What Is an NDA? A Complete Guide to Non-Disclosure Agreements

A non-disclosure agreement (NDA) is a legally binding contract that protects confidential information shared between parties. Whether you are hiring a contractor, pitching investors, entering a business partnership, or sharing proprietary information with a vendor, an NDA ensures that the recipient cannot share, use, or profit from your sensitive data without authorization. NDAs are one of the most widely used business contracts — and one of the most frequently misunderstood. This guide explains what an NDA covers, the types available, essential clauses, enforceability rules, and what happens when someone violates one.

What Is a Non-Disclosure Agreement (NDA)?

A non-disclosure agreement is a contract between two or more parties where at least one party agrees not to disclose certain confidential information to outsiders. The party sharing the information is called the disclosing party, and the party receiving it is called the receiving party. The NDA creates a legal obligation of confidentiality — the receiving party agrees not to disclose confidential information, not to use it for any purpose other than what the agreement specifies, and to take reasonable steps to protect it from unauthorized access.

NDAs are used across virtually every industry. Technology companies use them to protect source code, algorithms, and product roadmaps. Manufacturers use them to safeguard production processes and supplier relationships. Service businesses use them to protect client lists, pricing strategies, and proprietary methodologies. Employers use them to prevent departing employees from taking trade secrets to competitors. Startups use them before sharing business plans with potential investors or partners.

The information an NDA protects is defined in the agreement itself. A well-drafted NDA specifically describes what qualifies as confidential — which may include intellectual property, financial data, customer lists, marketing strategies, technical specifications, formulas, business plans, employee information, and any other data the disclosing party designates. Information that is already publicly known, independently developed by the receiving party, or disclosed through no fault of the receiving party is generally excluded from NDA protection.

If you need to create an NDA for your business, Legal Tank offers an NDA generator that builds a customized agreement based on your specific situation. You can also review a free non-disclosure agreement template to understand the standard structure before drafting your own.

What Should Be Included in an NDA?

An enforceable NDA must contain specific clauses that clearly define the scope of confidentiality, the obligations of each party, and the consequences of a breach. Missing or vague clauses can render the entire agreement unenforceable.

Definition of Confidential Information

This is the most critical clause. The NDA must clearly define what information is considered confidential. Overly broad definitions (such as "all information shared") may be struck down by courts as unreasonable. Overly narrow definitions may leave important data unprotected. The best approach is to list specific categories — trade secrets, financial records, customer data, technical specifications, business strategies — and include a catch-all provision for information that is clearly marked as confidential at the time of disclosure.

Obligations of the Receiving Party

Specify exactly what the receiving party must do and must not do with the confidential information. Standard obligations include: not disclosing the information to third parties, using the information only for the stated purpose of the agreement, restricting access to employees or agents who have a genuine need to know, and requiring those individuals to be bound by their own confidentiality obligations. The receiving party should also be required to notify the disclosing party immediately upon discovering any unauthorized disclosure.

Exclusions from Confidentiality

Every NDA should identify information that is not covered. Standard exclusions include information that was already publicly available at the time of disclosure, information that becomes public through no fault of the receiving party, information the receiving party already possessed before signing the NDA, information independently developed by the receiving party without using confidential data, and information disclosed pursuant to a court order or legal requirement (with prior notice to the disclosing party where possible).

Term and Duration

Specify how long the NDA remains in effect and how long the confidentiality obligations last after the agreement terminates. The agreement term covers the period during which information may be shared. The confidentiality obligation — which often survives the agreement term — specifies how long the receiving party must keep the information secret after the NDA expires. Trade secret protections may last indefinitely, while other confidential information typically carries a 2-to-5-year post-termination obligation.

Remedies for Breach

Define the consequences if the receiving party violates the NDA. Standard remedies include injunctive relief (a court order to immediately stop the disclosure), monetary damages for losses caused by the breach, liquidated damages (a pre-agreed dollar amount payable upon breach), and attorney fees and litigation costs. Including an injunctive relief clause is critical because confidential information, once disclosed, cannot be "undisclosed" — monetary damages alone may not adequately compensate the disclosing party.

Return or Destruction of Information

Include a clause requiring the receiving party to return or destroy all confidential materials — documents, files, copies, notes, electronic data — upon request or when the NDA terminates. This prevents the receiving party from retaining and later using confidential information after the business relationship ends.

These clauses form the backbone of any enforceable NDA. When your NDA governs a broader business relationship, you may also need an independent contractor agreement to define the full scope of the working arrangement alongside confidentiality obligations.

What Is the Difference Between a Mutual and Unilateral NDA?

The two primary types of NDAs — mutual NDA and unilateral NDA — differ in who is obligated to keep information confidential.

A unilateral NDA is a one-way agreement. One party (the disclosing party) shares confidential information, and the other party (the receiving party) agrees not to disclose it. Unilateral NDAs are common in employer-employee relationships, contractor engagements, and situations where only one side is sharing sensitive data. For example, a company hiring a freelance developer to build a software feature would use a unilateral NDA to protect its codebase and product plans — the developer is not sharing any of their own confidential information that needs protection.

A mutual NDA — also called a bilateral NDA — binds both parties to confidentiality. Each party is simultaneously a disclosing party and a receiving party. Mutual NDAs are standard in business partnerships, joint ventures, merger discussions, and any negotiation where both sides share sensitive information. Two companies exploring a potential partnership would use a mutual NDA because both are sharing proprietary data — financial records, customer lists, strategic plans — that need reciprocal protection.

Key differences in practice:

• Negotiation leverage: Mutual NDAs are generally easier to negotiate because both sides bear equal obligations. Unilateral NDAs can create friction because only one party carries the burden of confidentiality.
• Enforcement complexity: Mutual NDAs require careful drafting to distinguish between each party's confidential information, particularly when both parties operate in the same industry and may have overlapping data sets.
• Industry preference: Technology companies, venture capital firms, and M&A advisors overwhelmingly prefer mutual NDAs because deal discussions inherently involve bilateral information sharing.

When choosing between the two, consider the direction of information flow. If only you are sharing sensitive information, a unilateral NDA provides sufficient protection. If both parties are sharing confidential data, a mutual NDA is the appropriate choice. Your NDA may also need to work alongside other business agreements. If you are forming an LLC with partners, our guide on LLC operating agreements explains how to structure governance alongside confidentiality protections.

Is an NDA Legally Enforceable?

Yes, an NDA is legally enforceable as long as it meets the basic requirements of a valid contract and its terms are reasonable. Courts enforce NDAs under standard contract law principles and, for trade secrets specifically, under the Uniform Trade Secrets Act (adopted by 48 states) and the federal Defend Trade Secrets Act (DTSA) of 2016.

For an NDA to be enforceable, it must satisfy these requirements:

• Mutual consideration: Both parties must receive something of value. In an employment NDA, the consideration is the job itself (or continued employment). In a business NDA, the consideration is access to confidential information or the mutual exchange of data.
• Reasonable scope: The definition of confidential information must be specific enough to be meaningful but not so broad that it effectively prevents the receiving party from working in their field. Courts routinely strike down NDAs that attempt to classify all information as confidential without differentiation.
• Reasonable duration: The confidentiality period must be proportional to the nature of the information. A 2-year NDA for general business information is typically enforceable. A perpetual NDA may be enforceable for genuine trade secrets but excessive for routine business data.
• Legitimate business interest: The disclosing party must have an actual business reason for seeking confidentiality. NDAs designed primarily to silence whistleblowers, conceal illegal activity, or prevent legitimate competition may be deemed unenforceable as against public policy.

A trade secret qualifies for protection under the Uniform Trade Secrets Act if it derives independent economic value from not being generally known and the owner takes reasonable efforts to maintain its secrecy. The Defend Trade Secrets Act provides a federal cause of action for trade secret misappropriation, allowing the disclosing party to sue in federal court regardless of which state the breach occurred in.

Several states have enacted specific limitations on NDA enforceability. California, for example, strictly limits non-compete agreements but enforces NDAs protecting legitimate trade secrets. Some states have passed laws prohibiting NDAs that conceal workplace harassment or discrimination claims. Always check your state's current laws when drafting or relying on an NDA.

How Long Does an NDA Last?

An NDA's duration depends on the type of information being protected and the terms the parties agree to. There are two distinct time periods to consider: the agreement term (how long the parties will share information under the NDA) and the confidentiality survival period (how long the secrecy obligation continues after the agreement ends).

Common duration structures include:

• Fixed term with survival clause: The NDA is active for a specified period (typically 1 to 3 years), after which no new information can be shared. However, the obligation to keep previously shared information confidential survives for an additional period — commonly 2 to 5 years after termination. This is the most common structure for business NDAs.
• Indefinite duration for trade secrets: For information that qualifies as a trade secret, the confidentiality obligation often lasts as long as the information retains its trade secret status — potentially forever. Courts generally uphold indefinite NDAs for genuine trade secrets because the information's value depends on continued secrecy.
• Project-based duration: Some NDAs are tied to a specific project or transaction. The agreement terminates when the project concludes or the deal closes, with a survival period for confidentiality obligations. This structure is common in M&A due diligence, joint venture evaluations, and consulting engagements.

The appropriate duration depends on the nature and sensitivity of the information. Software source code and manufacturing processes may warrant indefinite protection. Marketing strategies and business plans may only need 2 to 3 years of protection before they become outdated. Financial data from a specific transaction may only need protection until the deal closes and becomes public record.

If the NDA does not specify a duration, courts will generally imply a "reasonable" period based on the nature of the information and industry standards. However, relying on court interpretation creates uncertainty — it is always better to specify explicit time periods in the agreement itself.

What Happens if Someone Violates an NDA?

When someone breaches an NDA, the disclosing party has multiple legal remedies available. The specific remedies depend on the NDA's terms, the severity of the breach, and the type of information that was disclosed.

Injunctive Relief

The most immediate remedy is injunctive relief — a court order requiring the breaching party to stop disclosing or using the confidential information. Because leaked confidential information cannot be "unleaked," courts often grant temporary restraining orders and preliminary injunctions quickly in NDA cases to prevent further damage. Most well-drafted NDAs include a clause where the receiving party acknowledges that a breach would cause irreparable harm and agrees that injunctive relief is appropriate — this clause makes it easier for the disclosing party to obtain a court order without having to prove irreparable harm independently.

Monetary Damages

The disclosing party can sue for compensatory damages — the actual financial losses caused by the breach. This can include lost revenue, lost business opportunities, diminished competitive advantage, and the cost of mitigating the breach. If the NDA includes a liquidated damages clause, the receiving party owes the pre-agreed amount regardless of actual losses. Under the Defend Trade Secrets Act, a court can award up to double damages for willful and malicious trade secret misappropriation.

Attorney Fees and Costs

Most NDAs include a prevailing party attorney fees clause, meaning the losing side in any litigation pays the winning side's legal costs. This provision discourages frivolous defenses by the breaching party and helps the disclosing party recover the cost of enforcement.

Criminal Penalties

In cases involving trade secret theft, criminal penalties may apply. The federal Economic Espionage Act makes trade secret theft a federal crime punishable by fines up to $5 million for organizations and imprisonment up to 10 years for individuals. State laws may impose additional criminal penalties. These criminal remedies are separate from the civil enforcement of the NDA itself.

If an NDA violation involves broader intellectual property infringement or harassment, a cease and desist letter is often the first enforcement step before litigation. For other restrictive covenants that may complement your NDA, review our non-compete agreement template to understand how non-compete and non-disclosure obligations interact.

Can You Break an NDA?

Breaking an NDA is a breach of contract that can result in all of the legal consequences described above — injunctions, monetary damages, attorney fees, and potentially criminal charges if trade secrets are involved. However, there are specific circumstances under which a party may disclose information covered by an NDA without liability.

Court-Ordered Disclosure

If a court issues a subpoena or court order requiring the receiving party to produce information covered by the NDA, the receiving party must comply with the legal process. Most NDAs include a provision requiring the receiving party to notify the disclosing party promptly so the disclosing party can seek a protective order to limit the scope of disclosure.

Whistleblower Protections

Federal and state whistleblower laws protect individuals who report illegal activity to government agencies, even if the information is covered by an NDA. The Defend Trade Secrets Act specifically provides immunity for individuals who disclose trade secrets to government officials or attorneys for the purpose of reporting suspected legal violations. An NDA that attempts to prohibit whistleblower disclosures is unenforceable to that extent.

Information Already Public

If confidential information becomes publicly available through no fault of the receiving party — for example, the disclosing party publishes it, a third party independently discovers it, or it becomes common knowledge in the industry — the receiving party is no longer bound by the NDA's confidentiality obligations regarding that specific information.

Do I Need a Lawyer to Write an NDA?

No. Many business owners successfully create enforceable NDAs using templates and online generators without attorney involvement. Legal Tank's NDA generator produces customized agreements that include all essential clauses. However, attorney review is recommended for NDAs involving high-value trade secrets, complex multi-party relationships, international disclosures, or industry-specific regulatory requirements.

Can an NDA Be Signed After Information Is Shared?

Yes, but enforceability becomes more complicated. For the NDA to be valid, the receiving party must receive new consideration — something of value beyond the information they already possess. Courts may question whether a retroactive NDA is truly voluntary or whether meaningful confidentiality is possible after the information has already been disclosed without restrictions. The best practice is always to execute the NDA before sharing any confidential information.

What Is Not Covered by an NDA?

An NDA cannot prevent the receiving party from using their own general skills, knowledge, and experience — even if those skills were developed while working with the disclosing party's confidential information. It also cannot cover information that is publicly available, independently developed, or received from a third party without confidentiality restrictions. Additionally, NDAs cannot legally prevent reporting illegal activity, filing regulatory complaints, or cooperating with government investigations. Understanding what falls outside your NDA's scope is just as important as understanding what falls inside it.