How to Write an NDA: Step-by-Step Guide (2026)
A non-disclosure agreement (NDA) is a legally binding contract that restricts one or more parties from sharing confidential information with outsiders. NDAs are among the most commonly signed legal documents in business — used before investor pitches, during hiring, in contractor relationships, and when exploring partnerships.
This guide walks you through every clause you need, the difference between one-way and mutual NDAs, and the mistakes that make NDAs unenforceable.
Last reviewed: March 2026
Table of Contents
- What Is an NDA and When Do You Need One?
- One-Way vs. Mutual NDAs
- The 7 Clauses Every NDA Must Have
- What to Include in the Confidential Information Definition
- NDA Duration: How Long Should It Last?
- Exclusions from Confidentiality
- State-Specific Considerations
- Common NDA Mistakes to Avoid
- Frequently Asked Questions
---
What Is an NDA and When Do You Need One?
An NDA — also called a confidentiality agreement — creates a legal obligation to keep specific information secret. If the receiving party discloses protected information, they can be sued for breach of contract.
When you should use an NDA:
- Before investor meetings. Sharing your business model, financials, or technology with potential investors.
- Hiring employees. Protecting trade secrets, client lists, and proprietary processes.
- Contractor and freelancer engagements. Especially when they'll access customer data, source code, or internal systems.
- Exploring a business partnership or acquisition. Sharing financial statements, projections, or operational data.
- Vendor relationships. When a supplier needs access to your internal processes or product specs.
NDAs are not appropriate for truly public information, information that has already been publicly disclosed, or general ideas that you cannot define precisely.
---
One-Way vs. Mutual NDAs
The first structural decision is directionality.
One-way NDA (unilateral): Only one party is disclosing confidential information, and only the receiving party is bound by the confidentiality obligation. Common when a company is briefing a contractor or showing an investor a business plan.
Mutual NDA (bilateral): Both parties disclose confidential information, and both are bound. Used when two companies are exploring a merger, joint venture, or integration partnership where each side will share sensitive data.
Mutual NDAs require more careful drafting because obligations run in both directions. A mutual NDA where one party has far more to protect than the other may not serve either party well — in that case a one-way NDA with strong protections is cleaner.
---
The 7 Clauses Every NDA Must Have
1. Identification of the Parties
Name both parties precisely: their legal names, entity types (LLC, Inc., individual), and state of formation or residence. Get this wrong and the agreement may not bind the right parties.
Example: "This Non-Disclosure Agreement is entered into as of March 1, 2026, between Acme Corp., a Delaware corporation ('Disclosing Party'), and Jane Smith, an individual residing in California ('Receiving Party')."
2. Definition of Confidential Information
This is the most important clause. It defines what information is actually protected. Overly broad definitions are sometimes unenforceable; overly narrow definitions leave important information unprotected.
See the next section for a complete breakdown of how to draft this.
3. Obligations of the Receiving Party
The core obligation: the receiving party agrees not to disclose confidential information to third parties without prior written consent, and to use it only for the permitted purpose defined in the agreement.
This section should also cover:
- Using the same degree of care the receiving party uses to protect its own confidential information (and no less than reasonable care)
- Limiting access to employees or contractors with a need to know
- Requiring those employees or contractors to be bound by equivalent confidentiality obligations
4. Exclusions from Confidentiality
Courts will not enforce NDA obligations over information that is already public or that the receiving party independently developed. State these exclusions explicitly (see the dedicated section below).
5. Permitted Purpose
State the specific purpose for which the receiving party may use the confidential information. "Evaluating a potential business partnership" or "performing software development services under a separate agreement" are examples. A clear purpose prevents the receiving party from using your information for unintended purposes.
6. Term and Termination
How long does the agreement last? Most NDAs have a set term (often 2–5 years) after which the confidentiality obligation expires. Some businesses request indefinite terms, but courts in some states are skeptical of them. Trade secrets may warrant longer or indefinite protection.
The agreement should also address what happens upon termination: return or destruction of confidential materials.
7. Governing Law and Dispute Resolution
Specify which state's law governs the agreement and where disputes will be resolved (federal or state court, and in which county). This matters enormously if the parties are in different states. Choose the state where your business is based unless you have a strong reason not to.
---
What to Include in the Confidential Information Definition
The definition of confidential information is where most NDAs succeed or fail. Three approaches:
Broad definition (most protective): Defines confidential information as all information disclosed by the disclosing party, regardless of whether it is labeled as confidential, if the nature of the information or circumstances of disclosure would suggest it is confidential.
Marked-only definition (least protective): Confidential information is only what is explicitly labeled "CONFIDENTIAL" at the time of disclosure. Dangerous because parties often forget to label things, and verbal disclosures are excluded.
Hybrid approach (recommended): Information is confidential if (a) labeled as confidential, or (b) described as confidential at the time of disclosure, or (c) would reasonably be understood to be confidential given its nature (financial data, customer lists, source code, proprietary processes, etc.).
Common categories to explicitly include: business plans, financial projections, customer and prospect lists, pricing structures, source code and technical documentation, product roadmaps, marketing strategies, and personnel information.
---
NDA Duration: How Long Should It Last?
| Scenario | Recommended Term |
|---|---|
| Employee NDA | Indefinite for trade secrets; 2–3 years for other confidential info |
| Contractor / freelancer | Duration of project + 2–3 years |
| Investor pitch or partnership exploration | 1–3 years |
| M&A due diligence | 2–5 years |
| Technology licensing | Varies; match license term |
---
Exclusions from Confidentiality
Every well-drafted NDA should explicitly state that the following information is not covered by the confidentiality obligation:
- Already public. Information that is already in the public domain at the time of disclosure, through no fault of the receiving party.
- Previously known. Information the receiving party already possessed before disclosure, as documented by existing records.
- Independently developed. Information the receiving party developed independently without using or referencing the disclosing party's confidential information.
- Received from a third party. Information received from a third party who had the right to disclose it without restriction.
- Required by law. Information the receiving party is legally required to disclose by court order or government authority, provided they give the disclosing party prompt notice so the disclosing party can seek a protective order.
---
State-Specific Considerations
NDA law varies by state. Key variations to know:
California: Does not enforce non-compete clauses at all, but NDAs and confidentiality agreements are generally enforceable. California courts may narrow overly broad confidentiality provisions. See California templates →
New York: Generally enforces NDAs. New York has specific rules about NDAs in the context of sexual harassment settlements — limits on confidentiality provisions that could prevent disclosure of illegal conduct. See New York templates →
Texas: Enforces NDAs if reasonable in scope, time, and geography. Texas courts apply the "blue pencil" doctrine to modify (not void) overbroad provisions. See Texas templates →
Florida: Enforces NDAs with relatively strong pro-business stance. Florida's Uniform Trade Secrets Act protects trade secrets beyond NDA terms. See Florida templates →
---
Common NDA Mistakes to Avoid
1. Vague confidentiality definitions. "All information we share" is both too broad and too vague. Define categories specifically.
2. No return-of-materials clause. When the relationship ends, how does confidential information get returned or destroyed? Omitting this clause leaves the disclosing party in a difficult position.
3. Signing before sharing anything. NDAs should be signed before any confidential information is shared, not after.
4. Forgetting to cover oral disclosures. If your agreement only covers written information, every conversation is unprotected. Include a provision confirming oral disclosures in writing within a set time period.
5. Unrealistic remedies. Including punitive damages or penalties far beyond actual harm may render the remedies clause unenforceable. Stick to injunctive relief (a court order stopping disclosure) and actual damages.
6. Wrong party signs. Make sure you have the right authorized signatory. An NDA signed by an individual employee instead of the company entity may not bind the company.
---
Frequently Asked Questions
Do NDAs hold up in court? Yes, properly drafted NDAs are enforceable contracts. Courts regularly grant injunctive relief and damages for NDA breaches. The key is specificity: vague, overly broad, or unreasonably long NDAs are more likely to be challenged successfully.
Can I use a free NDA template? A quality free template covers the basics for common situations. LegalStack's NDA generator lets you customize the key provisions — parties, purpose, duration, and exclusions — to fit your specific needs.
Does an NDA need to be notarized? Generally no. Notarization is not required for NDAs to be legally valid in any U.S. state. A signed agreement with consideration (the mutual promises) is sufficient.
What happens if someone violates an NDA? You can seek a court injunction to stop ongoing disclosure, and sue for damages caused by the breach. In some cases you may also have claims under trade secrets law (the Defend Trade Secrets Act at the federal level, or state equivalents).
Can employees sign NDAs? Yes. Employment NDAs are very common and generally enforceable. However, several states (including California, Minnesota, and Illinois) have placed restrictions on NDAs that prohibit employees from disclosing illegal conduct, harassment, or discrimination. Know your state's rules.