How to write an NDA (non-disclosure agreement)

A non-disclosure agreement (NDA) protects sensitive information you share with employees, contractors, partners, or investors by setting clear legal rules around confidentiality.

To write an NDA that holds up, you need to define what counts as confidential, identify who is bound by the agreement, and set reasonable limits on how long the information stays protected. Done correctly, an NDA gives you legal recourse if someone misuses or discloses information you trusted them with.

What is an NDA?

A non-disclosure agreement (NDA) is a legal contract that requires one or more parties to keep specific information confidential and not share it without permission. Businesses use NDAs to protect sensitive details such as financial information, trade secrets, product designs, client lists, and internal strategies.

When you create an NDA, sometimes called a confidentiality agreement, you define what information must stay private, who is responsible for protecting it, and how long the confidentiality obligation lasts. If someone violates those terms, the agreement gives you the right to seek damages or stop further disclosure.

NDAs are commonly used during business negotiations, employee onboarding, vendor partnerships, and investment discussions. Without one, you risk losing control over information that gives your business a competitive advantage.

When do you need an NDA?

You should use an NDA whenever sharing information could create risk for your business if it were disclosed or misused. In most cases, that means putting an agreement in place before conversations begin, not after sensitive details have already been shared.

Founders, executives, legal counsel, and department leaders typically decide when NDAs are required by assessing what information will be disclosed and who will have access to it. Common situations where an NDA is appropriate include:

• During early business negotiations: Partnerships, acquisitions, and joint ventures often require sharing financials, customer lists, or business plans, and an NDA prevents the other party from using that information if discussions fall through
• When hiring employees: New hires may gain access to proprietary systems, sales data, or customer relationships, which is why many companies require NDAs before a start date
• While working with independent contractors or vendors: Freelancers, consultants, and suppliers often need internal access to do their work, making confidentiality terms essential before engagement begins
• During investment discussions: Pitching investors usually involves sharing revenue models, market strategies, or technical documentation that should remain protected if no deal is reached
• Throughout product development: New products involve trade secrets, research, and unreleased designs that need protection until launch
• When collaborating across companies: Joint ventures, integrations, and partnerships often involve shared systems, data, and processes that require clear rules around use and disclosure

Simple NDA template

Use this simple NDA template as a starting point and customize it based on your situation and jurisdiction:

NON-DISCLOSURE AGREEMENT (NDA)

This Non-Disclosure Agreement ("Agreement") is entered into as of [Date] by and between:

[Disclosing Party Name], with a principal place of business at [Address] ("Disclosing Party"), and [Receiving Party Name], with a principal place of business at [Address] ("Receiving Party").

1. Purpose:
   The Receiving Party agrees to receive Confidential Information solely for the purpose of [describe the business purpose].
2. Definition of confidential information:
   "Confidential Information" means any non-public information disclosed by the Disclosing Party, whether oral, written, electronic, or visual, including business plans, financial information, customer lists, technical data, product designs, software, marketing strategies, and internal documents.

Confidential Information does not include information that:

• is publicly available through no breach of this Agreement
• was known to the Receiving Party before disclosure
• is independently developed by the Receiving Party without use of the Confidential Information
• is lawfully obtained from a third party without restriction

1. Obligations of the receiving party:
   The Receiving Party agrees to protect the Confidential Information using reasonable care, limit access to individuals who need it for the stated purpose, and not disclose Confidential Information without prior written consent.
2. Duration:
   This Agreement begins on the effective date and continues for [number] years from the date of disclosure. Trade secret obligations continue as long as the information remains a trade secret.
3. Return or destruction of information:
   Upon request or termination, the Receiving Party shall promptly return or destroy all Confidential Information and copies.
4. Remedies:
   The Disclosing Party may seek injunctive relief and monetary damages for any breach.
5. Governing law:
   This Agreement is governed by the laws of the State of [State].

IN WITNESS WHEREOF, the parties have executed this Agreement as of the date first written above.

Disclosing Party: ___________________________
Name: ___________________________
Title: ___________________________
Date: ___________________________

Receiving Party: ___________________________
Name: ___________________________
Title: ___________________________
Date: ___________________________

Types of NDAs and when to use each

Not every NDA works the same way. The right type depends on who is sharing confidential information and whether disclosure flows in one direction or both. Choosing the wrong structure can leave gaps in protection or create unnecessary obligations that complicate enforcement later.

Unilateral NDA

A unilateral NDA protects confidential information when only one party is disclosing sensitive material. You use this type when you expect the other party to receive information but not share any confidential details in return.

Common examples include asking an investor to sign an NDA before reviewing financials, sharing a product design with a supplier, or onboarding an employee who will access internal systems. In each case, the obligation to protect information applies only to the receiving party.

Choose a unilateral NDA when the risk is one-sided and your primary goal is safeguarding your own data.

Mutual NDA

A mutual NDA protects both parties when confidential information is exchanged in both directions. This agreement binds each side to the same confidentiality obligations.

Mutual NDAs are common in merger discussions, joint venture negotiations, and co-development projects where both sides share customer data, technical plans, or strategic information. Each party agrees to protect what they receive and limit use to the agreed purpose.

Choose a mutual NDA when information flows both ways and balanced protection is required.

Multilateral NDA

A multilateral NDA applies when three or more parties need to share confidential information under a single agreement. Instead of managing multiple bilateral NDAs, all participants agree to the same confidentiality terms.

This structure is often used in consortium research, multi-party licensing negotiations, or partnerships involving several companies working toward a shared goal. A single agreement reduces administrative overhead and avoids conflicting terms.

Choose a multilateral NDA when confidentiality needs to be managed consistently across a group.

Essential elements of an effective NDA

Every NDA must include specific elements to protect confidential information and reduce the risk of enforcement issues later. Courts are more likely to uphold agreements that are clear, reasonable, and narrowly tailored to the situation. Missing or poorly defined terms can weaken your position if a dispute arises.

Definition of confidential information

Start by defining exactly what you consider confidential. Courts generally enforce only what is clearly described, so vague language like “business information” can create ambiguity.

List specific categories you want to protect, such as financial reports, technical designs, trade secrets, client lists, internal reports, and marketing strategies. If you plan to share information verbally, confirm it in writing so it remains covered under the agreement.

Many NDA disputes stem from definitions that are either too broad or too vague. Being precise strengthens enforceability and reduces room for interpretation later.

Parties involved

Clearly identify every party bound by the NDA using full legal names. Specify who is disclosing information and who is responsible for protecting it.

If employees, contractors, or subsidiaries will have access to the confidential information, state whether they are covered directly or indirectly through the receiving party. Omitting a party can create gaps that undermine protection.

Obligations of the receiving party

Spell out how the receiving party must handle confidential information. This typically includes using reasonable security measures, limiting access to those with a legitimate need to know, and restricting use to the purpose defined in the agreement.

Clear obligations reduce misunderstandings and make it easier to demonstrate a breach if the agreement is violated.

Timeframe for confidentiality

Define how long confidentiality obligations last. Many NDAs use fixed terms, often between 2 and 5 years, while trade secrets may require protection for as long as they remain confidential.

Choosing a reasonable timeframe helps balance protection with enforceability and reduces the risk that a court will view the agreement as overly restrictive.

Permitted disclosures

Specify when the receiving party may disclose confidential information without violating the NDA. Common exceptions include disclosures to employees or advisors who are bound by similar confidentiality obligations and disclosures required by law or court order.

Including permitted disclosures makes the agreement more practical and helps prevent disputes over legitimate information sharing.

Consequences of breach

State what happens if the receiving party violates the NDA. This may include financial damages, court orders to stop further disclosure, or recovery of legal costs.

Clear consequences discourage misuse and strengthen your position if enforcement becomes necessary.

Termination clauses and conditions

Explain when and how the NDA ends. Specify whether termination occurs after a set period, upon completion of a project, or through written notice from either party.

Clear termination terms prevent confusion about ongoing obligations and ensure both parties understand what happens to confidential information when the relationship ends.

How to write an NDA: Step-by-step guide

Most businesses draft NDAs with help from in-house legal teams, outside counsel, or business leaders familiar with vendor contracts. If the agreement is straightforward and tailored to a specific use case, you can usually draft a solid NDA in a few hours. More complex arrangements involving multiple parties, cross-border relationships, or regulated data often require legal review.

Step 1: Choose the right type of NDA

Start by identifying how confidential information will be shared. The structure of the agreement should match the direction and scope of disclosure.

• Unilateral (one-way) NDA: Use this when only your business is sharing confidential information, such as when hiring contractors or pitching investors
• Mutual (two-way) NDA: Choose this when both parties plan to exchange sensitive information during negotiations or joint projects
• Multilateral (multi-party) NDA: Use this when three or more parties will share confidential information under a single agreement

Selecting the correct structure at the outset helps prevent gaps in protection and avoids unnecessary revisions later.

Step 2: Draft the key sections

Every NDA relies on a small set of core sections that define who is involved, what information is protected, and how long obligations last.

Include clear language identifying the disclosing and receiving parties, a specific definition of confidential information, the permitted purpose for using that information, and the duration of confidentiality. Vague or incomplete sections create ambiguity and weaken enforceability.

Step 3: Include necessary legal provisions

Legal provisions clarify how the agreement will be enforced if something goes wrong. These clauses establish jurisdiction, remedies, and ownership rights.

Most NDAs include governing law and venue, remedies for breach, return or destruction of confidential information, and confirmation that no intellectual property rights are transferred. Together, these terms protect your rights if the agreement is violated.

Step 4: Review and customize

Before finalizing the NDA, tailor it to your industry and situation. Technology agreements often require additional protections for software and source code, while healthcare and finance agreements may need to address regulatory compliance.

Watch for overly broad definitions, unreasonable confidentiality periods, or restrictions that limit the receiving party’s ability to use their existing knowledge. For high-value intellectual property, international relationships, or heavily negotiated terms, legal review can help prevent costly mistakes.

NDA pitfalls to avoid

Common drafting mistakes can weaken an NDA and make it harder to enforce when it matters. Reviewing these issues before you finalize an agreement helps you avoid disputes and protects both parties from unclear or unreasonable terms.

Before and after NDA clauses

Comparing weak and strong clauses highlights what courts and counterparties expect from a well-drafted NDA.

Example 1: Confidential information definition

Before: Confidential Information includes all information shared between the parties during the term of this Agreement, including anything discussed in meetings or communications.

After: "Confidential Information" means proprietary information marked as "Confidential" or that a reasonable person would understand to be confidential, including customer lists, pricing information, product specifications, and business strategies. Confidential Information excludes information that is publicly available, already known to the Receiving Party, independently developed, or disclosed by a third party without breach of confidentiality obligations.

Example 2: Duration clause

Before: This Agreement remains in effect indefinitely and the Receiving Party must keep all information confidential forever.

After: This Agreement shall remain in effect for 3 years from the date of disclosure of any Confidential Information. The Receiving Party's confidentiality obligations shall survive termination for an additional 2 years, except for trade secrets, which remain protected as long as they qualify as trade secrets under applicable law.

Example 3: Obligations clause

Before: The Receiving Party agrees to keep information confidential and not share it with anyone.

After: The Receiving Party shall protect Confidential Information using reasonable care and may disclose it only to employees, contractors, or advisors who have a legitimate need to know and are bound by written confidentiality obligations at least as protective as those in this Agreement.

Common mistakes to avoid

• Overly broad definitions: Vague or sweeping language can make an NDA difficult to enforce and may capture information the receiving party already knows
• Missing exclusions: Failing to exclude public information, prior knowledge, independently developed materials, or lawful third-party disclosures creates unreasonable restrictions
• Unreasonable duration: Confidentiality periods that exceed industry norms for non-trade-secret information can make an agreement appear one-sided
• Unclear obligations: Ambiguous requirements around use, access, or protection increase the risk of disputes over whether a breach occurred

NDA checklist

A careful review process helps you avoid signing an agreement that creates unnecessary risk or confusion. Use this checklist to confirm the NDA is clear, reasonable, and aligned with how the information will actually be shared.

Review points for both parties:

• Party identification: Confirm all parties are listed with correct legal names and addresses
• Confidential information: Verify the definition is specific and not overly broad
• Exclusions: Check that public information, prior knowledge, and independently developed materials are excluded
• Permitted use: Confirm the agreement limits use to a clearly defined purpose
• Duration: Ensure the confidentiality period aligns with industry norms and business needs
• Obligations: Review security, access, and disclosure requirements for feasibility
• Governing law and venue: Confirm where disputes would be resolved
• Return or destruction: Check requirements for handling information when the relationship ends

Questions to ask before agreeing:

• Clarity: Does the agreement clearly explain what the receiving party can and cannot do with the information?
• Practicality: Can you realistically comply with the confidentiality requirements using current processes?
• Impact: Will the duration or scope of the NDA limit future business activities?
• Exit: Does the agreement explain what happens to confidential information after termination?

NDA implementation tips

Clear communication and reasonable terms make NDAs easier to sign and enforce. These practices help reduce friction while protecting sensitive information.

Professional presentation

Share the NDA with a short explanation of why it is needed and what information will be disclosed. Position the agreement as a standard safeguard rather than a signal of distrust, and allow time for review before requesting signatures.

Negotiation strategies

Start with balanced terms that protect your interests without imposing unnecessary restrictions. Identify which provisions are non-negotiable and where flexibility is possible before discussions begin.

When reviewing proposed changes, focus on whether they introduce real risk rather than rejecting edits automatically. Narrowing scope or shortening duration can often resolve concerns without weakening protection.

Digital signing options

Electronic signature platforms such as DocuSign, Adobe Sign, or PandaDoc speed up execution and create a clear audit trail by tracking when agreements are viewed and signed.

Digital signatures generally carry the same legal effect as handwritten signatures when used in accordance with the Electronic Signatures in Global and National Commerce Act and the Uniform Electronic Transactions Act.

Save time and money with Ramp Procurement

Purchase orders help control spend, reduce risk, and create accountability across teams. When purchasing relies on emails, spreadsheets, or manual approvals, errors and delays become harder to avoid.

Ramp Procurement centralizes purchase orders, approvals, bill pay, and vendor management in one platform. With real-time visibility into approved spend and automated workflows, finance teams can move faster while maintaining control.

By connecting purchasing activity directly to real-time spend data, Ramp helps teams reduce manual work and make more informed decisions. Try Ramp’s interactive product demo to see how it works.