A non-disclosure agreement does one job: it obligates someone who receives sensitive information to keep it secret and use it only for an agreed purpose. That is a reasonable thing to ask before a candid conversation about a deal, a hire, or a partnership — which is why NDAs are everywhere, and why most people sign them on autopilot. The autopilot is the problem. NDAs differ meaningfully, and a few common variations shift real risk onto the signer.
One-way or mutual
The first thing to identify is direction. A one-way (unilateral) NDA protects only one party's information — typical when a company discloses to a contractor or a job candidate. A mutual NDA protects both sides' disclosures — the natural form when two businesses explore working together. If you will be sharing anything sensitive of your own, a one-way NDA pointed at you protects none of it; ask for a mutual form.
The pieces of a standard NDA
- Definition of confidential information — what is protected. It may cover anything disclosed, only things marked confidential, or defined categories (financials, customer lists, technical data).
- Purpose — the specific reason the information is being shared, such as 'evaluating a potential business relationship.' Use for anything else is a breach.
- Obligations — keep it secret, protect it with reasonable care, share it internally only with people who need it and are bound by similar duties.
- Exclusions — the standard carve-outs: information already public, already known to the recipient, received lawfully from a third party, or independently developed. A disclosure legally compelled (by subpoena, for example) is typically permitted with notice.
- Term and survival — how long the agreement runs and how long confidentiality duties last after it ends.
- Return or destruction — what happens to the materials when the relationship ends.
- Remedies — often including injunctive relief, meaning a court can order the disclosure stopped rather than just award money later.
Term vs. survival — two different clocks
NDAs run on two clocks that are easy to conflate. The term is how long the agreement itself is active — the window during which disclosures are covered, often one to three years for an exploratory relationship. Survival is how long the confidentiality duty lasts for information already disclosed, and it usually runs past the term: an NDA with a two-year term and five-year survival protects anything shared in the first two years for five years from disclosure. Check both numbers, and check what starts each clock — signing, disclosure, or termination.
Reasonable terms vs. overreach
A fair NDA is scoped to real secrets for a sensible time. Overreach usually shows up in one of these forms:
- A definition so broad that every conversation is 'confidential' — with no exclusions, or exclusions quietly missing.
- Perpetual confidentiality for ordinary business information. Genuine trade secrets can merit protection for as long as they stay secret; routine information usually justifies a defined period, commonly a few years.
- Smuggled-in restrictive covenants: a 'confidentiality' agreement that also contains a non-compete or a non-solicitation clause. Those are different obligations with different consequences — notice them before signing, and negotiate them separately.
- IP assignment language transferring ownership of ideas you share, rather than merely protecting them.
- One-way obligations in what should be a mutual exchange.
- Residuals clauses (in the other direction) letting the recipient freely use whatever their people 'remember' — which can hollow out the protection a discloser thinks it has.
Practical points for disclosers
- Mark confidential material as confidential, especially if the definition requires marking.
- Share the minimum needed for the stated purpose — an NDA is a remedy, not a force field.
- Keep a record of what you disclosed and when; enforcement is hard without it.
- Remember an NDA does not verify trustworthiness. It creates a claim if things go wrong, not a guarantee they won't.
Practical points for recipients
- Confirm you can actually comply — who inside your team may see the information, and how you will track it.
- Watch the purpose clause: working with a competitor later is normal business, and a well-scoped NDA does not prevent it; an overbroad one may try.
- Check term, governing law, and remedies so you know what you are exposed to and where.
What an NDA cannot do
An NDA is a confidentiality tool, not a general shield. It does not stop the other side from competing with you using knowledge they already had, does not protect ideas that fall within its own exclusions, and generally cannot prevent disclosures required by law. Public policy also limits what silence can be bought: various laws protect whistleblowing to government agencies, and several jurisdictions restrict NDAs that would conceal certain workplace misconduct — details vary by state. If what you actually need is a non-compete, an IP assignment, or a full services agreement, use that document; stretching an NDA to do another contract's job serves nobody.
Most NDAs are signed in minutes and never looked at again — and that is fine, when the terms are standard. The point of this guide is to make the non-standard ones visible before you sign. NDAs are generally enforceable contracts when reasonably scoped, but enforceability details vary by state, and this guide is general information rather than legal advice. For high-stakes disclosures — an acquisition, a core trade secret — have an attorney review the form first.
This guide is general, educational information — not legal advice. XOsign provides AI-assisted document tools and does not provide legal advice. Laws and requirements vary by state; for guidance on your specific situation, consult a qualified attorney in your jurisdiction.