When to Use Non-Disclosure Agreements (NDAs)

When to Use Non-Disclosure Agreements (NDAs)

Before sharing sensitive business information with a potential partner, investor, or customer, you need to establish confidentiality protections. Non-disclosure agreements serve this purpose, but their effectiveness depends on appropriate drafting and strategic use.

Many founders either overuse NDAs (requesting them in situations where they’re counterproductive) or underuse them (failing to protect genuinely confidential information). Understanding when NDAs are appropriate, how to structure them properly, and what terms are reasonable versus problematic is essential for protecting your business while maintaining professional credibility.

The First Question: Do You Even Need an NDA?

Before we talk about what goes in an NDA, let’s address whether you need one at all. Because here’s an uncomfortable truth: in many situations, asking for an NDA makes you look naive.

When you DON’T need an NDA:

Pitching to VCs: Most VCs won’t sign NDAs for initial pitches. They see too many companies, and they don’t want to be liable if they invest in something similar later. If you insist on an NDA before talking to investors, you’re announcing “I don’t understand how venture capital works.”

What protects you: VCs have reputational risk. If they steal ideas, nobody will pitch to them again. Plus, most VCs are looking for execution, not ideas. Your idea alone isn’t valuable enough to steal.

General networking meetings: Someone wants to grab coffee and talk about potential collaboration? You probably don’t need an NDA for that conversation. Share general information, not trade secrets.

After you’ve already shared the information: If you already sent them your pitch deck or had three calls explaining your technology, sending an NDA now is like locking the door after the house has been robbed.

When you DO need an NDA:

Detailed technical discussions: Before you share proprietary algorithms, code, technical specifications, or trade secrets, get an NDA in place.

Customer data or confidential business information: If you need to share customer lists, pricing strategies, financial information, or other sensitive business data, protect it.

Product partnerships or integrations: Before integrating systems or sharing API documentation that reveals how your product works, document confidentiality obligations.

Due diligence processes: M&A, serious partnership discussions, or late-stage investment due diligence all warrant NDAs.

Employee and contractor relationships: Anyone who will have access to your confidential information as part of their role should sign an NDA (usually built into employment or contractor agreements).

Mutual vs. One-Way: Understanding the Difference

There are two types of NDAs, and choosing the wrong one makes you look either naive or unreasonable.

One-Way (Unilateral) NDA: Only one party is sharing confidential information. They’re protected; the other party has no corresponding obligation.

Use this when: You’re clearly the only one sharing sensitive information (like sending technical specs to a potential vendor).

Mutual (Bilateral) NDA: Both parties will be sharing confidential information with each other, so both sides have obligations.

Use this when: You’re exploring a partnership, integration, or relationship where information will flow both ways.

The rookie mistake: Sending a one-way NDA where you’re the only protected party when the situation clearly calls for mutual protection. This signals either (a) you don’t understand the business relationship, or (b) you think your information is precious while theirs is worthless.

If you’re not sure, default to mutual. It’s harder for someone to reject a balanced agreement.

What Actually Goes in an NDA (And What Doesn’t)

Let’s break down the key components:

1. Definition of Confidential Information

This is where most amateur NDAs fall apart. The definition needs to be specific enough to be enforceable but broad enough to cover what you actually need to protect.

Too broad (unenforceable): “Any information shared between the parties shall be considered confidential.”

This is so vague it’s meaningless. Courts won’t enforce it.

Too narrow (useless): “Source code for the XYZ application shall be considered confidential.”

What about your algorithms, business strategy, customer data, and everything else you’re about to discuss?

Actually useful: “Confidential Information includes all technical and business information disclosed by one party to the other, including but not limited to: software, algorithms, technical specifications, product roadmaps, customer information, pricing, financial data, and any information marked as confidential or that would reasonably be understood to be confidential given the nature of the information and circumstances of disclosure.”

Standard exclusions (these are normal and should be in every NDA):

  • Information already public (or that becomes public through no fault of the receiving party)
  • Information the receiving party already knew before disclosure
  • Information independently developed without using the confidential information
  • Information lawfully obtained from a third party

Without these exclusions, your NDA is unreasonable and may not be enforceable.

2. Obligations of the Receiving Party

This section spells out what the receiving party can and can’t do with your confidential information.

Standard provisions:

  • Use the information only for the permitted purpose (usually “evaluating a potential business relationship”)
  • Don’t disclose it to anyone except employees who need to know
  • Protect it with at least the same care as they protect their own confidential information
  • Return or destroy all confidential information upon request or end of discussions

Watch out for: Overly restrictive obligations that no reasonable business could accept, like “you may not disclose this information to anyone, including your own employees.” That’s not realistic if they need to actually evaluate what you’re proposing.

3. Term/Duration

How long does the confidentiality obligation last?

Reasonable terms:

  • 2-3 years for business information (pricing, strategy, customer data)
  • 3-5 years for technical information
  • Indefinite for true trade secrets (like the Coca-Cola formula)

Unreasonable terms:

  • 10+ years for routine business information
  • Perpetual confidentiality for information that’s not actually a trade secret

Pro tip: Different types of information can have different terms within the same NDA. Trade secrets can be protected indefinitely while general business information has a 2-year term.

4. Permitted Disclosures

You need a carve-out for required legal disclosures. Standard language:

“The receiving party may disclose Confidential Information if required by law or court order, provided that the receiving party gives the disclosing party prompt notice of such requirement (where legally permissible) so they may seek a protective order.”

Without this, you’re asking someone to violate a court order to protect your information. That’s not going to happen.

5. Remedies

What happens if someone breaches the NDA?

Most NDAs include:

  • Acknowledgment that money damages may not be sufficient remedy
  • Agreement that injunctive relief (a court order to stop the breach) is appropriate
  • Right to recover attorney’s fees for enforcement

What you should NOT include: Liquidated damages or specific penalty amounts. These often make the NDA unenforceable and look amateurish.

Common Mistakes That Make You Look Inexperienced

Mistake #1: The “Everything Is Confidential Forever” NDA

If your NDA says every email between the parties is confidential in perpetuity, nobody will sign it. Be reasonable about scope and duration.

Mistake #2: No Exceptions for Public Information

Forgetting to exclude information that’s already public or becomes public makes your NDA look like you copied a template without understanding it.

Mistake #3: Impossible Obligations

“The receiving party shall not permit any employee to learn of the confidential information” is not practical if they need to actually evaluate a business relationship with you.

Mistake #4: One-Way NDA When It Should Be Mutual

If you’re exploring a partnership where both sides will share information, sending a one-way NDA that only protects you is either naive or insulting.

Mistake #5: Using a Random Template Without Customization

That template you downloaded was written for a different situation. Customize it for your specific needs.

Mistake #6: Asking Investors to Sign NDAs

This is the fastest way to look like you don’t understand startup fundraising. Don’t do it.

How VCs and Sophisticated Partners Spot Amateur NDAs

When you send an NDA, the other side’s lawyer (or experienced business person) can immediately tell if you know what you’re doing:

Red flags that you’re inexperienced:

  • Unreasonable term lengths (10+ years for routine business info)
  • No exclusions for public information or required legal disclosures
  • One-way NDA when it should clearly be mutual
  • Overly broad definition of confidential information
  • Liquidated damages or penalty clauses
  • Asking investors to sign NDAs for pitch meetings

Green flags that you’re sophisticated:

  • Appropriate term lengths for different types of information
  • Standard exclusions and carve-outs
  • Mutual obligations when appropriate
  • Clear, specific definition of confidential information
  • Reasonable remedies focused on injunctive relief

The goal isn’t to have the “strongest” NDA—it’s to have an enforceable one that protects you without being unreasonable.

Special Cases: When Standard NDAs Don’t Work

Employees and Contractors: Don’t use a standalone NDA. Build confidentiality provisions into employment agreements or contractor agreements, along with IP assignment clauses.

Sales Conversations: If you’re selling to enterprise customers, they often want to see your product before signing contracts. Use a mutual NDA that covers the evaluation period.

Beta Testers/Early Customers: You need an NDA plus terms of use for the beta program. Just an NDA isn’t enough.

Academic or Research Collaborations: These often need specialized provisions about publication rights, IP ownership, and how research results can be used.

The Negotiation Dance

Here’s what typically happens when you send an NDA:

Their lawyer redlines it: This is normal. They’ll probably want to:

  • Shorten the term
  • Narrow the definition of confidential information
  • Add exclusions
  • Make it mutual if it isn’t already

Your response: Don’t treat every change as an insult. Most requested changes are reasonable. Push back on things that actually matter (like excluding core information you need to protect), but be flexible on standard provisions.

When to walk away: If someone refuses reasonable confidentiality terms for truly sensitive information, that’s a red flag about how they’ll handle your information. Consider whether you want to do business with them at all.

The Template Trap

You can find a million NDA templates online. Here’s why you still need to be careful:

  • Templates are written for generic situations, not your specific needs
  • They may be based on laws from different states
  • They might be outdated or include unenforceable provisions
  • They won’t tell you whether you need mutual vs. one-way

Better approach: Start with a quality template (like those from Talking Tree), but understand what each section does and customize it for your situation. Better yet, have a lawyer review your standard form once, then reuse that for similar situations.

When You Actually Need a Lawyer

Most standard NDAs don’t require a lawyer if you understand the basics. But consult legal help for:

  • High-stakes situations (M&A due diligence, major partnerships)
  • International deals (different countries have very different confidentiality laws)
  • Unusual situations that don’t fit standard templates
  • When the other side proposes terms you don’t understand

For routine NDAs, tools like Talking Tree can provide attorney-vetted templates and AI-powered review at a fraction of the cost of hiring a lawyer for each NDA.

The Uncomfortable Truth About NDAs

Here’s what nobody tells you: NDAs are hard to enforce and rarely worth suing over.

If someone violates your NDA, your remedies are:

  • Sue them (expensive, time-consuming, uncertain outcome)
  • Send a cease-and-desist letter (might work, might not)
  • Hope the threat of legal action is enough

Most NDA violations don’t result in lawsuits because litigation costs more than the information is worth. So why bother with NDAs at all?

Because they:

  • Create a legal record that the information was confidential
  • Make people think twice before sharing your information
  • Give you leverage if you need to escalate
  • Show you’re serious about protecting your information

Think of NDAs as part of your defense-in-depth strategy. They’re not bulletproof, but they’re better than nothing.

The Bottom Line

NDAs are neither magical shields nor worthless paper. They’re tools that, when used correctly, help protect your information and signal that you understand business.

Use them when you need them. Skip them when you don’t. And when you do use them, make them reasonable, clear, and appropriate to the situation.

Because the goal isn’t to have the “strongest” NDA that nobody will sign. It’s to have a fair agreement that actually gets signed and actually protects you.

Need NDA templates that don’t make you look like an amateur? Talking Tree offers attorney-vetted, customizable NDA templates for mutual and one-way agreements, plus AI-powered review to help you understand what you’re signing. Get the legal protection you need without the legal bill you don’t. Because professional doesn’t have to mean expensive.