Non-Disclosure Agreements (NDA)

Defining 'Confidential Information'

The core of any NDA is the definition of what constitutes 'Confidential Information'. Standard templates often use vague definitions that fail in court. A robust NDA must explicitly list categories of protected data: financial models, source code, customer lists, business plans, and unpatented inventions. It should also state that information conveyed orally is protected, provided it is reduced to writing and marked as confidential within a specific timeframe (e.g., 30 days).

• Exhaustive list of protected data categories
• Protection for both written and orally disclosed information
• Standard exclusions (e.g., information already in the public domain)

The 'Permitted Purpose' Restriction

An NDA does not just prevent the receiving party from leaking your information to third parties; it also restricts how they use it internally. The agreement must define a strict 'Permitted Purpose' (e.g., 'evaluating a potential joint venture'). The receiving party must be contractually bound to use the information solely for this purpose and expressly prohibited from reverse-engineering your technology or using your data to develop competing products.

• Strict definition of the Permitted Purpose
• Prohibition against reverse-engineering or decompiling
• Restriction on using data for competitive advantage

Obligations of the Receiving Party

The NDA must establish the standard of care the receiving party must exercise to protect your data. Typically, they must protect your information with at least the same degree of care they use for their own confidential data, but no less than a 'reasonable' standard of care. Furthermore, they should only be allowed to share the information with their employees or advisors on a strict 'need-to-know' basis, provided those individuals are bound by similar confidentiality obligations.

• Requirement to exercise a 'reasonable standard of care'
• Strict 'need-to-know' dissemination limits within the receiving organization
• Receiving party remains liable for breaches by its employees or advisors

Term and Duration of Confidentiality

An NDA must specify two distinct timelines: the 'Disclosing Period' (how long the parties will share information under the agreement) and the 'Confidentiality Period' (how long the receiving party must keep the information secret). While standard business information may be protected for 3 to 5 years, 'Trade Secrets' must be protected perpetually, surviving the termination of the agreement indefinitely.

• Clear distinction between the Disclosing Period and the Confidentiality Period
• Standard 3-5 year protection for general business data
• Perpetual, indefinite protection for critical Trade Secrets

Return of Materials and Injunctive Relief

The agreement must obligate the receiving party to immediately return or permanently destroy all confidential materials (including digital copies and derivatives) upon your written request. Crucially, the NDA must include an 'Injunctive Relief' clause. This is an acknowledgment by the receiving party that monetary damages would be insufficient to cure a breach, granting you the right to seek an immediate court injunction to stop the leak.

• Mandatory return or certified destruction of all data upon request
• Injunctive Relief clause for immediate court intervention
• Indemnification for legal costs incurred in enforcing the NDA

When to Review This

• Entering negotiations with investors or competitors
• Sharing proprietary source code or technical schematics
• Onboarding vendors who require access to your customer databases
• Need to replace a generic, unenforceable template NDA