NDA primer for startups

Information is one of the most valuable assets of any business. This includes product specifications, manufacturing processes, source code, system architecture, business plans, customer lists, employee information and financial information. Your business could be severely damaged if any of this information is misused or enters the public domain. Startups should get in the practice of signing a NDA with any party that will receive the company’s confidential information, prior to initial disclosure. Key elements of a NDA include:

  • Who is disclosing information? NDAs can take many forms. If both parties are disclosing information, the parties may wish to enter into a mutual (two-way) agreement. If only one party is disclosing information, a unilateral (one-way) agreement may be fine. Mutual agreements typically include more balanced restrictions than those found in one-way agreements, since a disclosing party may be more aggressive in the types of restrictions it wants to impose if it is not also bound to those same restrictions. The personnel who are actually disclosing and/or receiving information should clearly understand whether the NDA is one-way or two-way.
  • Who is receiving information? For sensitive information, it is important for the parties to designate specific human beings who are responsible for receiving confidential information and controlling its use or disclosure.
  • What is the purpose of disclosure? A properly-scoped purpose clause is critical. For example, the purpose clause should be narrow if information is being disclosed to a party that is now, or may someday, enter the disclosing party’s business. Broadly worded clauses that information should be used for any purpose should be avoided.
  • Are you dealing with a competitor? In particularly sensitive circumstances (for example, when a potential acquisition is under consideration), it may be appropriate to include heightened protections, such as customer non-solicitation, employee non-solicitation or non-competition provisions.
  • What information is being disclosed? Recipients will generally prefer that the discloser clearly labels confidential information as confidential, or otherwise clearly identifies confidential information disclosed orally (this might include following up with a letter or email memorializing the general scope of a particular disclosure). Disclosers will prefer to define confidential information more broadly, so as not to leave any particular disclosure unprotected.
  • How much of the disclosed information is really confidential? NDAs typically exclude the following categories of information from restrictions on use and disclosure:
    • Information already known by the recipient
    • Information not known by the recipient at the time of disclosure, but later received from a third party who is not under an obligation of non-disclosure
    •  Information developed independently

NDAs may include a variety of standards and limitations for each of these categories. For example, the exclusion for information already known may only apply if the recipient can back it up with written records created before the time of disclosure.

  • What restrictions are being imposed? Generally, NDAs should limit the ability to disclose information, as well as the ability to use information. NDAs may include a reasonable care standard or a standard based on how the recipient handles its own information. Specific restrictions on reverse engineering may be appropriate in certain circumstances. If the recipient is allowed to disclose the information to others, the NDA may explicitly hold the initial recipient responsible for any unauthorized use or disclosure by the second-hand recipients.
  • What remedies exist if the recipient breaches the agreement? Because the harm caused by an unauthorized disclosure can be irreversible, a disclosing party will most likely want an explicit right to seek immediate injunctive relief. The parties may attempt to negotiate a standard for the availability of injunctive relief in the NDA. In particularly sensitive situations, the disclosing party may also request contractual indemnification for breach.
  • How long do the restrictions remain in effect? Some US states and other jurisdictions will not enforce an indefinite confidentiality restriction. In general, the longer the term of restriction, the less likely a court may be to enforce such term. A disclosing party should consider how long the information would have value, while the recipient should consider the ability and need to maintain confidentiality from a practical perspective. Many NDAs include a restrictive period based on some period of time following the date of disclosure (or the date of the last disclosure) of information between the parties. To avoid complications in determining or agreeing on the date of disclosure, the parties may wish to use a specific term of restriction. This may be accomplished by tying the restrictive term to either the date of the agreement itself or the end of a pre-defined disclosure period.
  • Return of information: The disclosing party should be entitled to a return of its confidential information at some point in the relationship. It is typical to provide for return of information after some period of time (at which point the parties would know whether they will pursue a transaction) or at any time upon the disclosing party’s request. It is not uncommon for the recipient to make notes, analyses or extracts of the disclosing party’s information. The disclosing party will be sensitive to the recipient’s retention of these materials, but at the same time it may be inappropriate or impractical to deliver all notes or summaries to the disclosing party since they may contain the buyer’s own information. In such cases it may be appropriate for the recipient to instead destroy all such materials. The disclosing party may request that the recipient certify that all such materials have been destroyed. In some cases, a recipient may need to retain some minimal level of information about the discussions (e.g., a creditor may need to be able to justify credit decisions, and investment funds may need to justify investment decisions). In such cases a disclosing party will want to limit the scope of retained information as much as possible and maintain restrictions on the retained information as long as reasonably possible. A recipient may be willing to place retained information in the hands of its counsel in order to minimize the risk of misappropriation. A recipient may request a residual knowledge clause in an attempt to allow future use of information retained in the unaided memory of the recipient. Depending on the language used, the recipient’s use may be limited to the general concepts underlying the confidential information, or the recipient may be able to use anything the recipient can remember after returning the tangible forms of confidential information. A disclosing party will be justifiably concerned that a residual knowledge clause might swallow the restrictions otherwise spelled out in the NDA.
  • Choice of law and venue: The NDA should indicate its governing law. In addition, contracting parties sometimes identify in advance the courts in which the NDA will be examined. Choice of venue provisions can be particularly important in the NDA setting, as a disclosing party may need to move swiftly for injunctive relief if there is actual or threatened misuse of confidential information. Once information is disclosed publicly (especially where included in a press release or posted on the Internet), it is virtually impossible to stop further dissemination of the information.


Questions? Email us at startups@dentons.com.