Non-Disclosure Agreement (NDA): what it is and how to write one
The Stoatify team

A promising client wants to see your proposal. A contractor needs access to product plans. Two companies are exploring a partnership, but neither is ready to reveal its ideas without some ground rules. A non-disclosure agreement can create those rules before sensitive information starts moving.
This guide explains what an NDA is, when it can help, and how to write one clause by clause. It focuses on common U.S. business agreements. Laws and enforceability vary by jurisdiction and situation, so treat this as general legal information, not legal advice. Ask a qualified lawyer to review an NDA when the information, relationship, or consequences are significant.
What is a non-disclosure agreement?
A non-disclosure agreement, also called an NDA, confidentiality agreement, or confidential disclosure agreement, is a contract that identifies information one or more parties must protect. It typically says what is confidential, why the recipient may use it, who may receive it, how long the duties last, and what happens when disclosure is required or the relationship ends.
An NDA does not make every fact secret merely because a document labels it confidential. For trade secret protection, the U.S. Patent and Trademark Office explains that information must have actual or potential economic value from not being generally known and must be subject to reasonable efforts to keep it secret. A carefully used NDA can be one of those reasonable efforts, alongside access controls, staff training, secure storage, and marking sensitive material.
Unilateral and mutual NDAs
Choose the structure that matches the information flow. In a unilateral NDA, only one party expects to disclose protected information. A business sharing an unreleased product plan with a freelancer might use this structure. In a mutual NDA, both parties expect to disclose protected information and each accepts the same basic duties as a recipient. Mutual terms often fit partnership, acquisition, joint-development, and vendor discussions.
Do not choose mutual language simply because it sounds balanced. If only one side is disclosing, mutual obligations can create duties that neither party needs. If both sides are sharing, a one-way agreement can leave one side unprotected. Map the expected disclosures first, then select the agreement type.
- One party discloses; the other receivesBoth parties disclose and both receive
- Only the recipient owes confidentiality dutiesEach party owes the same duties as a recipient
- Fits sharing a plan with a freelancer or vendorFits partnership, acquisition, or joint-development talks
- Simple, one-directional obligationsBalanced, but adds duties both sides must keep
When should you use an NDA?
- Client and sales discussions: sharing pricing models, customer data, proposals, technical designs, or an unreleased roadmap during evaluation.
- Contractors and consultants: giving an outside professional access to source code, processes, financial records, creative assets, or internal systems.
- Partnership and investment talks: exchanging commercial plans, forecasts, research, or due-diligence materials while testing a possible deal.
- Product and invention work: discussing prototypes, formulas, designs, manufacturing methods, datasets, or patent-sensitive material with collaborators.
- Vendors and service providers: allowing a supplier to handle confidential operational, employee, or customer information for a defined service.
Timing matters. Put appropriate confidentiality terms in place before sharing the sensitive material. An NDA signed after disclosure may not address what the recipient already learned, and delay can weaken the practical argument that the information was handled as secret.
How to write a non-disclosure agreement
A useful NDA is specific enough that both sides can understand and follow it. Start with the business reality, not a pile of boilerplate. Write down who will disclose, what they will share, why the recipient needs it, which people need access, and how long the project and sensitivity are likely to last. Then translate those answers into the clauses below.
1. Identify the parties and effective date
Use each party's complete legal name, entity type, jurisdiction of formation when relevant, and address. Define which party is the disclosing party and which is the receiving party, or state that either party can occupy either role under a mutual NDA. Include the effective date and make sure each signer has authority to bind the named person or organization.
2. State the permitted purpose
Describe why information is being shared, such as evaluating a software implementation, preparing a specific project proposal, or performing services under a named engagement. The recipient should be allowed to use confidential information only for that purpose. A narrow, concrete purpose is easier to follow than a vague phrase such as business discussions.
3. Define confidential information
Define the protected subject matter with enough detail to make the boundary recognizable. It may include technical information, source code, product designs, financial data, customer or supplier information, business plans, research, processes, and the existence or terms of the discussions. Address the forms in which information may arrive, including written, oral, visual, electronic, and physical disclosures.
Decide how information becomes designated as confidential. One approach protects material marked confidential and requires oral disclosures to be identified when made and confirmed in writing within a stated period. Another protects information that a reasonable person would understand to be confidential from its nature and the circumstances. Avoid claiming every piece of information exchanged, without distinction, if the parties could not realistically identify what must be protected.
4. Add standard exclusions
An NDA commonly excludes information the recipient can document was already lawfully known without a confidentiality duty, becomes public without the recipient's breach, arrives lawfully from a third party without a duty of confidence, or is independently developed without using the protected information. These exclusions keep the agreement focused on information the discloser can properly control.
5. Describe the recipient's duties
State that the recipient may use the information only for the permitted purpose, may not disclose it except as allowed, and must protect it with a defined level of care. The agreement can allow disclosure to employees, contractors, accountants, lawyers, or affiliates who need the information for the purpose and are bound by confidentiality duties at least as protective. Say whether the recipient remains responsible for those representatives.
Consider operational duties that fit the risk: restricting copies, applying security controls, notifying the discloser promptly of suspected unauthorized access, and cooperating to limit harm. Avoid obligations that the recipient cannot actually perform or verify.
6. Cover required disclosures and protected reporting
A recipient may be compelled by subpoena, court order, or law to disclose information. A common clause requires prompt notice when legally permitted, reasonable cooperation, and disclosure of only what is legally required. The agreement should not obstruct lawful reports to regulators, law enforcement, or counsel.
U.S. employers need special care here. Under 18 U.S.C. § 1833, an agreement governing an employee's use of trade secrets or confidential information must give notice of federal immunity for certain confidential disclosures made to government officials or an attorney to report or investigate suspected legal violations, or in sealed court filings. For this rule, employee includes contractors and consultants. The statute also describes consequences for an employer that omits the notice. Have employment and contractor language reviewed for applicable federal and state requirements.
7. Set the term and confidentiality period
Distinguish the agreement term from the survival of confidentiality duties. The sharing relationship might last one year while confidentiality obligations continue for three or five years. Information that qualifies as a trade secret is sometimes protected for as long as it remains a trade secret. The right duration depends on how quickly the information loses sensitivity, applicable law, and the burden on the recipient. Avoid choosing perpetual coverage without considering enforceability and practical need.
8. Address return or destruction
Explain what happens to confidential material on request or when discussions end. The recipient may need to return or destroy copies and confirm completion. Add realistic exceptions for automatic backups, legal retention duties, and a limited archival copy held by counsel, while keeping retained material subject to confidentiality restrictions.
9. Clarify ownership and what is not granted
Make clear that disclosure does not transfer ownership or grant an intellectual property license except as expressly stated. If appropriate, say that neither party is required to proceed with a transaction and that information is provided without warranties for evaluation. An NDA protects confidentiality. It should not quietly become a noncompete, invention assignment, services agreement, or intellectual property transfer.
10. Choose remedies, governing law, and standard contract terms
NDAs often acknowledge that unauthorized disclosure can cause harm that money alone may not fully repair and allow a party to seek injunctive relief, subject to applicable law and a court's decision. Include a sensible governing-law and forum clause, plus standard terms for notices, assignment, amendments, severability, waiver, counterparts, and the entire agreement. A lawyer can help align these clauses with the parties' locations and the main commercial relationship.
NDA drafting mistakes to avoid
- Using a definition so broad that the recipient cannot tell what is confidential.
- Leaving the permitted purpose vague or allowing unrestricted use of the information.
- Forgetting exclusions for public, independently developed, lawfully received, or already known information.
- Giving access to representatives without need-to-know limits or matching confidentiality duties.
- Using one duration for every kind of information without considering its useful life.
- Trying to restrict lawful whistleblowing, regulatory reporting, or legally compelled disclosure.
- Failing to coordinate the NDA with a services contract, employment agreement, privacy obligations, or intellectual property terms.
- Signing under a trade name instead of the correct legal entity, or using a signer without authority.
How to send an NDA for e-signature with Stoatify
Stoatify gives you a prebuilt Non-Disclosure Agreement template inside the same secure vault where you organize your business documents. Open the template, tailor the parties, purpose, confidential-information definition, duration, and jurisdiction-specific clauses, then review the finished agreement. For higher-risk disclosures, ask counsel to review it before sending.

Add signature, name, title, and date fields in Stoatify's drag-and-drop builder, assign them to the correct signers, and send the NDA for legally binding electronic signatures. Each signer can complete the guided signing flow from any device without creating an account. Stoatify records the signing events, cryptographically seals the completed PDF, provides a tamper-evident audit certificate, and files the signed result in your searchable vault.

In the United States, the federal ESIGN Act provides that a signature or contract generally may not be denied legal effect solely because it is electronic, while preserving other legal requirements and special consumer-consent rules. Contract validity still depends on the full circumstances, including intent, authority, consent, the document type, and applicable state or federal law. Some documents and jurisdictions have additional requirements or exclusions.
Start with Stoatify's NDA template, adapt it to the specific disclosure, and send it for signature while the terms are clear and the conversation is moving. You will have the draft, signing trail, sealed agreement, and final record together instead of scattered across an editor, inbox, signing service, and folder tree.
