Organizations, roles & sharing for teams.See what's new
All posts
July 11, 202611 min read

Non-Disclosure Agreement (NDA): what it is and how to write one

The Stoatify team

Two people shaking hands over a desk while a document is passed between them.
An NDA sets the ground rules before sensitive information changes hands.

A promising client wants to see your proposal. A contractor needs access to product plans. Two companies are exploring a partnership, but neither is ready to reveal its ideas without some ground rules. A non-disclosure agreement can create those rules before sensitive information starts moving.

This guide explains what an NDA is, when it can help, and how to write one clause by clause. It focuses on common U.S. business agreements. Laws and enforceability vary by jurisdiction and situation, so treat this as general legal information, not legal advice. Ask a qualified lawyer to review an NDA when the information, relationship, or consequences are significant.

What is a non-disclosure agreement?

A non-disclosure agreement, also called an NDA, confidentiality agreement, or confidential disclosure agreement, is a contract that identifies information one or more parties must protect. It typically says what is confidential, why the recipient may use it, who may receive it, how long the duties last, and what happens when disclosure is required or the relationship ends.

An NDA does not make every fact secret merely because a document labels it confidential. For trade secret protection, the U.S. Patent and Trademark Office explains that information must have actual or potential economic value from not being generally known and must be subject to reasonable efforts to keep it secret. A carefully used NDA can be one of those reasonable efforts, alongside access controls, staff training, secure storage, and marking sensitive material.

Unilateral and mutual NDAs

Choose the structure that matches the information flow. In a unilateral NDA, only one party expects to disclose protected information. A business sharing an unreleased product plan with a freelancer might use this structure. In a mutual NDA, both parties expect to disclose protected information and each accepts the same basic duties as a recipient. Mutual terms often fit partnership, acquisition, joint-development, and vendor discussions.

Do not choose mutual language simply because it sounds balanced. If only one side is disclosing, mutual obligations can create duties that neither party needs. If both sides are sharing, a one-way agreement can leave one side unprotected. Map the expected disclosures first, then select the agreement type.

Unilateral NDA
Mutual NDA
  • One party discloses; the other receives
    Both parties disclose and both receive
  • Only the recipient owes confidentiality duties
    Each party owes the same duties as a recipient
  • Fits sharing a plan with a freelancer or vendor
    Fits partnership, acquisition, or joint-development talks
  • Simple, one-directional obligations
    Balanced, but adds duties both sides must keep

When should you use an NDA?

  • Client and sales discussions: sharing pricing models, customer data, proposals, technical designs, or an unreleased roadmap during evaluation.
  • Contractors and consultants: giving an outside professional access to source code, processes, financial records, creative assets, or internal systems.
  • Partnership and investment talks: exchanging commercial plans, forecasts, research, or due-diligence materials while testing a possible deal.
  • Product and invention work: discussing prototypes, formulas, designs, manufacturing methods, datasets, or patent-sensitive material with collaborators.
  • Vendors and service providers: allowing a supplier to handle confidential operational, employee, or customer information for a defined service.

Timing matters. Put appropriate confidentiality terms in place before sharing the sensitive material. An NDA signed after disclosure may not address what the recipient already learned, and delay can weaken the practical argument that the information was handled as secret.

How to write a non-disclosure agreement

A useful NDA is specific enough that both sides can understand and follow it. Start with the business reality, not a pile of boilerplate. Write down who will disclose, what they will share, why the recipient needs it, which people need access, and how long the project and sensitivity are likely to last. Then translate those answers into the clauses below.

1. Identify the parties and effective date

Use each party's complete legal name, entity type, jurisdiction of formation when relevant, and address. Define which party is the disclosing party and which is the receiving party, or state that either party can occupy either role under a mutual NDA. Include the effective date and make sure each signer has authority to bind the named person or organization.

2. State the permitted purpose

Describe why information is being shared, such as evaluating a software implementation, preparing a specific project proposal, or performing services under a named engagement. The recipient should be allowed to use confidential information only for that purpose. A narrow, concrete purpose is easier to follow than a vague phrase such as business discussions.

3. Define confidential information

Define the protected subject matter with enough detail to make the boundary recognizable. It may include technical information, source code, product designs, financial data, customer or supplier information, business plans, research, processes, and the existence or terms of the discussions. Address the forms in which information may arrive, including written, oral, visual, electronic, and physical disclosures.

Decide how information becomes designated as confidential. One approach protects material marked confidential and requires oral disclosures to be identified when made and confirmed in writing within a stated period. Another protects information that a reasonable person would understand to be confidential from its nature and the circumstances. Avoid claiming every piece of information exchanged, without distinction, if the parties could not realistically identify what must be protected.

4. Add standard exclusions

An NDA commonly excludes information the recipient can document was already lawfully known without a confidentiality duty, becomes public without the recipient's breach, arrives lawfully from a third party without a duty of confidence, or is independently developed without using the protected information. These exclusions keep the agreement focused on information the discloser can properly control.

5. Describe the recipient's duties

State that the recipient may use the information only for the permitted purpose, may not disclose it except as allowed, and must protect it with a defined level of care. The agreement can allow disclosure to employees, contractors, accountants, lawyers, or affiliates who need the information for the purpose and are bound by confidentiality duties at least as protective. Say whether the recipient remains responsible for those representatives.

Consider operational duties that fit the risk: restricting copies, applying security controls, notifying the discloser promptly of suspected unauthorized access, and cooperating to limit harm. Avoid obligations that the recipient cannot actually perform or verify.

6. Cover required disclosures and protected reporting

A recipient may be compelled by subpoena, court order, or law to disclose information. A common clause requires prompt notice when legally permitted, reasonable cooperation, and disclosure of only what is legally required. The agreement should not obstruct lawful reports to regulators, law enforcement, or counsel.

U.S. employers need special care here. Under 18 U.S.C. § 1833, an agreement governing an employee's use of trade secrets or confidential information must give notice of federal immunity for certain confidential disclosures made to government officials or an attorney to report or investigate suspected legal violations, or in sealed court filings. For this rule, employee includes contractors and consultants. The statute also describes consequences for an employer that omits the notice. Have employment and contractor language reviewed for applicable federal and state requirements.

7. Set the term and confidentiality period

Distinguish the agreement term from the survival of confidentiality duties. The sharing relationship might last one year while confidentiality obligations continue for three or five years. Information that qualifies as a trade secret is sometimes protected for as long as it remains a trade secret. The right duration depends on how quickly the information loses sensitivity, applicable law, and the burden on the recipient. Avoid choosing perpetual coverage without considering enforceability and practical need.

8. Address return or destruction

Explain what happens to confidential material on request or when discussions end. The recipient may need to return or destroy copies and confirm completion. Add realistic exceptions for automatic backups, legal retention duties, and a limited archival copy held by counsel, while keeping retained material subject to confidentiality restrictions.

9. Clarify ownership and what is not granted

Make clear that disclosure does not transfer ownership or grant an intellectual property license except as expressly stated. If appropriate, say that neither party is required to proceed with a transaction and that information is provided without warranties for evaluation. An NDA protects confidentiality. It should not quietly become a noncompete, invention assignment, services agreement, or intellectual property transfer.

10. Choose remedies, governing law, and standard contract terms

NDAs often acknowledge that unauthorized disclosure can cause harm that money alone may not fully repair and allow a party to seek injunctive relief, subject to applicable law and a court's decision. Include a sensible governing-law and forum clause, plus standard terms for notices, assignment, amendments, severability, waiver, counterparts, and the entire agreement. A lawyer can help align these clauses with the parties' locations and the main commercial relationship.

NDA drafting mistakes to avoid

  • Using a definition so broad that the recipient cannot tell what is confidential.
  • Leaving the permitted purpose vague or allowing unrestricted use of the information.
  • Forgetting exclusions for public, independently developed, lawfully received, or already known information.
  • Giving access to representatives without need-to-know limits or matching confidentiality duties.
  • Using one duration for every kind of information without considering its useful life.
  • Trying to restrict lawful whistleblowing, regulatory reporting, or legally compelled disclosure.
  • Failing to coordinate the NDA with a services contract, employment agreement, privacy obligations, or intellectual property terms.
  • Signing under a trade name instead of the correct legal entity, or using a signer without authority.

How to send an NDA for e-signature with Stoatify

Stoatify gives you a prebuilt Non-Disclosure Agreement template inside the same secure vault where you organize your business documents. Open the template, tailor the parties, purpose, confidential-information definition, duration, and jurisdiction-specific clauses, then review the finished agreement. For higher-risk disclosures, ask counsel to review it before sending.

Stoatify's e-signature builder, with a list of field types on the left and an agreement on the right showing placed signature, initials, name, and date fields.
Add signature, name, title, and date fields in the drag-and-drop builder, assign each to a signer, and send for legally binding signatures.

Add signature, name, title, and date fields in Stoatify's drag-and-drop builder, assign them to the correct signers, and send the NDA for legally binding electronic signatures. Each signer can complete the guided signing flow from any device without creating an account. Stoatify records the signing events, cryptographically seals the completed PDF, provides a tamper-evident audit certificate, and files the signed result in your searchable vault.

The Stoatify vault showing documents sorted into categories such as Legal, Financial, and Identity, each with a colored icon and count.
The sealed, signed NDA files itself back into your vault, sorted into a category and searchable alongside the rest of the engagement.

In the United States, the federal ESIGN Act provides that a signature or contract generally may not be denied legal effect solely because it is electronic, while preserving other legal requirements and special consumer-consent rules. Contract validity still depends on the full circumstances, including intent, authority, consent, the document type, and applicable state or federal law. Some documents and jurisdictions have additional requirements or exclusions.

Start with Stoatify's NDA template, adapt it to the specific disclosure, and send it for signature while the terms are clear and the conversation is moving. You will have the draft, signing trail, sealed agreement, and final record together instead of scattered across an editor, inbox, signing service, and folder tree.

Authoritative sources

Give your documents one home.

Start free in under a minute and keep every document organized and private.

No credit card required