Create a Non-Disclosure Agreement (NDA) Online

Non-disclosure agreements come in two primary forms, and choosing the correct type for your situation is an important first step in creating an effective confidentiality agreement.

Unilateral (One-Way) NDA: A unilateral NDA is the most common type and involves one party (the disclosing party) sharing confidential information with another party (the receiving party), who agrees to keep that information confidential. This structure is appropriate when the flow of sensitive information is primarily in one direction — for example, when an employer shares trade secrets with a new employee, when a company shares proprietary information with a contractor, or when a startup shares its business plan with a potential investor. In a unilateral NDA, only the receiving party has confidentiality obligations.

Mutual (Two-Way) NDA: A mutual NDA is used when both parties will be sharing confidential information with each other, and both need protection. This structure is common in business partnerships, joint ventures, merger and acquisition discussions, technology collaborations, and any situation where both sides bring proprietary information to the table. In a mutual NDA, each party is simultaneously the disclosing party and the receiving party, and both have identical confidentiality obligations. Mutual NDAs are considered more balanced and are generally preferred when the relationship involves two-way information sharing, as they demonstrate good faith and equal commitment to protecting each other's interests.

The choice between unilateral and mutual depends entirely on the nature of the relationship and the direction of information flow. If you are hiring a consultant to work on a project and will be sharing your business data with them, a unilateral NDA is appropriate — the consultant does not need to share their own confidential information with you. However, if two companies are exploring a potential partnership and both need to share proprietary information to evaluate the opportunity, a mutual NDA is the better choice. When in doubt, a mutual NDA is generally safer because it protects both parties equally.

A well-drafted NDA should contain several essential components to be both effective and legally enforceable. While the specific language and level of detail may vary depending on the situation, the following elements should be included in every non-disclosure agreement:

• Identification of the parties: The full legal names and addresses of all parties to the agreement. For businesses, this should include the company name, the name and title of the authorized signatory, and the company's principal place of business.
• Definition of confidential information: A clear description of what information is considered confidential under the agreement. This can be broad (covering all non-public information shared between the parties) or narrow (limited to specific types of information such as financial data, technical specifications, or customer lists). The definition should be specific enough to give the receiving party clear guidance about what they must protect.
• Obligations of the receiving party: A detailed description of what the receiving party must do to protect the confidential information, including maintaining it in strict confidence, limiting access to those who need to know, using it only for the specified purpose, and protecting it with at least the same degree of care used for their own confidential information.
• Permitted disclosures and exclusions: Information that is excluded from the definition of confidential information, typically including information that is publicly available, was known to the receiving party before disclosure, was independently developed, or was received from a third party without restriction. The NDA should also address required disclosures — situations where the receiving party may be legally compelled to disclose the information, such as in response to a court order or regulatory investigation.
• Duration: The period during which the confidentiality obligations apply. Common durations range from one to five years, though some NDAs impose indefinite obligations for trade secrets. The appropriate duration depends on the nature of the information and how quickly it is likely to become obsolete or publicly known.
• Return or destruction of materials: A provision requiring the receiving party to return or destroy all confidential information and copies when the agreement ends or upon request. Some NDAs require written certification that destruction has been completed.
• Remedies: A statement that breach of the NDA may cause irreparable harm and that the disclosing party is entitled to seek injunctive relief (a court order stopping further disclosure) in addition to monetary damages.

NDAs should be used whenever you are sharing sensitive business information with someone who is not already bound by a duty of confidentiality. The most common situations that call for a non-disclosure agreement include:

Employment and contracting: When hiring employees or independent contractors who will have access to proprietary information, trade secrets, customer data, or internal business processes. Employment NDAs are typically signed as part of the onboarding process and remain in effect during and after the employment relationship. Contractor NDAs are often included in or appended to the independent contractor agreement.

Business partnerships and joint ventures: When two or more companies are exploring a potential business relationship and need to share confidential information to evaluate the opportunity. A mutual NDA protects both sides during the exploratory phase and ensures that if the partnership does not materialize, neither party can use the other's confidential information for their own benefit.

Investor discussions: When pitching your business to potential investors, venture capitalists, or angel investors. While many sophisticated investors refuse to sign NDAs before hearing a pitch (because they see many similar ideas), having an NDA available demonstrates that you take confidentiality seriously, and many investors will sign one once discussions become more substantive.

Mergers and acquisitions: Due diligence processes involve sharing highly sensitive financial, operational, and legal information. An NDA is essential to protect this information regardless of whether the deal ultimately closes.

Vendor and supplier relationships: When sharing proprietary specifications, manufacturing processes, pricing strategies, or customer information with vendors, suppliers, or service providers. This is particularly important in industries where vendors may also serve your competitors.

Creative collaborations: When sharing unpublished creative works, inventions, designs, or ideas with collaborators, potential partners, or evaluators. For inventions, maintaining confidentiality is also essential to preserving patent rights, as public disclosure before filing can forfeit the right to a patent in many jurisdictions.

Yes, a properly drafted and executed NDA is a legally binding contract that can be enforced in court. Like any contract, an NDA must meet certain basic requirements to be enforceable: it must involve an offer and acceptance, consideration (something of value exchanged between the parties — the mutual promise of confidentiality or the opportunity to receive confidential information typically satisfies this), and the parties must have the legal capacity to enter into the agreement. The terms of the NDA must also be reasonable and must not violate public policy.

If a party breaches an NDA by disclosing or misusing confidential information, the disclosing party can pursue several legal remedies. The most common remedy is an injunction — a court order requiring the breaching party to stop disclosing the information and take steps to mitigate the damage already caused. Injunctive relief is particularly valuable because monetary damages often cannot fully compensate for the harm caused by disclosure of confidential information, especially trade secrets and competitive intelligence. Courts generally grant injunctions more readily for NDA breaches than for other types of contract breaches because of the irreparable nature of the harm.

Monetary damages are also available for NDA breaches. The disclosing party can recover actual damages — the financial losses directly caused by the unauthorized disclosure — as well as any profits the breaching party earned by using the confidential information. In some cases, the court may also award punitive damages if the breach was willful or malicious. If the NDA includes an attorney's fees provision, the prevailing party can also recover their legal costs.

However, the enforceability of an NDA depends on its terms being reasonable. Courts may refuse to enforce an NDA that is overly broad in its definition of confidential information, unreasonably long in duration, unnecessarily restrictive in scope, or that tries to prevent the receiving party from using their own general knowledge and skills. An NDA that effectively prevents someone from working in their field may be treated similarly to a non-compete agreement and subjected to stricter scrutiny under state law. Courts also will not enforce NDA provisions that require concealment of illegal activity, fraud, or threats to public safety.

One of the most critical mistakes in drafting an NDA is defining confidential information too broadly or too narrowly. An overly broad definition — such as "all information shared between the parties" — may be viewed by courts as unreasonable and could be difficult to enforce. Conversely, an overly narrow definition may leave important categories of information unprotected. The best approach is to be specific about the types of information covered while including a reasonable catch-all provision. For example, listing specific categories (financial data, customer lists, technical specifications, business strategies) followed by "and any other non-public information that a reasonable person would understand to be confidential" provides both specificity and breadth.

Another common error is failing to include standard exclusions from the definition of confidential information. Every NDA should exclude information that is already publicly available, was already known to the receiving party, was independently developed, or was received from a third party without restriction. Without these exclusions, the NDA could theoretically prevent the receiving party from using information they already knew or that is publicly available — which is both unfair and likely unenforceable.

Failing to specify the duration of confidentiality obligations is another frequent mistake. An NDA without a defined term may be interpreted differently depending on the jurisdiction — some courts may apply a reasonable duration, while others may find the obligation unenforceable for vagueness. Always specify how long the confidentiality obligations last, and ensure the duration is reasonable for the type of information being protected. Trade secrets may warrant longer or even indefinite protection, while general business information may only need one to three years of protection.

Using a unilateral NDA when a mutual NDA is more appropriate can create unnecessary tension and may leave one party unprotected. If both parties will be sharing confidential information — even if the information sharing is not perfectly symmetrical — a mutual NDA is generally the better choice. It demonstrates good faith, provides balanced protection, and avoids the implication that one party's information is more valuable or deserving of protection than the other's.

Finally, many people make the mistake of relying solely on an NDA without taking other reasonable steps to protect their confidential information. An NDA is an important legal tool, but it should be part of a broader information security strategy that includes technical measures (encryption, access controls, secure file sharing), physical measures (locked offices, secure storage), and organizational measures (employee training, clear information handling policies). Courts are more likely to enforce an NDA and find that information qualifies as a trade secret if the disclosing party can demonstrate they took reasonable steps to maintain its secrecy beyond just having people sign an agreement.