[ EVERYDAY ]

NDA Review Guide

Most NDAs are short. Most NDAs also lock you out of work you might want to do, for years, with definitions broad enough to cover almost anything. Read it like a contract, not a formality.

What it is

A non-disclosure agreement ("NDA") is a contract where one or both parties agree not to use or share certain information they receive from the other. It is the most-signed contract in business — between employees and employers, between negotiating companies, between investors and founders.

NDAs come in two flavors: one-way (only one side discloses) and mutual (both sides disclose). The asymmetry of a one-way NDA matters a lot — if you're the one signing, you're the one bound.

NDAs are often signed under time pressure ("can you sign this and send it back so we can keep talking?"). That pressure is what most NDAs are designed for.

Common clauses to check

  1. [ 01 ]

    Definition of Confidential Information

    The most important clause. What counts as "confidential" determines the scope of every other obligation.

    What to look for
    • Whether the information must be marked or designated as confidential (clearer for you), or whether "all information of a confidential nature" is automatically covered (broader).
    • Carve-outs: information already known, publicly available, independently developed, or rightfully received from a third party — these are standard and any NDA without them is suspect.
    • Whether oral disclosures must be confirmed in writing within X days to be confidential.
    Red flags
    • Definitions broad enough to cover "any information disclosed in any form, including impressions" — practically catches everything.
    • No carve-outs for already-known or independently-developed information.
    • Asymmetric definition where the discloser's information gets broad protection and yours gets none.
  2. [ 02 ]

    Mutual vs. one-way

    Whether both parties' information is protected, or only one side's. Push for mutual whenever possible.

    What to look for
    • Mutual NDA — both parties have the same disclosure and protection obligations.
    • If one-way, identify which side you're on. If you're disclosing, the NDA protects you. If you're receiving, it constrains you.
    • Symmetric carve-outs (residual knowledge, prior knowledge, etc.).
    Red flags
    • Asymmetric obligations that favor the larger company in the relationship.
    • One-way NDA in a discussion that's actually mutual (e.g. exploring a partnership where both sides will share).
  3. [ 03 ]

    Permitted use

    How you can use the confidential information. The narrower the "Purpose," the more risk for you.

    What to look for
    • Specific Purpose (e.g. "evaluating a potential investment") — broad enough to cover what you actually need to do.
    • Permission to share with employees, contractors, attorneys, accountants, and advisers on a "need to know" basis.
    • Right to reverse-engineer? (Almost always prohibited; sometimes carved out for products you legally acquired.)
    Red flags
    • Purpose narrow enough that any tangential use (mentioning to your CFO, modeling with your finance team) is technically a breach.
    • Prohibition on sharing with your professional advisers (lawyers, auditors).
  4. [ 04 ]

    Term & survival

    How long the NDA's obligations last. Short-term confidentiality (1–3 years) is normal; perpetual is not.

    What to look for
    • Confidentiality obligations of 2–5 years from disclosure (or from termination of the discussion) for most commercial NDAs.
    • Indefinite or perpetual obligations for trade secrets — fine, but only for trade secrets, defined narrowly.
    • Survival clause stating which obligations continue after the NDA itself expires.
    Red flags
    • Indefinite confidentiality for all information (trade secret or not) — locks you out of competitive activity forever.
    • Term that automatically renews unless you give notice.
  5. [ 05 ]

    Residual rights

    A "residuals" clause says you can use information that ends up in your employees' general knowledge. Highly contested.

    What to look for
    • Residual clauses make it possible to hire someone who saw confidential information without setting a permanent landmine in your team.
    • Look for: "general knowledge, skills, and experience retained in unaided memory" rather than written notes.
    Red flags
    • Outright prohibition on residual use — useful for the discloser, painful for the receiver.
    • Asymmetric residual clauses (discloser gets residuals, receiver doesn't).
  6. [ 06 ]

    Return or destruction

    On termination or request, the receiver returns or destroys the confidential information. Common; check the carve-outs.

    What to look for
    • Carve-out to retain copies for legal/regulatory compliance and IT backups (you can't actually delete things from disaster-recovery tape).
    • Carve-out to retain "one copy in legal department files" for evidentiary purposes.
    • Reasonable timeline for compliance — 30 days is standard, 7 is aggressive.
    Red flags
    • Demand for affidavit/certification of destruction within an unrealistic window.
    • Requirement to "destroy" information that lives in cloud applications you don't fully control.
  7. [ 07 ]

    Non-solicit & non-circumvent

    Some NDAs sneak in restrictions on hiring the other side's employees or going around them to their customers.

    What to look for
    • Whether the NDA contains any non-solicit, non-hire, or non-circumvent — many do, hidden in the boilerplate.
    • Time period (12 months is typical), scope (employees you actually contacted), and carve-outs (general advertising, employee-initiated applications).
    Red flags
    • Non-solicit covering "any employee" of the disclosing party — even ones you never met.
    • Non-circumvent restricting your right to do business with their customers — separate from confidentiality, but lumped in.

Other watchouts

  • Injunctive relief language — both parties typically agree money damages aren't enough and the other side can get an injunction. Standard.
  • Liquidated damages — if a number is named, scrutinize it. "Reasonable estimate of damages" is enforceable; punitive amounts are not.
  • Jurisdiction and venue — where you'd be sued.
  • Successor and assigns — does the NDA travel with the company on sale or licensing?
  • Equitable relief / specific performance — gives the discloser the right to court orders, not just damages.

Frequently asked questions

Should I sign an NDA without a lawyer?
For routine commercial NDAs (vendor calls, casual investor meetings) most people sign without legal review. For NDAs that come with a partnership, M&A discussion, or contain non-solicit/non-compete provisions, a lawyer review is worth the time.
What's the difference between an NDA and a confidentiality agreement?
Practically nothing. Both terms refer to the same kind of contract. "NDA" is more common in tech and business; "confidentiality agreement" is more common in legal and HR contexts.
How long should an NDA last?
For ordinary commercial information, 2–5 years from disclosure (or from end of the discussion) is standard. Indefinite or perpetual obligations should be reserved for genuine trade secrets, defined narrowly.
Can I sign a one-way NDA if I'm also sharing information?
If both sides will share, push for mutual. If you can't get mutual, at minimum the NDA shouldn't prohibit your other party's use of your information just because you didn't ask for symmetric protection.
What is residual knowledge?
Information that ends up in someone's general professional knowledge — what they remember without notes. A residuals clause says you can use that residual knowledge without breaching the NDA. It's controversial: discloseres dislike it, receivers love it.

Run this checklist on your actual contract

Upload the PDF. We’ll flag every clause from this guide that matters in yours, in plain English.

Read your contract

Related guides