How to Write an NDA (Free Template Inside)

A Non-Disclosure Agreement (NDA) is one of the most common legal documents in business — and one of the most misunderstood. Whether you're hiring a contractor, pitching to investors, or entering a partnership, knowing how to write a solid NDA can protect your most valuable assets: your ideas, data, and competitive advantage.

This guide walks you through every step of drafting an NDA, from choosing the right type to avoiding the mistakes that make NDAs unenforceable.

What Is an NDA?

An NDA, also called a confidentiality agreement, is a legally binding contract between two or more parties that establishes a confidential relationship. The party or parties who sign the agreement commit to keeping certain information secret and not disclosing it to third parties without permission.

NDAs are used across virtually every industry — from tech startups protecting source code, to manufacturers safeguarding production methods, to businesses keeping client lists private.

When Do You Need an NDA?

You should consider an NDA whenever you're sharing sensitive information that could harm you if it became public. Common scenarios include:

• Before a business pitch or investor meeting — protecting your business plan, financial projections, and product roadmap
• When hiring contractors or freelancers — ensuring they don't take client data or proprietary processes to competitors (see our freelance contract guide)
• During partnership or merger negotiations — sharing financials and operational details requires mutual confidentiality
• When onboarding employees — especially those with access to trade secrets, source code, or customer data
• Before licensing technology or IP — protecting inventions before formal patent protection is in place

If you're unsure whether your situation calls for an NDA, read our guide on Do I Need an NDA?.

Step 1: Choose the Right Type of NDA

Before you draft anything, decide which type of NDA fits your situation.

Unilateral (One-Way) NDA

Only one party discloses confidential information. The other party receives the information and agrees to keep it secret. This is the most common type, used when:

• You're pitching to investors
• You're sharing proprietary information with a contractor or vendor
• You're onboarding a new employee who'll access sensitive data

Mutual (Bilateral) NDA

Both parties share confidential information with each other, and both agree to keep the other's information secret. Use this when:

• Negotiating a partnership or joint venture
• Exploring a potential merger or acquisition
• Collaborating on a project where both sides contribute proprietary methods

Choose the type that matches your actual situation. Using a mutual NDA when only you're sharing information creates unnecessary obligations for you.

Step 2: Identify the Parties

Start with clear identification of everyone involved:

• Full legal names of all parties (individuals or business entities)
• Business addresses for formal correspondence
• Contact information — email addresses at minimum
• The effective date — when the confidentiality obligations begin

Getting this wrong creates enforcement problems. If the NDA names a person but the information was actually shared with their company, there's a gap in protection.

Step 3: Define Confidential Information

This is the most important clause in any NDA. Be specific about what counts as confidential. Vague language like "any information shared" creates ambiguity that courts may refuse to enforce.

Define categories clearly:

• Financial data and projections
• Customer and client lists
• Software code and technical specifications
• Product designs and prototypes
• Business strategies and marketing plans
• Employee and vendor information

Include all forms of disclosure:

• Written documents and digital files
• Verbal communications (specify these must be confirmed in writing within a set period, e.g., 5 business days)
• Visual demonstrations and presentations

Pro tip: Include a provision that information marked "Confidential" in writing automatically qualifies. This simplifies ongoing compliance.

Step 4: Specify Obligations of the Receiving Party

Spell out exactly what the receiving party must do — and not do — with the confidential information:

• Not disclose to any third parties without prior written consent
• Use the information only for the stated purpose (e.g., evaluating a potential business relationship)
• Implement reasonable security measures — store documents securely, limit internal access to need-to-know personnel
• Notify promptly if a breach or unauthorized disclosure occurs
• Return or destroy all confidential materials upon request or when the NDA expires

Without clear obligations, the receiving party can argue they didn't know what was expected.

Step 5: Include Standard Exclusions

Courts won't enforce NDAs that try to protect information that shouldn't be confidential. Standard exclusions include:

• Information that was already publicly available before disclosure
• Information the receiving party already possessed before the NDA
• Information independently developed by the receiving party without using confidential materials
• Information received from a third party who had no confidentiality obligation
• Information required to be disclosed by law (e.g., a court subpoena) — with the requirement to provide advance notice when legally possible

These exclusions are legally expected and actually strengthen your NDA. An NDA without them looks overreaching and is more likely to be challenged.

Step 6: Set the Duration

NDAs aren't eternal. Specify how long the confidentiality obligations last:

• Standard business information: 1–3 years
• Sensitive commercial data: 3–5 years
• Trade secrets: Can be indefinite, but must be explicitly stated as such and must genuinely qualify as trade secrets under applicable law

Include a clear end date or a formula for calculating it (e.g., "3 years from the date of disclosure"). NDAs without defined durations are often unenforceable.

Step 7: Define Remedies for Breach

What happens when someone violates the NDA? Your remedies clause should include:

• Injunctive relief: A statement that breach would cause irreparable harm, entitling the disclosing party to seek a court order stopping further disclosure — without needing to prove monetary damages first
• Monetary damages: The right to recover actual damages caused by the breach
• Attorney fees: The prevailing party in a dispute may recover reasonable legal costs
• Survival: Remedies survive the expiration or termination of the NDA

Without a strong remedies clause, enforcing the NDA becomes significantly harder and more expensive.

Step 8: Add Governing Law and Jurisdiction

Specify which state's or country's laws govern the agreement, and where disputes will be resolved. This matters enormously if you and the other party are in different locations.

For example, an NDA governed by California law is subject to different rules than one governed by New York law or Texas law.

If your business operates in multiple states, choose a jurisdiction with well-developed commercial law — California, New York, and Delaware are common choices.

Step 9: Include Signature Blocks

End the NDA with signature blocks for all parties. Each block should include:

• Full legal name
• Title or role
• Company name (if applicable)
• Date of signature
• Signature line

Both parties should sign and retain a copy. Electronic signatures are legally valid in all 50 US states under the ESIGN Act.

Common Mistakes to Avoid

Being too vague. Courts have thrown out NDAs because the definition of "confidential information" was too broad or unclear. Specificity protects you.

No expiration date. Indefinite NDAs are often unenforceable. Always include a duration (with an explicit exception for genuine trade secrets).

Missing jurisdiction. If you don't specify governing law, you could end up in a legal battle about where to fight the legal battle.

Not getting it signed. An NDA is worthless without signatures from all parties. Make sure you have signed copies before sharing anything sensitive. Use our contract signing checklist to make sure you don't miss anything.

Using a generic template without customizing it. Every business relationship is different. A freelance NDA and an investor NDA have very different needs. See our NDA review checklist for what to look for before signing.

Forgetting the exclusions. An NDA without standard exclusions looks overreaching and is more likely to be struck down by a court.

NDA Checklist: What to Include

Before you finalize your NDA, make sure it covers:

• [ ] Type chosen (mutual or one-way)
• [ ] All parties identified with full legal names
• [ ] Confidential information defined with specific categories
• [ ] All forms of disclosure covered (written, verbal, visual)
• [ ] Receiving party obligations spelled out
• [ ] Standard exclusions included
• [ ] Duration clearly specified
• [ ] Remedies for breach defined (injunctive relief + damages)
• [ ] Governing law and jurisdiction specified
• [ ] Signature blocks for all parties
• [ ] Notices clause (how official communications are delivered)

Create Your NDA in Minutes

Writing a solid NDA from scratch is time-consuming — and getting it wrong can leave your sensitive information unprotected. Contract.DIY generates customized NDAs tailored to your specific situation. Describe your agreement in plain language, choose your jurisdiction, and get a professional document ready to review and sign.

Create your NDA now →

Related Reading

• NDA Review Checklist: What to Look For Before Signing
• NDA vs. Confidentiality Agreement: What's the Difference?
• Do I Need an NDA? When Non-Disclosure Agreements Are Worth It
• Common NDA Mistakes Startups Make

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.