Non-Disclosure Agreement

A Mutual (Bilateral) NDA binds both parties to equivalent confidentiality obligations — each party simultaneously acts as both a Disclosing Party (when it shares information) and a Receiving Party (when it receives information). This structure is appropriate when both parties will share sensitive information with each other, as is typical in joint ventures, technology partnerships, M&A due diligence between equals, and co-development engagements. A Unilateral (One-Way) NDA imposes confidentiality obligations exclusively on the Receiving Party, and is appropriate when only one party is disclosing sensitive information — for example, when a startup shares its pitch deck and financial projections with a prospective investor, or when a company shares its source code with a third-party auditor. Choosing the wrong structure can either create unintended obligations on the disclosing party or expose the disclosing party to risk. This template supports both structures with conditional clause activation.

This template is designed with global enforceability in mind and includes provisions aligned with major commercial law systems including U.S. federal and state law (Delaware, New York, California), English law (England and Wales), Singapore law, EU member state law (including GDPR-specific provisions), and other common and civil law jurisdictions. Key design choices that support international enforceability include: a governing law election with CISG exclusion, arbitration provisions with international institutional support (ICC, LCIA, SIAC), export control compliance provisions, GDPR and EU Trade Secrets Directive alignment, and severability clauses that preserve enforceability clause-by-clause. That said, certain provisions — particularly non-compete clauses — have variable enforceability by jurisdiction (notably limited in California, France, and certain EU states), and the Parties should consult local counsel before executing this Agreement in cross-border contexts.

Trade secrets occupy the most privileged tier of protection within this Agreement. Unlike general Confidential Information — which is protected for the duration specified in the Agreement (typically 3–5 years) — trade secret obligations survive indefinitely for as long as the information retains trade secret status under applicable law. This Agreement incorporates trade secret protections aligned with the U.S. Defend Trade Secrets Act (DTSA, 18 U.S.C. § 1836), which provides for federal court jurisdiction, seizure orders, and exemplary damages up to twice compensatory damages for willful misappropriation. It also aligns with the EU Trade Secrets Directive (2016/943/EU), which provides cross-border protections throughout the EU. The Receiving Party's obligations with respect to trade secrets include: indefinite non-disclosure, permanent non-use beyond the Permitted Purpose, prohibition on reverse engineering or independent derivation through improper means, and a specific prohibition on using trade secrets to train AI or ML systems.

Yes. This template is specifically designed for venture capital and private equity fundraising contexts, in which a startup or growth company discloses sensitive financial projections, cap tables, product roadmaps, proprietary technology, and customer data to prospective investors during due diligence. The template includes provisions specifically relevant to the fundraising context: protection of financial information and capitalization tables; AI/ML training restrictions that prevent investors from using disclosed technical information to train competing models; non-circumvention clauses that prevent investors from bypassing the company to access disclosed business opportunities directly; source code and algorithm protections; and cross-border disclosure controls for international investors. Note that many institutional venture capital funds resist signing NDAs for initial pitches, but will sign them for detailed technical or financial due diligence at later stages. This template is calibrated for the latter context.

This Agreement holds the Receiving Party fully liable for breaches by its employees, contractors, advisors, and agents (collectively, 'Authorized Personnel') to the same extent as if the Receiving Party itself had breached. The template requires the Receiving Party to: (1) ensure all Authorized Personnel are bound by written confidentiality obligations before access is granted; (2) maintain records of who has accessed Confidential Information; (3) provide immediate (48-hour) written notice of any unauthorized disclosure; (4) take all available legal measures to prevent and remedy such breaches; and (5) indemnify the Disclosing Party for all losses arising from Representatives' breaches. Post-departure obligations are specifically addressed — the Receiving Party must enforce confidentiality obligations against departing personnel who had access to Confidential Information. In the event of breach, the Disclosing Party may seek injunctive relief, disgorgement, compensatory damages, and attorneys' fees.

The duration of confidentiality obligations under this Agreement is configurable based on the transaction context. General Confidential Information is protected for the number of years specified at signing (commonly 3 years for standard commercial relationships, 5 years for technology partnerships, and up to 10 years for M&A and investment contexts). Obligations with respect to Trade Secrets survive indefinitely — for as long as the information retains legal trade secret status — which in practice often means perpetual protection for core proprietary technology, algorithms, and formulas. Certain specialized obligations (non-solicitation, non-circumvention) have their own separately specified survival periods. The template's Survival Table in Section 16 provides a comprehensive, clause-by-clause summary of survival periods to avoid ambiguity in post-termination enforcement.

This Agreement provides the Disclosing Party with a comprehensive, layered remedies structure upon breach. Equitable remedies — including emergency and permanent injunctive relief, specific performance, and asset preservation orders — are available immediately and without the requirement to post bond, based on the Receiving Party's express stipulation that monetary damages are inadequate. Monetary remedies include: compensatory damages (actual losses and lost profits); disgorgement of any profits or benefits derived from the unauthorized use of Confidential Information; consequential damages where the standard limitation of liability does not apply; exemplary or punitive damages for willful misappropriation of Trade Secrets under the DTSA (up to 2x compensatory); liquidated damages for non-solicitation violations; and recovery of attorneys' fees, expert witness costs, and all litigation or arbitration expenses. The remedies are cumulative, meaning the Disclosing Party may pursue multiple remedies simultaneously.

Cross-border disclosures — where Confidential Information is transmitted across national borders — activate the Agreement's export control and international data protection provisions. For technology and technical data, the Receiving Party must comply with the U.S. Export Administration Regulations (EAR) and, where applicable, ITAR, as well as the EU Dual-Use Regulation. This means that controlled technology may not be re-exported or transferred to sanctioned countries, restricted end-users, or non-authorized nationals without governmental approval. For personal data, cross-border transfers to countries without an EU adequacy decision must be covered by Standard Contractual Clauses (SCCs) or another approved transfer mechanism under the GDPR. For disclosures involving Protected Health Information under HIPAA, a Business Associate Agreement must be executed before any transfer. The Agreement also requires the Receiving Party to notify the Disclosing Party if it discovers that any disclosed information is subject to previously unidentified export controls or sanctions restrictions.