Confidentiality agreements—commonly known as NDAs or non-disclosure agreements—are among the most frequently used legal documents in business. They are the gatekeepers of sensitive information, enabling companies to explore partnerships, evaluate potential acquisitions, discuss fundraising, and share proprietary methodologies without fear that the information will be weaponized against them.
Despite their ubiquity, NDAs are frequently drafted poorly, leaving both parties inadequately protected. A vague NDA that fails to clearly define confidential information, specify exceptions, or allocate remedies is almost worse than no NDA at all—it creates a false sense of security while providing little actual legal protection.
Our free NDA template is drafted to reflect current U.S. law and commercial practice. It covers both mutual (bilateral) and unilateral disclosure scenarios, includes robust definitions and exceptions, and provides meaningful enforcement mechanisms.
What Does an NDA Actually Protect?
An NDA protects "confidential information"—but that term is meaningless without a clear definition. In a well-drafted NDA, confidential information is defined with specificity, typically including categories such as business plans, financial data, customer lists, pricing information, technical specifications, source code, trade secrets, marketing strategies, and any other information designated as confidential in writing.
Importantly, an NDA does not protect information that is already public knowledge, information that the receiving party already possessed before the disclosure, or information that the receiving party independently developed. The burden of proving that information qualifies as a protected trade secret falls on the disclosing party—and without a clear definition of what was disclosed and when, that burden becomes nearly impossible to meet.
Mutual vs. One-Way NDAs
The most fundamental choice in drafting an NDA is whether it will be mutual (bilateral) or one-way (unilateral). This choice affects the balance of obligations and should reflect the actual information flow between the parties.
A mutual NDA is appropriate when both parties are sharing confidential information with each other. This is common in joint venture discussions, M&A due diligence (both sides share sensitive data), strategic partnership negotiations, and vendor/supplier relationships where proprietary processes are being shared bidirectionally.
A one-way NDA is appropriate when only one party is disclosing confidential information. A startup pitching to an investor, an inventor presenting to a manufacturer, or a freelancer sharing portfolio work with a prospective client all typically use one-way NDAs—the other party is not expected to share their own confidential information in return.
Our template can accommodate both scenarios through a simple mechanism: in a mutual NDA, both parties assume the role of "Disclosing Party" and "Receiving Party" as applicable; in a one-way NDA, only the disclosing party bears confidentiality obligations.
Essential NDA Provisions
Definition of Confidential Information
The definition clause is the most important part of any NDA. A too-broad definition (such as "all information shared between the parties") can make the agreement unenforceable because courts may find it unreasonable. A too-narrow definition may fail to capture information that actually deserves protection.
Effective definitions typically identify specific categories of information (technical data, business plans, financial statements), specify the form in which information must be conveyed to qualify (written, oral, visual), and require some form of marking or identification for oral disclosures to be protected.
Obligations of the Receiving Party
The receiving party's obligations typically include: (1) using the same degree of care to protect the information as it uses to protect its own confidential information (but no less than reasonable care); (2) using the information only for the permitted purpose outlined in the agreement; (3) restricting access to the information to employees and advisors who have a need to know; and (4) not disclosing the information to third parties without prior written consent.
Permitted Disclosures
No NDA is airtight—courts recognize that certain disclosures may be necessary. Standard permitted disclosure exceptions include: information already in the public domain, information already known to the receiving party without restriction, information independently developed by the receiving party, and disclosures required by law or court order (provided the receiving party gives the disclosing party prompt notice so they can seek protective measures).
Term and Duration
The NDA should specify both the term of the agreement itself (how long the agreement lasts before it expires) and the duration of confidentiality obligations (how long after disclosure the receiving party must protect the information). These are often different periods. The agreement term might be two years, while confidentiality obligations for trade secrets might survive indefinitely.
Remedies
Because NDAs are notoriously difficult to enforce after the fact—proving damages from a confidentiality breach is notoriously hard—a well-drafted NDA typically includes an acknowledgment that a breach would cause irreparable harm for which monetary damages would be inadequate, thereby entitling the disclosing party to seek injunctive relief without posting a bond. This is an equitable remedy that supplements (rather than replaces) the right to pursue monetary damages.
Return or Destruction of Information
When the NDA terminates or the disclosing party requests it, the receiving party should be obligated to return or destroy all confidential information in its possession, including copies, and to certify in writing that this obligation has been fulfilled.
Sample Scenario
Consider a medical device startup, "NeuraSense Technologies," that has developed a proprietary algorithm for early detection of neurological conditions using wearable device data. NeuraSense is in discussions with "MedTech Capital Partners," a venture capital firm, about a potential $5 million Series A investment.
During the due diligence process, NeuraSense will need to share extensive technical documentation, clinical trial data, FDA submission materials, source code, and detailed financial projections—all of which constitute highly sensitive trade secrets that, if disclosed to competitors or the wrong parties, could destroy the company's competitive advantage and its investment valuation.
NeuraSense and MedTech Capital sign a mutual NDA before any information is shared. The NDA clearly defines what constitutes confidential information (including source code and clinical data), specifies a five-year confidentiality term, carves out publicly available information, and obligates MedTech Capital to use reasonable care in protecting the information and to return or destroy it upon request or at the end of the term.
When a MedTech Capital associate accidentally leaves a folder of NeuraSense documents on a train, the NDA's provisions—combined with the DTSA—give NeuraSense clear legal grounds to pursue remedies for the breach.
Related Templates
- Service Agreement — Add a service agreement to your client engagements for comprehensive protection alongside your NDA
- Master Service Agreement — Use an MSA to govern an ongoing business relationship where multiple NDAs may be needed
- Independent Contractor Agreement — Protect your proprietary methods when engaging contractors who may access confidential systems
- Consulting Engagement Letter — Formalize consulting engagements with built-in confidentiality protections
Start Your Free Trial
Need to protect your confidential business information today? Eonebill's free NDA template is ready to use in minutes. Customize it for your specific situation—mutual or unilateral, standard or enhanced—and e-sign with your counterparties directly through the platform. Start your free trial now.
Start Free Trial — Instant access. No legal training required.