match what you’re actually protecting.

4. Missing “No License” Clause

The mistake: Omitting language clarifying that the NDA doesn’t grant rights to use intellectual property.

The risk: Recipient argues that receiving confidential information implies permission to use it for their own purposes.

Fix: Include: “This Agreement does not grant any license, express or implied, to any intellectual property rights. Recipient acquires no rights except the limited right to use Confidential Information for the Purpose stated above.”

5. No Jurisdiction or Dispute Resolution Clause

The mistake: Forgetting where disputes will be resolved.

The problem: Recipient in California, Discloser in New York. Where do you sue for breach?

Fix: “This Agreement is governed by the laws of [State], and any disputes will be resolved in the courts of [County, State].”

Alternative: Arbitration clause for faster, private resolution: “Any disputes will be resolved by binding arbitration under AAA rules in [City, State].“

6. Requiring Impossible Compliance

The mistake: “Recipient will not allow any employee to view Confidential Information without individual NDAs signed with Discloser.”

Why it fails: Impractical for companies with large teams. Courts won’t enforce requirements that make normal business operations impossible.

Fix: “Recipient will limit access to employees and contractors with a need to know who are bound by confidentiality obligations at least as protective as this Agreement.”

When NOT to Use an NDA

1. Investor Pitches (Early Stage)

Why investors resist:

• They see hundreds of pitches and can’t track confidentiality obligations for every one
• Most pitch information should be public-ready anyway
• Strong investors won’t sign NDAs for initial meetings

Better approach:

• Share only non-confidential information in early pitches
• Save detailed proprietary information for later-stage due diligence, when investors will sign
• Focus on the problem, market, and team in first meetings, not secret sauce

Exception: If you must disclose trade secrets to close the round, investors will usually sign during formal due diligence.

2. Networking Events and Conferences

Why it’s impractical: You can’t get everyone you talk to at a conference to sign an NDA.

What to do instead: Discuss concepts and vision, not implementation details or customer names.

3. Public Procurement or RFP Processes

Why it doesn’t work: Government RFPs are usually subject to public records laws. Private company RFPs often have confidentiality terms built into the RFP itself.

What to check: Review the RFP’s confidentiality provisions before submitting. If insufficient, request a bilateral NDA before submitting proprietary pricing or technical approaches.

4. General Service Providers

When you don’t need one:

• Your accountant reviewing financials (professional duty of confidentiality already exists)
• Your lawyer advising on the business (attorney-client privilege protects it)
• Your cloud hosting provider (their terms of service already include confidentiality)

When you do:

• Contractors building your product who could replicate it
• Marketing agencies with access to your customer acquisition strategy
• Consultants who might advise your competitors

Frequently Asked Questions

How long should an NDA last?

Most NDAs have 2-3 year confidentiality periods for ordinary business information, 5 years for highly sensitive trade secrets, and indefinite terms only for true trade secrets that will never become public (like the Coca-Cola formula). Courts are skeptical of “perpetual” NDAs for regular business information. Terms of 10+ years are often struck down as unreasonable. Match the term to the information’s actual competitive value and expected lifespan.

Can I require investors to sign an NDA?

Early-stage investors (angels, VCs) typically refuse to sign NDAs for initial pitch meetings because they see hundreds of pitches and can’t track confidentiality obligations for every one. Save detailed proprietary information (source code, customer lists, trade secrets) for later-stage due diligence when investors will sign NDAs. In early pitches, focus on the problem, market opportunity, and team, not implementation secrets. Once investors are seriously interested, they’ll sign NDAs for formal due diligence.

What happens if someone breaks an NDA?

You can sue for breach of contract seeking damages (lost profits, competitive harm) and injunctive relief (court order to stop further disclosure). However, enforcement is expensive. Legal fees often exceed $50,000-$100,000+. You must prove: (1) what information was confidential, (2) it was disclosed under the NDA, (3) the breach occurred, and (4) you suffered quantifiable harm. Include attorney’s fees clauses and liquidated damages provisions to improve enforceability. Prevention through careful vetting is cheaper than litigation.

Do employees need to sign NDAs?

Yes, every employee with access to confidential information should sign an NDA, typically combined with an employment agreement. This protects customer lists, trade secrets, business strategies, and proprietary processes. However, NDAs can’t prevent employees from using general skills or industry knowledge gained on the job. Some states (like California) heavily restrict employment non-competes, making NDAs even more critical for protecting actual confidential information versus just preventing competition.

What is the difference between an NDA and a non-compete?

An NDA prevents disclosure or use of confidential information. It protects secrets. A non-compete prevents someone from working in the same industry or for competitors, restricting employment. NDAs focus on information protection and are enforceable in all states. Non-competes restrict careers and are heavily regulated or banned in many states (California, North Dakota, Oklahoma ban most non-competes). You can have an NDA without a non-compete, but non-competes often include NDA provisions. When in doubt, consult an employment attorney for your jurisdiction.

Ready to Protect Your Business?

Use our NDA Generator to create a customized non-disclosure agreement tailored to your specific situation. Choose between mutual and unilateral NDAs, set appropriate time limits, and ensure all critical clauses are included for maximum enforceability.

Remember: An NDA is only as strong as your ability to enforce it. Keep disclosure logs, mark documents as confidential, and consult an attorney before sharing truly high-value trade secrets.