How to write an non-disclosure agreement (NDA)

A non-disclosure agreement (NDA) protects sensitive information you share with partners, employees, contractors, or investors. It sets clear legal terms that prevent others from using or exposing confidential details without permission.

To write an NDA that holds up, you need to define what counts as confidential, specify who is bound by the agreement, and set limits on how long the information stays protected. A strong NDA empowers you to act when someone violates your trust.

What is an NDA

When you create an NDA, you clearly define what stays private, who must protect the information, and how long confidentiality lasts. If someone breaches those terms, you have the legal right to seek damages or block further disclosure.

NDAs are a common safeguard during business negotiations, employee onboarding, vendor partnerships, and investment discussions. Without one, you risk losing control over information that gives your business a competitive advantage.

The need for NDAs keeps growing. Over one-third of the U.S. workforce is now bound by an NDA to protect proprietary information in commercial deals and hiring processes. As businesses rely more on digital collaboration, protecting data with formal agreements has become essential.

When should you use an NDA?

You decide when to use an NDA by evaluating the risk involved in sharing sensitive information. If disclosing details could damage your business, you need to protect them with an NDA before the conversation begins.

Founders, executives, legal counsel, and department leaders typically decide when NDAs are necessary. Before any external meeting, partnership discussion, or hiring conversation, they review what information will be shared and assess if it needs protection.

• During early business negotiations. Partnerships, acquisitions, and joint ventures often require you to share financials, customer lists, or business plans. An NDA agreement ensures that the other party cannot use or disclose the information you provided if talks fall through.
• When hiring employees. New hires usually gain access to confidential material like sales data, proprietary technology, or customer relationships. This is why most businesses in industries like tech, healthcare, and finance require employees to sign NDAs before their first day.
• While working with independent contractors or vendors. Freelancers, consultants, and suppliers may need inside access to complete their projects. Protect your internal knowledge by making confidentiality terms clear before work begins.
• During investment discussions. Sharing revenue models, market strategies, and technical documentation is often necessary when pitching investors. An NDA prevents potential investors from misusing or exposing your private information if they decline to invest.
• Throughout product development. Building a new product or service involves trade secrets, research findings, and unreleased designs. Securing these with an NDA helps you keep your competitive advantage intact until launch.
• When collaborating across teams or companies. Partnerships, joint ventures, and integrations often involve sharing internal systems, customer data, and processes. When you write an NDA, you establish clear rules for how others can use different types of information and what happens if they breach confidentiality.

Key elements every NDA must include

Every NDA you create must cover specific details to protect your information, close legal loopholes, and strengthen your position if someone breaches the agreement. Courts enforce NDAs only when the terms are clear, reasonable, and specific. If you leave these elements out or define them poorly, you weaken your rights and make it harder to enforce this legal document when it matters most.

Definition of confidential information

Start by defining exactly what you consider confidential. Courts enforce only what you clearly protect. If you use vague terms like “business information,” you leave room for dispute.

List the specific categories you want to protect, like financial reports, technical designs, trade secrets, client lists, internal reports, marketing strategies, and any other sensitive information. When you disclose information verbally, you should confirm it in writing to keep it covered.

Most NDA disputes occur because confidentiality definitions are too broad or unclear. Being specific strengthens your protection and prevents arguments later.

Parties involved

Clearly identify every party bound by the NDA. Use full legal names and explain who is sharing information and who must protect it. If you expect employees, contractors, or subsidiaries to access the information, include them or state that the agreement covers them.

If you miss someone, you risk leaving gaps that weaken your protection. Properly defining every party gives you full control over who handles your sensitive information.

Obligations of receiving party

Spell out what you expect the receiving party to do. They must protect your confidential information with reasonable security measures, limit access to those who need to know, and use the information only for the specific purpose you agreed upon. They cannot share it with third parties unless you give written permission.

When you clearly state these obligations, you eliminate confusion and strengthen your ability to enforce the agreement if a problem happens. You also make it easier for the receiving party to understand their responsibilities right from the start.

Timeframe for confidentiality

Decide how long the confidentiality obligation should last and write it clearly. You might set a fixed period, such as three or five years, or state that protection continues until the information becomes public without the receiving party’s help.

Businesses usually use fixed timeframes, likely between three and five years. For trade secrets or highly sensitive projects, you might need longer protection. When you define the timeframe upfront, you make the service agreement fairer and easier to enforce if a dispute ever reaches court.

Permitted disclosures

List the situations where the receiving party can share your confidential information without breaching the agreement. You might allow them to share it with employees, advisors, or consultants who need the information and who are bound by similar confidentiality rules. You should also allow disclosure if required by law, regulation, or court order.

If you do not list permitted disclosures, you create unfair risks for the receiving party. Defining them builds balance in the agreement and helps you avoid disputes when legitimate disclosures happen.

Consequences of breach

State what happens if the receiving party breaks the agreement. If needed, you should claim the right to recover financial damages and stop further disclosure through a court order. You can also require the breaching party to pay your legal costs if you have to go to court.

When you make the consequences clear, you discourage violations and strengthen your position if you ever need to enforce the NDA.

Types of NDAs and when to use each

Not every NDA works the same way. You need different types of NDAs because every business relationship handles sensitive information differently. Sometimes, only you share confidential data. Other times, both sides trade critical details. In larger deals, several companies might need protection under the same agreement.

If you choose the wrong type of NDA, you risk giving away information without getting the protection you need. If a dispute happens later, you might even create gaps that make enforcement harder.

Unilateral NDA

A unilateral NDA protects your information when only you share confidential material. You use this type when you disclose sensitive details and expect the other party to keep them private without sharing anything back.

For example, you might ask an investor to sign a unilateral NDA before you present your financials. You also use it when sharing a product design with a supplier or onboarding a new employee who will access internal systems.

Choose a unilateral NDA when you need to protect your data, but do not expect to receive confidential information in return. This type keeps the focus on your assets and gives you full control over disclosure risks. The average cost of a data breach reached $4.88 million globally, which makes safeguarding confidential information before disclosure more important than ever.

Mutual NDA

A mutual NDA protects both you and the other party. You use this agreement when you plan to exchange confidential information and want both sides legally bound to protect what they learn.

You might sign a mutual NDA during a merger discussion, a joint venture negotiation, or a product co-development project. For example, if you and another company both share customer data and technical plans, a mutual NDA ensures that neither side can misuse the other's information.

Choose a mutual NDA when sharing, which goes both ways. It creates balanced obligations and keeps negotiations fair from the start.

Multilateral NDA

A multilateral NDA protects your information when three or more parties need to share sensitive material under one agreement. Instead of signing multiple separate NDAs, you create a single contract that covers everyone involved.

You often use a multilateral NDA during consortium research projects, multi-party licensing talks, or partnerships where several businesses exchange technical data or financial details. For example, if your company collaborates with two other firms to build a new platform, a multilateral NDA ensures that every party follows the same rules.

Choose a multilateral NDA when you need to manage confidentiality across a group. You will simplify negotiations, save time, and avoid conflicting terms across multiple agreements.

Step-by-step guide to writing an NDA

Businesses usually draft NDAs with help from in-house legal teams, external attorneys, or business managers familiar with vendor contracts. If you keep the agreement simple and tailored to your situation, you can typically draft a strong NDA in a few hours. More complex agreements, especially those involving multiple parties or international laws, may take longer and require legal review.

• Step 1: Identify the parties. Start by listing every party involved in the agreement, using full legal names. Make it clear who is disclosing information, who is receiving it, and whether the agreement also binds employees, contractors, or affiliates. Define every party at the start, so you close any loopholes and avoid confusion later.
• Step 2: Define what counts as confidential. Clearly describe what information you want the NDA to protect. List specific categories, such as financial records, technical documents, client lists, business strategies, software code, and prototypes. If you plan to share verbal information, you are required to confirm it in writing after disclosure to keep it protected.
• Step 3: Set the scope of use. Explain exactly how the receiving party can use your confidential information. Limit use to specific purposes, such as evaluating a potential partnership, completing a project, or developing a product. Prohibit unauthorized copying, sharing, or personal use.
• Step 4: Define the timeframe for confidentiality. Specify how long the receiving party must keep the information confidential. Standard NDAs often set three to five-year terms, but sensitive trade secrets may require longer protection. Most companies choose fixed terms, with five years being the most common. Choose a time period that matches the importance and lifespan of the information.
• Step 5: Explain permitted disclosures. List the specific cases in which sharing your confidential information is allowed. Permit disclosure to employees, consultants, or advisors who need the information to do their jobs, provided they agree to confidentiality. Allow disclosures required by law, regulation, or court order.
• Step 6: Outline the consequences of a breach. State exactly what you will do if the receiving party breaks the NDA. Reserve the right to seek financial damages, request a court order to stop further disclosure, and recover your legal fees. When you clarify the consequences, you strengthen your position and give the receiving party clear reasons to follow the agreement.
• Step 7: Choose the governing law and jurisdiction. Select the state or country whose laws will apply to the NDA. Decide which court will handle disputes if they arise. Choose your jurisdiction early to save time, reduce uncertainty, and protect your interests if you need to enforce the agreement.
• Step 8: Add signature blocks for all parties. Finish by creating signature sections for each party. Include full printed names, job titles, company names (if needed), and space for signatures and dates. Make sure every party signs the agreement before you share any confidential information. Without signatures, your NDA offers no real protection.

How to enforce an NDA if it's broken

When someone breaches your NDA, you need to move fast to protect your information and strengthen your legal position. Waiting too long can hurt your case.

Start by gathering every piece of evidence that shows the breach happened. Save emails, contracts, screenshots, and any communication that proves the other party shared or misused your confidential information. To prove your case, you need fast access to contracts, renewal dates, payment records, and communication history.

Ramp supports this by automatically storing vendor contracts, extracting key terms like renewal deadlines and service scopes, and tracking spending patterns across all vendors. With this information organized and accessible, you can respond faster to breaches and build a stronger legal case if you need to take formal action.

After you collect your evidence, review your NDA carefully. Read the sections that define confidentiality obligations, permitted disclosures, breach consequences, and governing law. Know exactly what protections the agreement gives you and what actions you can take. When you clearly understand your contract, you stand on much stronger ground if you need to enforce it.

You should send a cease-and-desist letter as your first formal action. Demand that the breaching party immediately stop sharing, using, or benefiting from your confidential information. Make it clear that you will take legal action if they refuse. A strong cease-and-desist letter often stops the problem before it escalates.

If the breach continues or if you face serious harm, seek an injunction from the court. An injunction forces the breaching party to stop immediately. Courts often grant injunctions quickly in NDA cases when you show that the breach threatens your business. Acting early prevents further damage and shows the court that you take the breach seriously.

You also have the right to sue for monetary damages. Calculate how the breach hurt you, whether through lost deals, damaged reputation, or exposure to critical business strategies. If your NDA includes a legal fees clause, demand that the breaching party cover the costs of your enforcement efforts. Pursuing damages protects your business and shows that you won't allow violations to go unanswered.

In some cases, you may choose to negotiate a settlement. If you can recover damages or force the breaching party to destroy the leaked information, you might resolve the matter faster than through a full court case. Settling protects your position without dragging your business into a drawn-out legal battle.

Strong NDAs build stronger business relationships

Writing a strong NDA protects your ideas while building trust with partners, employees, and investors. Set clear confidentiality rules to show that you value what you share and respect what you receive.

Companies with clear NDAs close deals faster because both sides feel protected from the start. A well-drafted NDA removes doubts, limits legal risks, and creates a professional foundation for future growth.

When you define your confidential information clearly, set fair terms, and plan for enforcement, you give yourself more than legal protection. You strengthen relationships, show professionalism, and create space for partnerships to thrive without fear.

Protecting confidential information takes more than just writing a good NDA. Managing your vendors, contracts, and permissions over time takes strong systems. Ramp gives businesses the structure they need to track vendor relationships, control spending, and maintain visibility over contract terms. Combine strong agreements with smart operational management to protect your ideas, build trust faster, and strengthen every business relationship you enter.