At a glance
A Non-Disclosure Agreement, or NDA, is the legal document that allows sensitive information to be shared for a limited business purpose without giving the receiving party freedom to misuse it. In modern Indian business, NDAs are used before investor discussions, vendor onboarding, employee hiring, contractor engagement, software development, acquisition talks, manufacturing partnerships, franchise discussions, strategic collaborations, and product demos. The mistake many businesses make is treating an NDA as a simple one-page form. In reality, the strength of an NDA depends on the precision of its definitions, the permitted purpose, the restrictions on use, the duration of confidentiality, the treatment of oral disclosures, the return or destruction process, and the remedies available if there is a breach. A vague NDA may create comfort, but it may not create meaningful protection.
A strong NDA should clearly define confidential information, identify who is disclosing and receiving it, restrict use to a specific permitted purpose, limit internal sharing to a need-to-know basis, protect trade secrets, exclude information already public or independently developed, and provide practical remedies for breach. At Inamdar Legal, we draft and review NDAs for Indian businesses with a focus on commercial clarity. The agreement should not be so light that it fails to protect the disclosing party, and it should not be so broad that the receiving party refuses to sign it or later challenges it as unreasonable.
- One-way and mutual NDA structures
- Confidential information and permitted purpose
- Duration, exclusions, and representative access
- Breach remedies and Indian law considerations
Why NDAs matter in India
Indian businesses frequently share sensitive information before a formal commercial arrangement is signed. A founder may send a pitch deck to a potential investor. A startup may show a product roadmap to a developer. A manufacturing business may share pricing, supplier names, formulas, drawings, processes, or customer data with a vendor. A digital agency may share campaign strategy with a client. An employer may disclose internal processes to a senior employee or consultant. In each case, the receiving party may genuinely need the information to evaluate or perform a business opportunity. The NDA allows this sharing to happen with boundaries. It tells the receiving party: you may use this information only for the stated purpose; you may not copy it, leak it, reverse-engineer it, compete using it, or pass it to others except as permitted. Public discussions in India often show a recurring concern: people confuse NDAs with non-compete agreements. An NDA is meant to protect confidential information. It should not become a backdoor method to stop a person from earning a livelihood or working in an industry after the relationship ends. Indian law treats broad restraints of trade carefully, especially after termination of employment or engagement. Therefore, an NDA should focus on information protection rather than overreaching restrictions.
Unilateral NDA or mutual NDA
A unilateral NDA is used when only one party is disclosing confidential information. For example, a startup sharing product details with a vendor may need the vendor to keep that information confidential. A mutual NDA is used when both parties are sharing sensitive information. For example, two companies exploring a joint venture, merger, strategic partnership, or technology integration may both disclose confidential material. The wrong format can create practical problems. If both sides will disclose information but the NDA protects only one side, the other party may resist signing or may remain unprotected. If only one side is disclosing information but the NDA is unnecessarily mutual, it may create obligations that are not commercially relevant. A good NDA should match the transaction.
Defining confidential information
The definition of confidential information is the foundation of the NDA. It should cover the categories of information actually being shared. Depending on the transaction, this may include business plans, pricing, financial information, marketing strategy, customer lists, supplier details, source code, product architecture, design files, prototypes, inventions, formulas, manufacturing processes, technical documents, login credentials, personal data, contracts, negotiations, and the fact that discussions are taking place. The definition should also address the form of disclosure. Confidential information may be written, oral, visual, electronic, digital, physical, or disclosed through platform access. If oral disclosures are protected, the NDA may require the disclosing party to identify or confirm the information as confidential within a reasonable time. For practical business use, the agreement should not depend only on whether a document is stamped "confidential", because many sensitive disclosures happen through meetings, calls, screen shares, demos, email chains, and shared folders. At the same time, the definition should not be unlimited. If everything is confidential, the clause can become harder to apply. The better approach is to define the categories clearly and add a practical catch-all for information that a reasonable person would understand to be confidential given the nature of the disclosure.
The permitted purpose clause
The permitted purpose is one of the most important clauses in an NDA. It states why the information is being shared. For example, the permitted purpose may be evaluating a potential investment, discussing a software development project, performing services under a vendor arrangement, assessing a possible collaboration, or reviewing a business acquisition opportunity. Without a permitted purpose clause, the receiving party may argue that the information was shared generally. A strong NDA should state that the receiving party may use the information only for the permitted purpose and for no other reason. It should prohibit use for competing products, personal gain, reverse engineering, solicitation, independent commercial exploitation, or disclosure to unrelated third parties.
Obligations of the receiving party
The receiving party should be required to protect the information using at least reasonable care, and ideally the same level of care used to protect its own confidential information of similar importance. The receiving party should share the information internally only with employees, directors, officers, advisors, consultants, or representatives who have a genuine need to know and are bound by confidentiality obligations. The NDA should make the receiving party responsible for breaches by its representatives. This is important because confidential information is often shared with accountants, lawyers, employees, developers, agencies, consultants, or group companies. The disclosing party needs assurance that the information will not leak simply because it was passed through a chain of representatives.
Exclusions from confidentiality
A fair NDA includes exclusions. Information should not be treated as confidential if it is already public through no fault of the receiving party, already known to the receiving party before disclosure, independently developed without using the confidential information, received lawfully from a third party without restriction, or required to be disclosed by law, court order, or regulatory authority. These exclusions make the NDA commercially reasonable. They also reduce unnecessary disputes. However, the receiving party should normally bear the burden of proving that an exclusion applies. If disclosure is legally compelled, the NDA may require the receiving party to give prompt notice, cooperate with protective measures, and disclose only the minimum required.
Duration of confidentiality
An NDA should distinguish between the disclosure period and the confidentiality period. The disclosure period is the time during which information may be shared. The confidentiality period is the time during which the receiving party must protect the information. For ordinary business information, confidentiality periods of three to five years are commonly seen. For trade secrets, source code, formulas, customer databases, strategic pricing, and highly sensitive proprietary material, the obligation may need to survive for as long as the information remains confidential. The drafting should not blindly use a fixed period without considering the nature of the information.
NDA and Indian law
An NDA is generally enforceable in India if it satisfies the essential requirements of a valid contract. However, the remedies for breach must be drafted carefully. Monetary damages may be difficult to quantify where confidential information is leaked. Therefore, NDAs often include provisions recognizing that breach may cause irreparable harm and that injunctive relief may be necessary. The agreement should also avoid unnecessary overlap with non-compete language. Under Section 27 of the Indian Contract Act, agreements in restraint of trade are treated restrictively. Indian courts have recognized that reasonable confidentiality and negative obligations during the term of a relationship may be different from a broad post-termination restraint preventing a person from working. This is why an NDA should be drafted as a confidentiality instrument, not as a disguised employment bond or non-compete. Where personal data is involved, businesses should also consider data protection obligations under Indian law, including the Digital Personal Data Protection framework. A modern NDA should not only say "keep information confidential"; it should also address access controls, authorized use, deletion, breach reporting, and return of data.
Common NDA drafting mistakes
The most common mistake is using a generic NDA without defining the business purpose. Another common mistake is protecting only written information and ignoring oral or digital disclosures. Many NDAs also fail to distinguish trade secrets from ordinary information, do not include representative liability, ignore return and deletion obligations, and use a confidentiality period that is either too short or unnecessarily broad. Some NDAs also include aggressive non-compete, non-solicit, penalty, and employment restrictions without careful drafting. Such clauses may create resistance and may not be enforceable in the way the disclosing party expects. A practical NDA should be protective, specific, and commercially acceptable.
NDA for startups and business ideas
A common question is whether an NDA can protect a startup idea. The honest answer is that an NDA is better at protecting confidential details than abstract ideas. A general idea such as "an app for local services" is difficult to protect by itself. But pitch decks, market research, financial models, technical architecture, code, customer data, product strategy, designs, and execution plans can be protected if properly defined and disclosed under the NDA. For startups, the NDA should also be realistic. Investors may not sign NDAs at early pitch stages. Vendors, consultants, developers, agencies, employees, and strategic collaborators are more likely to sign NDAs because they receive specific sensitive information. The drafting should match the context.
How Inamdar Legal can assist
Inamdar Legal assists with unilateral NDAs, mutual NDAs, founder NDAs, vendor NDAs, employee confidentiality agreements, contractor NDAs, technology NDAs, investor discussion NDAs, acquisition discussion NDAs, and confidentiality clauses within larger agreements. We also review NDAs received from other parties and identify risks such as excessive non-compete language, vague confidentiality periods, one-sided indemnity, unreasonable penalties, broad personal liability, unclear jurisdiction, and weak permitted-purpose language.
When to Review This
- One-way and mutual NDA structures
- Confidential information and permitted purpose
- Duration, exclusions, and representative access
- Breach remedies and Indian law considerations