June 16, 2023

NDA guide for founders: What they are, how they work and red flags to avoid

Discover what NDAs are, how they work and what needs to be included to make sure your company's sensitive information is protected

Imagine using an ex-colleague as a sounding board to discuss the new business idea you’ve been working on for months, or even years, and then later discovering they’ve stolen your idea and are replicating it.

That’s where non-disclosure agreements (NDAs) have an important role to play. In business, they’re used in a huge range of scenarios, from preventing an employee from sharing trade secrets to protecting confidential information when speaking with potential investors.

While opinions on whether we need NDAs vary, they can be a useful tool for founders intent on keeping their information protected. Here’s everything you need to know about NDAs.


What is an NDA?

“A non-disclosure agreement is an agreement that allows people to share confidential information on agreed terms,” Shing Lo, partner at Latham & Watkins, tells Sifted.

“An NDA should always be signed before disclosing any confidential information,” Lo says.“You can have initial discussions before putting an NDA in place, but should be careful to keep these discussions high level, and not share any sensitive or confidential information until the NDA is signed.” 

Corporate headshot of Shing Lo, partner at Latham & Watkins
Shing Lo, partner at Latham & Watkins

An NDA will usually have a "term" — typically two to three years, Lo says — after which the obligations fall away.

There are two types of NDAs: a unilateral or “one-way” NDA agreement is most common, which means just one party is sharing their confidential information and the other party is receiving that confidential information. This means that only the receiving party is subject to obligations under the non-disclosure agreement.

The other is a mutual NDA agreement, which means both parties would be subject to obligations in relation to the other party’s confidential information. You should only agree to a mutual non-disclosure agreement if you will be both receiving and sharing confidential information. 

What's their purpose? 

Non-disclosure agreements can be put in place whenever a company wishes to share sensitive or confidential information. Examples include exploring a potential relationship with a new supplier, when considering an IP licence collaboration or discussions with a potential investor.

You can also use NDAs when working with consultants or contractors, unless their service agreement contains confidentiality provisions. However, you wouldn’t usually need to enter into an NDA agreement with professional advisors like solicitors or accountants who are subject to regulation, as they will have their own obligations not to disclose confidential information.

Will Wright is cofounder of PlotTech, an early-stage software startup that is on a mission to remove 70% of defects in new-build properties by 2026. Wright put NDAs in place when reaching out to development companies with ideas for PlotTech’s app.

A selfie of Will Wright, the cofounder of PlotTech
Will Wright, PlotTech

“We recognised the importance of protecting our intellectual property (IP) when engaging with development companies to bring our idea of the PlotSnag app to life,” says Wright. “An NDA was necessary to ensure that the concepts of what we were trying to build remained confidential, while shortlisting a number of potential development partners.

“This enabled much more thorough consideration of the most appropriate partner, crucially managing the expectations of both parties and avoiding nasty surprises in the form of a reincarnation of our product under a different guise.”


What is in an NDA?

When creating an first NDA agreement, it's crucial to work with a law firm to develop a standard NDA template. Making this a “reasonable and balanced” draft saves you time and energy in later negotiations with other parties, says Mike Turner, partner at Latham & Watkins.

IoT startup Onomondo also uses NDAs, to protect sensitive business information, including aspects of its unique IoT technology, client data, business strategies, software code and other proprietary information.

Headshot of Michael Karlsen, CEO and cofounder of Onomondo
Michael Karlsen, CEO and cofounder of Onomondo

“When we release beta versions of our new technology, we often have NDAs signed with our beta testers,” Michael Karlsen, CEO and cofounder at Onomondo, tells Sifted. 

Here are the specific elements that usually feature in an NDA form:

Identification of parties

This is used to identify the people or entities involved in the non-disclosure agreement and explain who they are. It typically includes full names and addresses, and relevant parties such as legal support may also be named.


The definitions section details the different types of information covered by the NDA agreement and lays out rules on how that information is to be handled.


Here, the consequences of breaking the agreement and sharing protected information are laid out.


A clear definition of the scope of the NDA is included, going into intrinsic detail on what can and cannot be shared with outside parties.


NDAs rarely last forever, so the agreement will clearly state the number of years that the protected information must be kept private. NDAs with an indefinite timeframe still tend to include details on when the information is no longer protected.

Return of information

When business between involved parties is complete, a non-disclosure agreement may ask the recipient to confirm that sensitive information is destroyed or returned to the enforcing party.


This section explains information that is not covered by the NDA agreement, such as details already in the public domain or previously shared information.


Potential remedies for breaching a confidentiality agreement include payment for damages or even a restraining order.

What are the rules of an NDA agreement?

The main obligation under a non-disclosure agreement is the duty to keep the information confidential and only share it with a limited group of individuals — such as employees, affiliates or advisors who “need to know” the information — and to ensure those people also keep the information confidential.

“These days, parties will likely also be required to comply with data protection provisions under the NDA, in the event the confidential information being shared contains (or may contain) personal data,” says Lo. “These provisions should comply with UK and/or EU GDPR.”

An NDA for day-to-day business will usually be simple and limited to the key obligations, says Turner, like keeping the information confidential and listing who it can be shared with. 

Corporate headshot of Mike Turner, partner at Latham & Watkins
Mike Turner, partner at Latham & Watkins

“An NDA that relates to a potential transaction or investment is likely to be more complicated,” he adds, “and may contain more onerous provisions such as non-compete and non-solicitation clauses, which are more likely to be negotiated and may require review by external legal counsel.

“It is a debate whether NDAs are necessary in the context of a potential investment where the company is still at an early stage. This should be considered on a case-by-case basis.”

Non-disclosure agreement red flags

Before signing an NDA agreement, you should feel confident that you fully understand what is expected from you and agree to the detailed terms laid out in the document. Depending which side of the NDA you are on, here are the red flags Latham & Watkins suggests looking out for:

If you are the party sharing your information:

  • You should ensure the “purpose” of the NDA is clearly defined so that the other party can use your confidential information for that purpose only;
  • You should ensure the definition of “confidential information” is broad enough to capture all information you may be sharing under the NDA. If you have shared any confidential information before the NDA is entered into, you should ensure this is captured in the definition;
  • Confirm that the NDA is a one-way (rather that mutual) NDA if you are not receiving any confidential information yourself;
  • You should ensure the NDA doesn’t grant any IP rights or licences to the other party or go into details of joint IP ownership.

If you are the party receiving information:

  • It’s important to ensure there is an end date to your obligations. You will likely want a shorter-term agreement, whilst the person sharing their information will likely want a longer-term one;
  • You should avoid agreeing to any indemnities;
  • You should ensure the group of people you can share the information with matches those who you actually need to share the information with;
  • You should look out for onerous provisions such as non-competes and standstills — if you do agree to these, you should ensure they are proportionate to the purpose of the NDA and that you are able to comply with them;
  • You should ensure the definition of “confidential information” is clear and identifiable;
  • Insist on a mutual NDA if you will also be sharing your confidential information.

👉 Read: The legal documents all startups need to know about