How long should the confidentiality period last?

For ordinary commercial information, 2–3 years from disclosure is market. For trade secrets, use 'for so long as the information qualifies as a trade secret under applicable law' — a fixed cap on trade secrets can be used against you to argue the protection lapsed. Many investors and Fortune 500 procurement teams will refuse anything over five years, so a bifurcated term (e.g., 3 years for general Confidential Information, indefinite for trade secrets) is the cleanest compromise.

What is a residuals clause and should I accept one?

A residuals clause says that any information 'retained in the unaided memory' of the recipient's personnel is free to use. Receiving parties (especially large tech companies) love them; disclosing parties should refuse or, at minimum, restrict the carve-out to a named individual list and exclude trade secrets. Once you accept a broad residuals clause, your protection is largely cosmetic — the receiver can rebuild your idea and credibly claim 'we just remembered it.'

Can I enforce an NDA against a former employee?

Yes, but only against use or disclosure of actual confidential information, not against general knowledge, skill, or experience the employee built up on the job. Courts (especially in California under Bus. & Prof. Code §16600) will rewrite or strike NDAs that operate as de facto non-competes. Pair the NDA with a specific trade-secret identification and, in trade-secret cases, comply with the federal Defend Trade Secrets Act notice requirement (18 U.S.C. §1833(b)) so you preserve exemplary damages and attorneys' fees.

Does a New York or California NDA need special language for harassment or discrimination claims?

Yes. New York General Obligations Law §5-336 (S5947, 2019; amended 2023) prohibits NDAs that prevent disclosure of facts relating to sexual harassment or other unlawful discrimination unless the complainant requests confidentiality and is given 21 days to consider plus 7 days to revoke. California (CCP §1001 and SB 331) goes further and bars NDAs covering any workplace harassment or discrimination claims. Use a workplace-harassment carve-out and a Speak Out Act (15 U.S.C. §§4051–4055) compliance recital in any settlement or severance NDA.

Home > Templates > NDA Template

Non-Disclosure Agreement (NDA) Template

A non-disclosure agreement is the bedrock confidentiality contract for early-stage business conversations, investor pitches, M&A diligence, and vendor evaluations. This template covers mutual and one-way variants, a tight definition of Confidential Information, residuals and securities-law carve-outs, DTSA whistleblower notice, and the survival language that determines whether your protection actually holds up in court.

Draft an NDA in Word

Download Free Template

Professional NDA Template (.docx) with LexDraft branding

Download .docx

What an NDA actually does

An NDA is a contract that converts an informal exchange of business information into a fiduciary-grade duty of confidence. It defines what information is protected, narrows the purpose for which the recipient may use it, sets a survival period, and — critically — gives the discloser a contractual basis to seek an injunction without having to prove trade-secret status. Without the NDA, the discloser is left to prove a common-law duty of confidence or a Uniform Trade Secrets Act / Defend Trade Secrets Act (18 U.S.C. §1836) claim, both of which require proving reasonable secrecy measures the company often cannot document.

When the NDA is the wrong tool

An NDA cannot protect (i) information that is already public, (ii) general skill and experience an employee builds on the job, or (iii) information you fail to mark or treat as confidential. If your real concern is a competitor hiring your engineer, you need a narrowly drafted non-solicit and a documented trade-secret identification program — not just a stronger NDA.

Specific scenarios this template covers

Series-A investor diligence: Sharing the pitch deck, cap table, MRR cohort data, and customer pipeline with a lead investor before a term sheet is signed. Use a one-way NDA with a Securities Act §4(a)(2) / Regulation D carve-out so the investor can disclose information to its lawyers and limited partners under its own confidentiality obligations.
M&A buy-side diligence: Permitting an acquirer to access the data room. Use a mutual NDA with a clean-team protocol for competitively sensitive data (customer lists, pricing matrices) so antitrust exposure is contained if the deal collapses.
Vendor and SaaS evaluation: Letting a potential vendor see your internal workflow, customer data structure, or proprietary data schema. Pair the NDA with a separate Data Processing Addendum if any personal data is touched.
Joint development and reciprocal disclosure: Pre-contractual technical discussions before a master development or co-marketing agreement. Mutual NDA, narrow purpose, and an explicit no-license-by-implication clause.
Employee or contractor onboarding: Combined with an invention assignment and IP transfer. Must include the DTSA whistleblower notice under 18 U.S.C. §1833(b) or you forfeit exemplary damages and attorneys' fees.
Pre-litigation settlement discussions: A Rule 408 NDA covering pre-suit negotiation. Keep the term tight and exclude any information already produced in discovery.

Clauses that decide whether an NDA is worth the paper it's printed on

Definition of Confidential Information

The single most-litigated clause. Over-broad definitions ("all information disclosed") get struck down as unreasonable; over-narrow definitions ("only documents marked CONFIDENTIAL") give the receiver an easy out for anything verbally disclosed.

"'Confidential Information' means all non-public information, in any form, disclosed by or on behalf of one party ('Discloser') to the other ('Recipient'), whether marked as confidential, identified as confidential at the time of oral disclosure, or which a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure."

Pitfall: Don't require a written follow-up confirming the confidential nature of oral disclosures within 30 days — almost no one complies, and the failure is fatal to enforcement.

Permitted Purpose

The use restriction is what stops the recipient from taking your information and going to a competitor. It should be tied to a specific, named transaction, not a generic "business relationship."

"Recipient shall use the Confidential Information solely for the purpose of evaluating a potential equity financing of Discloser by Recipient (the 'Permitted Purpose') and for no other purpose, including without limitation any internal product development, competitive analysis, or training of machine-learning models."

Pitfall: Add the AI-training carve-out expressly. Standard 2018-vintage NDAs do not address it and large recipients increasingly argue the silence is permission.

Standard exclusions

Four-corner exclusions: information that (i) was already public, (ii) was already known to the recipient without obligation, (iii) is received from a third party without obligation, or (iv) is independently developed without use of the Confidential Information.

"Confidential Information does not include information that Recipient can demonstrate by written records: (a) was in Recipient's possession without obligation of confidentiality prior to disclosure; (b) was or becomes generally available to the public other than as a result of breach by Recipient; (c) was received from a third party not subject to a duty of confidence; or (d) was independently developed without use of or reference to the Confidential Information."

Pitfall: Require contemporaneous written records — not after-the-fact reconstruction. Without this, a sophisticated recipient will manufacture an "independent development" defense.

Residuals clause (refuse if disclosing)

"Residuals" lets the recipient use any information retained in the unaided memory of personnel who had authorized access. It sounds innocuous and is, in practice, a defense to most misappropriation claims.

(If you must accept one): "Recipient may use the residual mental impressions of those individuals identified on Schedule A who had authorized access, provided that this clause does not grant any rights in Discloser's trade secrets, patents, copyrights, or other intellectual property."

Pitfall: Big-tech and enterprise procurement teams insert residuals as a market-standard. Push back hard or limit to a named individual list with an express trade-secret carve-out.

Term and survival

The term governs how long new disclosures can be made; survival governs how long the confidentiality obligation continues for already-disclosed information.

"This Agreement remains in effect for two (2) years from the Effective Date. Recipient's obligations with respect to Confidential Information shall survive for three (3) years after disclosure, except that obligations with respect to information constituting a trade secret under applicable law shall survive for so long as the information qualifies as a trade secret."

Pitfall: A fixed cap on trade-secret protection (e.g., 5 years) can be used in litigation to argue you accepted that the information lost its secret status — defeating a federal DTSA claim. Always carve trade secrets out of any time cap.

Return or destruction

On termination or request, the recipient must return or destroy Confidential Information and certify in writing. Address the realistic exception for routine IT backups and regulatory retention.

"Within thirty (30) days of written request, Recipient shall return or destroy all Confidential Information and certify destruction in writing, provided that Recipient may retain (i) one copy in its legal or compliance archive solely for evidentiary or regulatory purposes and (ii) Confidential Information contained in routine backup systems that are not readily accessible, which shall remain subject to this Agreement."

Pitfall: Refusing the backup carve-out makes the clause physically uncompliable on modern storage architectures and gives the recipient a defense to breach.

Compelled disclosure

Subpoenas, civil discovery, securities filings, and regulator demands all override contractual confidentiality. The clause should require prompt notice (where lawful) so the discloser can seek a protective order.

"If Recipient is required by law, subpoena, or court order to disclose Confidential Information, Recipient shall (where legally permitted) provide prompt written notice to Discloser sufficient to permit Discloser to seek a protective order, and shall disclose only the portion of Confidential Information that is legally required."

Pitfall: SEC Staff Bulletin No. 14L (2021) and CFTC Whistleblower Rule 165.19 make it unlawful to contractually prohibit whistleblower reporting. Carve out government reporting expressly.

No license, no obligation to deal

Disclosure does not grant any IP license, transfer ownership, or obligate either party to enter a transaction. Without this clause, an aggressive recipient may argue implied license or partial assignment.

"Nothing in this Agreement grants Recipient any right, title, license, or interest in Discloser's Confidential Information or intellectual property, except the limited right to use the Confidential Information for the Permitted Purpose. Neither party is obligated to enter into any further business relationship."

Pitfall: If you also share code or product samples, add a separate non-reverse-engineering clause — courts will not imply one from the NDA alone.

Equitable relief and remedies

Acknowledges that money damages are inadequate and that the discloser may seek a temporary restraining order or preliminary injunction without posting a bond. This converts a routine TRO motion from a multi-day evidentiary fight into a contractual admission.

"Recipient acknowledges that breach of this Agreement will cause irreparable harm for which monetary damages would be inadequate, and that Discloser shall be entitled to seek injunctive relief, specific performance, and other equitable remedies without posting bond or proving actual damages, in addition to any other remedies available at law."

Pitfall: Some jurisdictions (notably New York post-Reed Elsevier v. Muchnick and California) will not enforce "no bond" language — but the irreparable-harm admission still carries significant weight.

Jurisdiction notes

NDAs are governed by state contract law, and the choice of forum is often outcome-determinative. The following are the variations that catch out-of-state counsel most often:

California (Bus. & Prof. Code §16600; CCP §1001; SB 331): California voids most non-competes and aggressively rewrites NDAs that function as de facto restraints on trade. SB 331 (effective 2022) bars confidentiality clauses in employment, separation, or settlement agreements that prevent disclosure of unlawful workplace acts. Pick a different governing law and forum at your peril — California courts routinely apply §16600 even to out-of-state contracts under Application Group v. Hunter Group when a California employee is involved.
New York (GOL §5-336; CPLR §5003-b): S5947 (2019, amended 2023) prohibits NDAs that prevent disclosure of facts relating to sexual harassment or other discrimination unless the complainant requests confidentiality, is given 21 days to consider, and 7 days to revoke. Any settlement or severance NDA must include the Speak Out Act recital (15 U.S.C. §§4051–4055).
Massachusetts (G.L. c. 149, §24L; Wage Act): The Massachusetts Wage Act has a one-year limitations period and triple damages for late payment — relevant for severance NDAs where the consideration is final wages. The Massachusetts non-compete statute also imposes a $75,000 garden-leave threshold (see Employment Agreement template) that interacts with confidentiality obligations.
Texas (Tex. Bus. & Com. Code §15.50; TUTSA): Texas readily enforces NDAs and trade-secret claims under the Texas Uniform Trade Secrets Act, and the Texas Citizens Participation Act (anti-SLAPP) can be used defensively. Texas requires specific identification of trade secrets early in discovery — keep a contemporaneous trade-secret inventory.
Delaware (8 Del. C. §202; Del. Ch. Ct.): The Court of Chancery is the preferred forum for high-value commercial NDAs because it grants TROs quickly and the Chancellor's decisions are highly persuasive. Pair with a Delaware forum-selection clause if either party has Delaware contacts.
EU/UK (GDPR Art. 28; Trade Secrets Directive 2016/943): If personal data is exchanged, a standalone Data Processing Addendum is mandatory — an NDA alone does not satisfy Article 28. The UK courts will enforce post-Brexit, but pick a forum (England & Wales or specific EU member state) consistent with where the data subjects reside.

How to draft your NDA in LexDraft

Pick the right direction and purpose

Open LexDraft in Word. Choose mutual or one-way. Name the actual transaction (e.g., "evaluation of a Series A investment of up to $X" — not "potential business relationship"). The narrower the purpose, the cleaner the use-restriction claim if the recipient later competes.

Lock in the protected information

Specify the categories of Confidential Information you actually plan to disclose. Decide whether to require a "marked CONFIDENTIAL" formalism (cleaner but easier to lose on technicalities) or use the "reasonable person would understand" standard (recommended for most commercial use).

Set jurisdiction, term, and carve-outs

Pick a governing law and venue you can actually litigate in. Confirm survival (3 years for general, indefinite for trade secrets), DTSA whistleblower notice if any individual is signing, and AI/ML carve-out. Download the .docx, review redlines, and execute via your e-signature platform of choice.

Best practices that separate enforceable NDAs from cosmetic ones

Refuse residuals as the disclosing party

Residuals clauses ("information unintentionally retained in unaided memory") sound innocuous but in practice gut your protection — once your idea is "remembered," it is no longer confidential. Refuse them or limit to a closed list of named employees with an express trade-secret carve-out.

Add the AI/ML training carve-out

Pre-2022 NDAs do not address training of language models or other ML systems. Today, any sophisticated recipient will exploit the silence. Express prohibition: "Recipient shall not use Confidential Information to train, fine-tune, prompt, or evaluate any machine-learning model, including any general-purpose language model."

Don't try to NDA general skill and experience

An employee NDA that purports to restrict the employee's use of "all knowledge gained during employment" is unenforceable nearly everywhere and signals a sloppy lawyer. Identify trade secrets specifically and use a separate, narrowly drafted non-solicit if needed.

Build a contemporaneous disclosure log

Track what was disclosed, when, in what format, and to whom. Litigation outcomes turn on the discloser's ability to identify exactly what information was given to the breaching party. A clean log shifts the burden to the recipient to prove independent development.

Use clean-team protocols in M&A

If you are letting a competitor (or potential competitor) see customer-level pricing, gross margins, or roadmap, route it through a designated clean team — outside counsel, financial advisors, and a small number of antitrust-cleared employees with no general business responsibility. Plain NDAs do not satisfy Hart-Scott-Rodino or DOJ informal guidance.

Include DTSA notice on any employee or contractor NDA

18 U.S.C. §1833(b)(3) requires written notice of the federal trade-secret whistleblower immunity. Without it, you forfeit the right to recover exemplary damages and attorneys' fees in a DTSA action. Two paragraphs, no cost — there is no reason to omit it.

Pick a forum you can actually litigate in

A New York forum-selection clause is meaningless if the breaching party is in Bangalore with no New York assets. Pick a forum where (i) you have counsel, (ii) the defendant has assets, and (iii) injunctive relief is available promptly. Delaware Chancery for major commercial; the home district of the defendant for trade-secret theft cases.

Don't use an NDA as a settlement gag

Federal Speak Out Act (effective Dec. 2022) voids any pre-dispute NDA covering sexual harassment or assault. CA SB 331 and NY S5947 extend this to other forms of workplace discrimination. A settlement NDA that violates these statutes is unenforceable and may expose the drafter to liability.

Frequently Asked Questions About NDAs

Yes. Electronic signatures on commercial NDAs are valid under the federal E-SIGN Act (15 U.S.C. §7001) and the Uniform Electronic Transactions Act (UETA), which 49 states have adopted (New York has its own ESRA, with substantially similar effect). The narrow carve-outs are wills, codicils, testamentary trusts, and certain UCC instruments — none of which apply to a confidentiality agreement. The audit trail (IP address, timestamp, click-wrap acceptance) that DocuSign or Adobe Sign produces is, evidentiarily, stronger than a physical signature, which can be challenged on authentication grounds.

For ordinary commercial information, 2–3 years from disclosure is market. For trade secrets, use "for so long as the information qualifies as a trade secret under applicable law" — a fixed cap on trade secrets can be used against you in litigation to argue the protection lapsed by the contract's own terms. Many investors and Fortune 500 procurement teams refuse anything over five years for general Confidential Information, so a bifurcated term (3 years general, indefinite for trade secrets) is the cleanest compromise. Avoid perpetual confidentiality for non-trade-secret information; some jurisdictions, including California, will refuse to enforce it.

A residuals clause permits the recipient to use any information "retained in the unaided memory" of personnel who had authorized access to the Confidential Information. Receiving parties — especially Microsoft, Google, Amazon, and other large platforms — insert them as a market-standard. As the discloser, you should refuse. Once accepted, residuals become a defense to almost any misappropriation claim: the recipient simply argues "we just remembered the idea." If you must accept one, limit it to a named individual list (not "any employee"), exclude trade secrets expressly, and exclude any use that would constitute infringement of your IP. A residuals clause is the difference between a real NDA and a press release.

Yes, but only with respect to actual confidential information — not against general knowledge, skill, or experience the employee developed on the job. Courts (especially in California under Bus. & Prof. Code §16600 and after the FTC non-compete rule litigation) routinely strike or narrow NDAs that operate as de facto non-competes. The enforcement playbook: (i) identify the trade secrets specifically and in writing; (ii) preserve the contemporaneous evidence (devices, emails, Slack); (iii) send a cease-and-desist within days of departure; and (iv) comply with the DTSA whistleblower notice requirement (18 U.S.C. §1833(b)) so you preserve exemplary damages and attorneys' fees. Without that notice, you have a contract claim only.

They are unrelated, despite the surface similarity. A no-license clause says that disclosure does not grant any IP rights — it prevents implied-license arguments and confirms the discloser still owns its IP. A residuals clause does the opposite: it carves out the recipient's right to use the information itself, separate from any IP grant. You can have a strong no-license clause and still be defenseless if you also accepted residuals. Disclosers should insist on the no-license clause and reject the residuals clause; they are not substitutes.

If any individual employee, contractor, or consultant is signing — yes, and the omission is expensive. 18 U.S.C. §1833(b)(3) requires the disclosing party to provide written notice of the DTSA immunity for confidential disclosures made to government officials or attorneys for the purpose of reporting suspected violations of law. Skip the notice and you forfeit the right to recover exemplary damages (up to 2x actual damages) and attorneys' fees in any subsequent federal trade-secret action. The notice is two paragraphs; there is no good reason to omit it.

Only with statutory compliance. New York GOL §5-336 (S5947, 2019; amended 2023) and CPLR §5003-b require that any settlement NDA covering sexual harassment or other workplace discrimination be at the complainant's preference, with 21 days to consider and 7 days to revoke. California CCP §1001 and SB 331 (2022) bar NDAs covering most workplace harassment or discrimination claims entirely. The federal Speak Out Act (15 U.S.C. §§4051–4055) voids pre-dispute NDAs covering sexual harassment or assault. A non-compliant NDA is unenforceable, and the drafting attorney may face professional-responsibility exposure.

Draft your NDA in Word, not in a web form

LexDraft sits inside Microsoft Word. You answer a structured intake, the clauses populate, you redline directly against your standard playbook, and the .docx is signature-ready. Free tier covers 3–5 NDAs per month.

Install LexDraft for Word