What to Look for in an NDA Before Signing
Key points to check in non-disclosure agreements so you don't over-commit.
NDAs (non-disclosure agreements) are common when discussing partnerships, funding, or deals. You might be asked to sign one before a first meeting with an investor, before sharing your pitch deck with a potential partner, or before diving into due diligence with an acquirer. They can be fair and balanced, or one-sided. If you sign without reading, you might agree to keep almost everything confidential forever, or to uncapped liability if something goes wrong. Here's what to look for before you sign—so you don't over-commit and so you know what you're getting into.
Definition of "confidential information"
The heart of an NDA is what counts as "confidential." If the definition is too broad, almost anything the other side shares—or that you already knew—could be deemed confidential, and you could be restricted from using your own knowledge or from sharing information that's already public. Here's what to check.
Too broad
"Any information disclosed," "all business information," or "all information received from the disclosing party" can make almost anything "confidential." That can restrict what you can do or say—including in your own business, in future deals, or when talking to advisors. Prefer a clear list or categories: for example, technical specifications, financial data, customer lists, business plans, and trade secrets. If the other side insists on broad language, try to add exclusions (see below) so that at least public information, prior knowledge, and independent development are carved out. If they won't narrow it, understand the risk: you might be unable to work on similar ideas or discuss the deal with anyone without their permission.
Exclusions
There should be carve-outs for: (1) information you already knew before the disclosure (and didn't get from them), (2) information that becomes public through no fault of yours (e.g. they publish it, or it leaks from another source), (3) information you develop independently (on your own, without using their confidential information), and (4) information you receive from a third party without restriction (and without breach of confidentiality). Without these exclusions, the NDA can be overly restrictive—and in some jurisdictions, courts may refuse to enforce clauses that are too broad. Make sure the contract spells out at least these exclusions. If it doesn't, ask for them. Many counterparties will agree; if they won't, get advice.
Duration and scope
How long does the NDA last, and who is bound by it? These terms affect your obligations and your risk.
How long
NDAs often last 2–5 years after the last disclosure of confidential information. Some say "indefinitely" or "until the information is no longer confidential"—which can mean forever if the information is never made public. Indefinite or very long terms can be hard to live with: you might forget what was disclosed when, and you could be on the hook for a long time. Push for a fixed term (e.g. 3 or 5 years) where possible. If the other side won't agree, at least understand the risk and consider whether you're comfortable being bound for a long period.
Who's bound
Is only your company bound, or are you personally bound too? If you're signing as a founder, are you signing for yourself, for your company, or both? And is the other side bound—both the company and its employees, advisors, and representatives? Make sure it matches the deal. For example, if you're sharing confidential information as a company (e.g. your startup's financials), the other side (e.g. an investor or acquirer) should be bound to keep it confidential and to use it only for the permitted purpose (e.g. evaluating the investment or the deal). If the NDA only binds you and not them, or only binds "the company" and not individuals who might leave and take the information with them, that's a red flag. Look for mutual obligations: both sides disclose, both sides protect.
Obligations and remedies
What do you have to do with the information, and what happens if someone breaches? These terms can expose you to liability.
Return/destroy
At the end of the relationship (or when the NDA expires), you may have to return or destroy all materials containing confidential information. "Destroy" should allow keeping one copy for legal/compliance purposes if required by law—for example, for tax or regulatory reasons. You don't want to be in a position where you have to destroy the only copy of something you need for your records. Ask for a carve-out that allows you to retain copies that are required by law or that are in backup systems (with confidentiality still applying). Many NDAs already include this; if yours doesn't, ask.
Liability
Watch for uncapped liability or broad indemnity. Some NDAs say that if you breach, you're liable for all damages—with no cap. That could be huge if the other side claims that a leak cost them millions. NDAs often provide for "equitable relief" (e.g. injunction—a court order to stop disclosing) for breach, which is standard. But monetary damages should ideally be capped—for example, to the amount of fees paid under a related agreement, or to a fixed sum. If the NDA is standalone (no related contract), consider asking for a cap that reflects the likely harm (e.g. limited to direct damages, or capped at X). Push back on broad, uncapped indemnity—where you agree to reimburse them for any losses arising from your breach. That can expose you to unlimited liability. If they won't cap it, understand the risk and consider getting advice.
BeforeYouSign can flag broad definitions, missing carve-outs, and liability terms in your NDA so you can negotiate or get advice before signing.