NDAs: When You Need it, Types & Gotchas

Michelle Ma
August 16, 2024

Contracts

The first in my contracts series are Non-Disclosure Agreements, with discussion of other contract types coming up. In today’s post, I discuss what’s an NDA, when you need it, when mutual v. one-way NDAs are appropriate, and clauses in NDAs that you should almost never agree to. 

What’s an NDA?

An NDA is a Non-Disclosure Agreement that covers the confidentiality practices of certain types of information that a company considers proprietary. These responsibilities include: keeping the designated information confidential and having access controls in place, requiring employees and contractors to sign NDAs before accessing confidential information, and requiring other companies to sign NDAs when sharing information with them. NDAs also define what type of information needs to be kept confidential, often including: customer lists, user data, company legal documents, business plans, software code, and any other company business and technical documents that aren't normally disclosed to the public. NDAs usually specify a number of years in which the companies agree to protect the information, and how to terminate it. 

When You Need an NDA

You should sign an NDA prior to sharing any non-public company information with another person or company. Often, sales teams will have customers sign NDAs before sharing detailed product information or before receiving any non-public customer data. From there, customers will vet the product more closely before signing the full customer agreement. When hiring, companies usually require candidates to sign an NDA before coming on-site for interviews, and employment agreements contain confidentiality clauses (among others).

Mutual and One-Way NDAs

Most NDAs companies sign are mutual, which means both companies have mirroring responsibilities as to the other company’s confidential information. Mutual NDAs are most often signed in sales, partnership, and development relationships, where both companies anticipate sharing information. In most sales deals, sales teams and customers sign mutual NDAs so they can freely share information, and as a show of reciprocity, even if the sales team doesn’t share any non-public information.

However, sometimes one company anticipates providing confidential information to the other company but doesn’t expect to receive any in return, and they want to make it clear they aren’t under any confidentiality obligations if they do actually receive it. This can happen in consultant relationships, where a company will disclose large amounts of confidential information to a consultant who is preparing work product for them. In this case, a one-way NDA may be appropriate.

Gotchas in NDAs That You Should Not Agree To

Most NDAs are standard and vanilla, running under 4 pages with typical language. However, sometimes NDAs from a larger vendor or customer will include aggressive terms that are highly unfavorable to you, such as:

  • IP assignment of any work developed under the NDA to the other company (except for feedback).
  • License of certain rights to IP developed to the other company (except for feedback).
  • Very long term requirements, such as > 5 years.

Generally, IP assignment and licenses do not belong in NDAs. NDAs should only cover confidentiality obligations for certain types of defined information. Any other provisions around IP ownership or licensing belong in a separate, negotiated agreement (such as a partnership, materials transfer, and others), and should be removed from an NDA before signing. 

One exception is feedback – often, companies will want a license to or ownership of any feedback their customers or partners provide them that relates to their product to aid in product development. Feedback assignments or licenses are common and usually not contentious, as long as they’re specific to the product and for product development purposes. 

Confidentiality obligations beyond 5 years can be very onerous for a company to comply with. When negotiating, consider what type of information is being shared, how sensitive it is, and how quickly it becomes stale or outdated. Often, it may not be necessary or desirable to agree to longer than 5 years.

Ultimately, these are generalizations that apply to most cases, but may not work for all. Your attorney should factor in your business and operational goals when advising on these terms and look at them on a case-by-case basis.