1. Parties
This Non-Disclosure Agreement (the "Agreement") is entered into on {Effective Date} (the "Effective Date") by and between:
Disclosing Party: {Disclosing Party Name}, with a principal place of business at {Disclosing Party Address} (the "Disclosing Party"); and
Receiving Party: {Receiving Party Name}, with a principal place of business at {Receiving Party Address} (the "Receiving Party").
Each, a "Party" and collectively, the "Parties."
About this section
What's in this section
This is where the NDA declares whether it runs one way or both. A template that names a 'Disclosing Party' and a 'Receiving Party' is one-directional; if both sides will share secrets, both need to wear both hats here.
Why this section is here
Confidentiality obligations bind only the named entity, not its parent, subsidiaries, or affiliates unless they are named too. Many disputes turn on the fact that the company actually holding the data was never a party to the NDA.
Common mistake
Naming the brand instead of the legal entity (e.g., 'Acme' instead of 'Acme, Inc.'). Use the same name that appears on tax filings and other contracts.
2. Background and Purpose
The Parties wish to enter into discussions regarding {Purpose} (the "Purpose"). In connection with the Purpose, the Disclosing Party may disclose to the Receiving Party certain Confidential Information (as defined in Section 4). The Parties enter into this Agreement to set out the terms on which Confidential Information may be disclosed, used, and protected.
In consideration of the Disclosing Party's disclosure or potential disclosure of Confidential Information to the Receiving Party and the Receiving Party's access to such Confidential Information, the Parties agree as follows.
About this section
What's in this section
The Purpose defined here quietly becomes the leash on the whole agreement: the Receiving Party may use what it learns only to pursue this stated aim, and nothing else.
Why this section is here
A use that falls outside the stated Purpose is a breach on its own, even if it would otherwise be perfectly legal. That is what makes a narrow, specific Purpose the strongest single lever the Disclosing Party has.
Common mistake
Writing a vague Purpose like 'general business discussions.' Be specific: 'evaluating a potential Series A investment' or 'integrating Acme's API into Receiver's product.'
3. Defined Terms
For purposes of this Agreement:
- "Confidential Information" has the meaning given in Section 4.
- "Purpose" has the meaning given in Section 2.
- "Representatives" means a Party's directors, officers, employees, agents, contractors, advisers, and affiliates, in each case only to the extent they have a need to know the Confidential Information for the Purpose and are bound by written obligations of confidentiality at least as protective as those in this Agreement.
- "Trade Secret" means information that derives independent economic value, actual or potential, from not being generally known to or readily ascertainable by other persons who can obtain economic value from its disclosure or use, and that is the subject of reasonable measures to maintain its secrecy.
For purposes of this Agreement, "Trade Secret" also carries the meaning given under the Defend Trade Secrets Act (18 U.S.C. § 1839) and analogous US state trade-secret statutes (including the Uniform Trade Secrets Act as adopted).
For purposes of this Agreement, "Trade Secret" also carries the meaning given under the EU Trade Secrets Directive (Directive (EU) 2016/943) as implemented in the relevant member state.
For purposes of this Agreement, "Trade Secret" also carries the meaning given under the UK Trade Secrets (Enforcement, etc.) Regulations 2018 and the law of confidence.
About this section
What's in this section
A short section that does heavy lifting: it fixes the meaning of the handful of capitalized words the rest of the NDA leans on, so 'Confidential Information' means one agreed thing rather than two convenient ones in a dispute.
Why this section is here
Where a term is left undefined, a court fills the gap, and it usually reads the term narrowly against the party trying to enforce it. Defining it yourself keeps that choice out of a judge's hands.
Common mistake
Using a defined term inconsistently in the body (capitalized in one place, lowercased in another) signals the parties did not mean it as defined.
4. Definition of Confidential Information
"Confidential Information" means any non-public information disclosed by the Disclosing Party to the Receiving Party in connection with the Purpose, whether disclosed orally, in writing, electronically, or by any other means, that is:
(a) marked or identified as "Confidential," "Proprietary," or with a similar designation at the time of disclosure;
(b) disclosed orally and described in writing as confidential within thirty (30) days of the oral disclosure; or
(c) by its nature or the circumstances of its disclosure, would reasonably be understood by the Receiving Party to be confidential.
Confidential Information includes, without limitation, technical data, trade secrets, know-how, research, product or service plans, business strategies, financial information, customer or supplier information, pricing, source code, designs, drawings, specifications, marketing plans, and the existence and content of the Parties' discussions regarding the Purpose.
(Customize this definition to match the specific information being protected. A broad, format-agnostic definition is appropriate when the categories are uncertain; a narrower enumerated list is appropriate when the categories are clear in advance.)
Existence of the discussions. The fact that the Parties are discussing the Purpose, the substance of those discussions, and the existence of this Agreement itself are each Confidential Information of both Parties. Neither Party may disclose the existence of the discussions, the existence of this Agreement, or any details of either, without the prior written consent of the other Party.
Mutual confidentiality. Notwithstanding the one-way framing of this Agreement, the Parties agree that Confidential Information may be disclosed by either Party to the other in connection with the Purpose. Each Party agrees that the obligations of the Receiving Party set out in Sections 5, 6, 8, and 9 apply equally to it when it receives Confidential Information from the other Party, and the protections of those Sections apply to its own Confidential Information when disclosed to the other Party. References to "Disclosing Party" and "Receiving Party" shall be construed accordingly.
About this section
What's in this section
The boundary of the entire NDA: anything inside this definition is protected, anything outside it is fair game. The tension is real, too narrow and secrets slip through the gaps, too broad and a court may decline to enforce any of it.
Why this section is here
The practical question is whether everything is confidential by default or only what is marked. Marking is cleaner to enforce but easy to forget mid-conversation; protecting everything risks sweeping in trivia a court won't shield.
Common mistake
Failing to address oral disclosures. Without an oral-disclosure follow-up clause, conversations between the parties may not be covered.
5. Permitted Use
The Receiving Party shall use the Confidential Information solely for the Purpose. The Receiving Party shall not use the Confidential Information for any other purpose, for its own benefit or commercial advantage, or for the benefit of any third party, without the prior written consent of the Disclosing Party.
About this section
What's in this section
Secrecy and use are two different promises. A Receiving Party can keep your data perfectly secret and still mine it for its own benefit; this clause is what closes that gap by tying every use back to the Purpose.
Why this section is here
The classic abuse isn't leaking the data, it's the Receiving Party using what it learned to build a competing product or undercut a deal while keeping it perfectly confidential. This clause is the only thing that reaches that conduct.
Common mistake
Stating the Purpose only in the recitals or background section without referencing it here. The Permitted Use clause should explicitly tie use to the Purpose defined in Section 2.
6. Obligations of the Receiving Party
The Receiving Party shall:
(a) hold the Confidential Information in strict confidence and protect it with at least the same degree of care that the Receiving Party uses to protect its own confidential information of similar importance, and in no event less than reasonable care;
(b) restrict access to the Confidential Information to its Representatives who have a need to know it for the Purpose and who are bound by written obligations of confidentiality at least as protective as those in this Agreement;
(c) not copy or reproduce the Confidential Information except as reasonably necessary for the Purpose;
(d) not disclose the Confidential Information to any third party (other than its Representatives) without the prior written consent of the Disclosing Party; and
(e) be responsible for any breach of this Agreement by its Representatives as if such breach were committed by the Receiving Party itself.
For technology, product, or software disclosures, the Receiving Party shall not reverse engineer, decompile, disassemble, or attempt to derive source code, underlying ideas, algorithms, or structure from any Confidential Information, except as reasonably necessary for the Purpose and to the extent such restriction is not prohibited by applicable law.
Employee-specific obligations. Where the Receiving Party is an employee of the Disclosing Party, the obligations in this Agreement are in addition to, and not in lieu of, any other duties of confidentiality, loyalty, or fiduciary duty owed by the Receiving Party under applicable employment law. Nothing in this Agreement is intended to restrict the Receiving Party's rights under applicable whistleblower, anti-retaliation, or labor laws.
Independent contractor work product. Where the Receiving Party is an independent contractor engaged by the Disclosing Party, all work product, deliverables, inventions, and developments created by the Receiving Party in connection with the Purpose are the exclusive property of the Disclosing Party and constitute Confidential Information under this Agreement. The Receiving Party assigns to the Disclosing Party all rights, title, and interest in such work product.
About this section
What's in this section
Confidentiality isn't a passive state. This clause spells out what the Receiving Party must actively do: lock the data down, limit who can see it, and bind its own employees and contractors to the same duty.
Why this section is here
This is where the standard of care gets set. Leave it out and the law supplies a bare 'reasonable person' default, which is almost always a lower bar than the Disclosing Party assumed it was getting.
Common mistake
Requiring 'reasonable efforts' without specifying what those efforts include. Name concrete measures: access controls, written undertakings from employees, secure storage.
7. Exclusions from Confidential Information
The obligations in Sections 5 and 6 do not apply to information that the Receiving Party can demonstrate, by written records:
(a) was publicly known at the time of disclosure, or subsequently became publicly known through no fault of the Receiving Party;
(b) was already in the Receiving Party's possession at the time of disclosure, free of any obligation of confidentiality;
(c) was rightfully received by the Receiving Party from a third party who was not bound by any obligation of confidentiality to the Disclosing Party;
(d) was independently developed by the Receiving Party without reference to or use of the Confidential Information; or
(e) is disclosed with the prior written consent of the Disclosing Party.
About this section
What's in this section
The Receiving Party's escape hatches. These five carve-outs mark the information the NDA can't touch, things already public, already known, or independently developed, so the obligation stays defensible rather than absurdly broad.
Why this section is here
An NDA with no carve-outs claims to protect even what's already public, and a court may treat that overreach as a reason to narrow or ignore the whole clause. Spelling the exclusions out is what keeps the protection credible.
Common mistake
Listing exclusions but failing to require the Receiving Party to evidence them. The burden of proving an exclusion applies should sit with the Receiving Party.
8. Required Disclosures
Nothing in this Agreement prevents the Receiving Party from disclosing Confidential Information to the extent required by law, regulation, court order, or other competent authority. Where legally permitted, the Receiving Party shall promptly notify the Disclosing Party of the required disclosure in writing, in advance of the disclosure, so that the Disclosing Party may seek a protective order or other appropriate remedy. The Receiving Party shall cooperate, at the Disclosing Party's expense, in any reasonable efforts by the Disclosing Party to limit the scope of the required disclosure.
About this section
What's in this section
The pressure-valve for subpoenas, regulators, and court orders, the situations where the Receiving Party has no real choice but to hand something over.
Why this section is here
A good version does two things: it lets the Disclosing Party step in to seek a protective order, and it holds the Receiving Party to disclosing only the narrow slice the law actually compels, not everything it holds.
Common mistake
Omitting the notice-back obligation. Without it, the Receiving Party may comply with a subpoena before the Disclosing Party knows about it.
9. Return or Destruction of Confidential Information
Upon written request of the Disclosing Party, or upon termination or expiration of this Agreement (whichever occurs first), the Receiving Party shall, at the Disclosing Party's election:
(a) return to the Disclosing Party all Confidential Information in the Receiving Party's possession or control, including all copies, extracts, and derivatives; or
(b) destroy all such Confidential Information and, on request, certify in writing that the destruction has been completed.
Notwithstanding the foregoing, the Receiving Party may retain one archival copy of the Confidential Information solely to the extent required by applicable law, regulation, or bona fide records-retention policy, and the obligations of this Agreement shall continue to apply to that copy for so long as it is retained.
About this section
What's in this section
How the NDA actually winds down. When the deal is over, this clause pulls the Confidential Information back out of the Receiving Party's hands instead of letting it sit there indefinitely.
Why this section is here
The useful question is when it triggers: automatically when the Purpose ends, or only when the Disclosing Party asks. Tie it to a request and nothing happens until someone remembers to send one.
Common mistake
Demanding immediate destruction without acknowledging the Receiving Party's own legal-hold and backup obligations. Mention reasonable archival exceptions.
10. Term and Survival
This Agreement begins on the Effective Date and continues for {Disclosure Period} (the "Term"), unless terminated earlier by written agreement of the Parties or by either Party on thirty (30) days' written notice to the other. Termination does not affect any obligations with respect to Confidential Information disclosed before the effective date of termination.
The obligations of the Receiving Party under Sections 5, 6, 7, and 9 shall survive for {Confidentiality Period} after the date of disclosure or, if later, after termination or expiration of this Agreement, except that with respect to Trade Secrets, the obligations of this Agreement shall continue for so long as the information remains a Trade Secret under applicable law.
About this section
What's in this section
The clock on the whole agreement, and it usually runs at two speeds: a fixed number of years for ordinary business information, and indefinitely for anything that qualifies as a trade secret.
Why this section is here
Courts are skeptical of confidentiality that lasts forever on ordinary business information; an indefinite blanket term invites a judge to cut it down. The fixed-term-plus-trade-secret split is the version that actually holds up.
Common mistake
Setting a single short term (e.g., '1 year from disclosure') without preserving trade-secret protection beyond that period. Trade secrets keep their status as long as they are not generally known and reasonable steps are taken to protect them.
11. No Warranty, No License, No Obligation
The Confidential Information is provided "as is." The Disclosing Party makes no warranty, express or implied, regarding the accuracy, completeness, or fitness for any purpose of the Confidential Information, and the Receiving Party assumes the entire risk associated with its use of the Confidential Information.
Nothing in this Agreement grants the Receiving Party any license, right, title, or interest in or to any intellectual property of the Disclosing Party, except a limited, non-transferable, non-exclusive right to use the Confidential Information for the Purpose.
Nothing in this Agreement obligates either Party to disclose any particular Confidential Information, to enter into any further agreement, or to proceed with the Purpose. Each Party retains the right to enter into similar arrangements with third parties, provided that doing so does not breach this Agreement.
Additional terms for beta programs and early access. Where the Confidential Information includes access to a pre-release product, service, or feature (the "Beta Service"), the Receiving Party further agrees that: (a) the Beta Service is provided for evaluation and feedback purposes only and may contain bugs, errors, and incomplete functionality; (b) the Receiving Party shall not publicly disclose, demonstrate, screenshot, or comment on the Beta Service without the prior written consent of the Disclosing Party; (c) any feedback, suggestions, or improvement ideas provided by the Receiving Party regarding the Beta Service may be used by the Disclosing Party without restriction or compensation, and the Receiving Party assigns to the Disclosing Party all rights in such feedback; and (d) the embargo on public disclosure continues until the Disclosing Party publicly announces the corresponding feature or service.
About this section
What's in this section
Three things the NDA deliberately refuses to do. Sharing a secret doesn't vouch for its accuracy, doesn't hand over any IP rights to it, and doesn't commit either side to actually go through with the deal.
Why this section is here
Each omission has been turned into an argument: that disclosure implied a warranty, an IP license, or a commitment to proceed. These clauses exist because Receiving Parties have made exactly those claims when a deal soured.
Common mistake
Treating these as boilerplate and leaving them out. They are foundational protections, not optional.
12. Remedies
The Receiving Party acknowledges that breach of this Agreement may cause the Disclosing Party irreparable harm for which monetary damages would be inadequate. The Disclosing Party shall be entitled, in addition to any other remedies available at law or in equity, to seek injunctive and other equitable relief to prevent or restrain a breach or threatened breach of this Agreement, without the necessity of proving actual damages and, to the maximum extent permitted by law, without posting bond or other security. The remedies in this Section are cumulative and are in addition to, and not in lieu of, any other rights and remedies available to the Disclosing Party.
About this section
What's in this section
The clause that lets the Disclosing Party actually stop a leak in progress. It pre-agrees that money alone can't undo a breach, clearing the way to an injunction instead of a damages claim after the fact.
Why this section is here
Two practical boosts live here: the Disclosing Party doesn't have to post a bond to get an injunction, and equitable relief sits alongside money damages rather than replacing them. Both strip out friction at the moment speed matters most.
Common mistake
Relying on a generic 'all remedies cumulative' clause without specifically authorizing equitable relief. Courts may require the disclosing party to first prove money damages are inadequate, which delays relief.
13. Governing Law, Jurisdiction, and Miscellaneous
This Agreement is governed by and construed in accordance with the laws of {Governing Law}, without giving effect to any conflict-of-laws principles. The Parties consent to the exclusive jurisdiction and venue of the courts located in {Jurisdiction} for any dispute arising out of or relating to this Agreement.
Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral, regarding the same subject matter.
Amendments. This Agreement may be amended only by a written instrument signed by authorized representatives of both Parties.
Severability. If any provision of this Agreement is held invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect, and the invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.
Waiver. The failure of either Party to enforce any provision of this Agreement shall not constitute a waiver of that provision or of any other provision. Any waiver must be in writing and signed by the waiving Party.
Assignment. Neither Party may assign this Agreement or any of its rights or obligations under it without the prior written consent of the other Party, except that either Party may assign this Agreement to a successor in interest in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets, on written notice to the other Party.
Counterparts. This Agreement may be executed in two or more counterparts, including by electronic signature, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.
Notices. All notices under this Agreement shall be in writing and shall be deemed given when delivered by hand, by email to {Notice Email} (with confirmation of receipt), or by recognized overnight courier to {Notice Address}.
No partnership. Nothing in this Agreement creates a partnership, joint venture, agency, fiduciary, or employment relationship between the Parties. Neither Party has authority to bind the other.
Required U.S. notice (Defend Trade Secrets Act). Pursuant to the federal Defend Trade Secrets Act (18 U.S.C. § 1833(b)(3)), the Receiving Party is notified that an individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a Trade Secret that is made: (a) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney, and solely for the purpose of reporting or investigating a suspected violation of law; or (b) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the Trade Secret to the attorney of the individual and use the Trade Secret information in the court proceeding, if the individual files any document containing the Trade Secret under seal and does not disclose the Trade Secret except pursuant to court order.
Protected disclosures (UK). Nothing in this Agreement prevents or penalizes the Receiving Party from making a protected disclosure under the Public Interest Disclosure Act 1998, reporting a crime or a regulatory breach to a competent authority, or making any other disclosure that the law protects. Any term that purports to prevent such a disclosure is void to that extent.
Protected disclosures (EU). Nothing in this Agreement prevents or penalizes the Receiving Party from making a report protected under the EU Whistleblower Directive ((EU) 2019/1937) as implemented in the relevant member state, or any other disclosure that the law protects. Any term that purports to prevent such a disclosure is void to that extent.
Personal data (EU). Where Confidential Information includes personal data, the Receiving Party will process it only as necessary for the Purpose and in compliance with the GDPR. If the Receiving Party processes personal data on the Disclosing Party's behalf, the Parties will put a separate data processing agreement in place.
Personal data (UK). Where Confidential Information includes personal data, the Receiving Party will process it only as necessary for the Purpose and in compliance with the UK GDPR and the Data Protection Act 2018. If the Receiving Party processes personal data on the Disclosing Party's behalf, the Parties will put a separate data processing agreement in place.
About this section
What's in this section
The 'boilerplate' bucket that decides more than it looks: which law reads the contract, which court hears a dispute, and a stack of standard provisions governing how the NDA can be changed, waived, or assigned.
Why this section is here
The choice of governing law determines how every other clause in the Agreement is interpreted. Picking a familiar, well-developed law (Delaware, New York, English law) reduces interpretive risk significantly.
Common mistake
Picking the governing law of a jurisdiction where the parties have no real connection. Courts may refuse to honor an unrelated choice; counterparts may resist litigating there.
14. Acceptance
(This acceptance clause assumes your platform actually captures user identity or account, timestamp, network address, the agreement version presented, the affirmative acceptance action, and a copy of the exact accepted terms. Verify your implementation captures these elements before relying on this clause. For ClickTerm-powered acceptance flows, this happens automatically.)
The Receiving Party agrees to the terms of this Agreement by clicking "I Agree" (or taking a substantially similar affirmative acceptance action) at the time this Agreement is presented in the access or onboarding flow. Acceptance is captured and timestamped, and the record of acceptance, including the version of this Agreement presented, the time of acceptance, the network address of the device used, and the identity of the accepting individual (where available), constitutes evidence of the Parties' agreement to be bound by this Agreement.
The individual completing the acceptance action represents and warrants that they have the authority to bind the Receiving Party to this Agreement. Where the Receiving Party is a legal entity, that individual represents that they are duly authorized to accept agreements of this kind on behalf of the entity.
15. Signatures
(Use these signature blocks in place of the clickwrap acceptance above when executing this Agreement in person, by hand, or through a traditional electronic signing platform. Delete the Acceptance section above before publishing.)
The Parties have executed this Agreement as of the Effective Date.
Disclosing Party: {Disclosing Party Name}
By: ____________________________________
Name: _________________________________
Title: _________________________________
Date: _________________________________
Receiving Party: {Receiving Party Name}
By: ____________________________________
Name: _________________________________
Title: _________________________________
Date: _________________________________
About this section
What's in this section
How an NDA gets signed without a signing. For high-volume situations, vendor onboarding, data-room access, contractor intake, this turns a presented NDA into a binding one the moment the recipient clicks, with no paper and no countersignature.
Why this section is here
Because electronic acceptance is already signature-equivalent for commercial NDAs, a challenge almost never argues 'that wasn't a real signature.' It argues 'you can't show what I agreed to,' which makes the integrity of the stored record the whole ballgame.
Common mistake
Letting just anyone click. For an NDA that binds a company, the person accepting needs authority to commit it; a click from an intern or an unauthenticated visitor may not bind the entity at all.
How clickwrap NDAs hold up in court →