What Is a Non-Disclosure Agreement (NDA)? A Founder's Guide

A non-disclosure agreement (NDA) is a legally binding contract in which one or more parties agree to keep specified information confidential and not share or misuse it. Founders use NDAs to protect trade secrets, financials and product plans when sharing them with investors, partners, contractors or hires. Breaching an NDA can trigger legal and financial penalties.

What is a non-disclosure agreement?

A non-disclosure agreement is a contract that defines what information counts as confidential, who must protect it, how long the obligation lasts, and what happens if someone leaks it. It is also called a confidentiality agreement, confidential disclosure agreement (CDA), or secrecy agreement. The point is simple: let two parties exchange sensitive information without either side using it against the other.

For a founder, an NDA is the legal layer around everything you would rather a competitor never saw: your cap table, your churn numbers, your roadmap, your customer list, your unannounced features. It does not stop a leak from happening. It gives you the right to act when one does, and it sets a clear expectation up front that the information is off-limits.

NDAs are everyday business tools, not lawyer theater. A mutual NDA between two startups exploring a partnership can be a single page. The hard part is rarely the document. It is controlling who actually sees the file and proving what they did with it after they signed.

How does an NDA work?

An NDA works by turning a promise of secrecy into an enforceable obligation. Once both sides sign, the receiving party is legally bound to handle the confidential information only in the ways the contract allows, and to face consequences if they do not. A well-drafted NDA covers five things.

• Who is bound. The disclosing party (sharing the information) and the receiving party (obligated to protect it). A mutual NDA makes both sides each.
• What is confidential. The specific categories covered, such as financials, source code, customer lists, pricing, or product designs, often with a catch-all and a list of explicit exclusions.
• What the receiving party must do. Use the information only for the stated purpose, limit access to people who need it, and not copy or share it without permission.
• How long it lasts. A fixed term (commonly one to five years) or, for genuine trade secrets, for as long as the information stays secret.
• What happens on a breach. Remedies such as injunctions, damages, or recovery of legal costs.

Most NDAs also carve out information that is already public, that the receiving party already knew, or that they develop independently. Those exclusions are normal and protect the recipient from being sued over information they did not actually get from you.

Types of NDAs: unilateral, mutual and multilateral

There are three common structures. Which one you use depends on who is sharing information with whom.

Type	Who discloses	Typical use	Example
Unilateral (one-way)	One party shares; the other only receives	A founder sharing data with an investor, contractor, or candidate	You send a VC your financials before a term sheet
Mutual (bilateral)	Both parties share and protect	Two companies exploring a partnership or M&A	You and an acquirer both open your books for diligence
Multilateral	Three or more parties, all bound	Joint ventures, consortiums, multi-party deals	Three startups co-developing a product

A unilateral NDA is the default when only you are handing over sensitive material. A mutual NDA is fairer when both sides expose secrets, and most counterparties prefer signing one. A multilateral NDA avoids the overhead of separate agreements between every pair of parties, though it is more complex to negotiate.

Key clauses in an NDA

If you only read a few parts of an NDA, read these. They decide how much protection you actually get.

• Definition of confidential information. Too narrow and real secrets fall outside it; too broad and a court may refuse to enforce it. Be specific.
• Permitted use / purpose. The receiving party can use the information only for the named purpose (for example, "evaluating a potential investment"), nothing else.
• Exclusions from confidentiality. Carve-outs for public, already-known, or independently developed information, plus disclosures required by law.
• Term and survival. When the agreement ends, and how long confidentiality obligations live on after it does.
• Return or destruction. A requirement to give back or delete confidential material when the deal ends or the term expires.
• Remedies. What you can recover on a breach, including injunctive relief to stop ongoing disclosure.
• Governing law and jurisdiction. Which state or country's law applies and where disputes are heard.

A clause that often gets missed: non-solicitation and non-use. An NDA stops disclosure, but you may also want to stop the other side from poaching your staff or using your idea to build a competing product. If that matters, it has to be written in.

When do founders actually need an NDA?

Not every conversation needs one, and asking for an NDA at the wrong moment can read as naive. Here is where they genuinely earn their place.

Fundraising. Most early-stage VCs will not sign an NDA to hear a pitch, and pushing one is a red flag to them. But once you move past the first meeting into diligence, sharing your detailed financials, cap table, contracts and metrics, a mutual NDA is reasonable and common. The norm is: no NDA for the pitch, NDA for the data room.

Data rooms and diligence. When you open a virtual data room full of contracts, IP assignments, financial statements and customer agreements, an NDA sets the ground rules before anyone gets in. Sophisticated acquirers and later-stage investors expect to sign one. See what VCs want in a data room for how the NDA fits alongside the documents themselves.

Hiring and contractors. Employees, freelancers and agencies who touch source code, customer data or unreleased products should sign an NDA, usually folded into their employment or contractor agreement. This is one place an NDA is close to mandatory and rarely controversial.

Vendors and partners. Before you share roadmaps, pricing, or integration details with a potential partner or supplier, a mutual NDA protects both sides during the exploratory phase.

The honest take: an NDA is most useful where the relationship is ongoing and the information is genuinely valuable and genuinely secret. It is least useful as a substitute for simply controlling who can open the file in the first place.

What does a simple NDA look like?

This is not legal advice, and you should have a lawyer review any agreement before you rely on it. But it helps to know the skeleton, so the document feels less like a black box. A short, plain-language NDA usually flows like this:

1. Parties. Names and roles of who is disclosing and who is receiving.
2. Purpose. The single reason information is being shared (for example, "to evaluate a possible investment in the Company").
3. Definition of confidential information. What is covered, and a short list of what is not (public, already known, independently developed, legally compelled).
4. Obligations. Keep it secret, use it only for the purpose, limit it to people who need it.
5. Term. How long the obligation lasts after signing.
6. Return or destruction. Hand back or delete the material when the deal ends.
7. Remedies and governing law. What happens on a breach and whose law applies.
8. Signatures. Both parties, dated.

Plenty of reputable free templates exist for a standard mutual NDA, and for routine situations they are fine. For anything high-stakes (an acquisition, a major partnership, anything involving patents) get it reviewed. The cost of a lawyer's hour is trivial next to an unenforceable clause discovered later.

The limit of an NDA, and what closes the gap

Here is the uncomfortable truth an NDA alone will not solve. A signature is a promise. It does not stop someone from forwarding your deck to a competitor, screenshotting your financials, or downloading your whole data room and walking off with it. The NDA gives you a claim after the fact, but only if you can prove what happened, and most founders cannot.

That is the gap between a legal control and a technical one. The strongest position combines both: the NDA sets the obligation, and your sharing tool enforces and records what people actually do with the file.

Plox is a secure document sharing and virtual data room platform for founders, investors and dealmakers. Instead of emailing a PDF and hoping, you share a trackable link that you can passcode-protect, restrict to verified emails, watermark per viewer, set to expire, and revoke at any time. You also see exactly who opened the document, which pages they read, and for how long.

How Plox's one-click NDA gates a document or data room

Plox closes the loop between the agreement and the file. With one-click NDA, you can require viewers to accept a non-disclosure agreement before they can open a specific document or enter a data room.

It works like this:

• Turn on the NDA requirement for any link or data room.
• The viewer sees your NDA terms and must accept them before any content loads.
• Plox records who accepted, with a timestamp, so you have a clear audit trail.
• Only after acceptance does the document or data room open.

Now the agreement and the access control are the same action. The person who reads your financials is the same person who, moments earlier, accepted your terms, and you have it on record. Pair that with per-viewer watermarking and page-by-page analytics, and an NDA stops being a piece of paper in a folder and becomes an enforced gate on the actual information.

You can set this up on the free plan's secure links and on data rooms, with no sales call and no credit card to start.

Frequently asked questions

Is an NDA legally binding? Yes. A properly drafted and signed NDA is an enforceable contract. Enforceability depends on the terms being reasonable and specific, the information genuinely being confidential, and the agreement complying with the governing law. Overly broad or indefinite NDAs can be challenged or struck down.

Will investors sign an NDA before seeing my pitch? Usually not at the pitch stage. Most VCs see hundreds of decks and treat early ideas as low-risk, so asking for an NDA upfront can signal inexperience. The accepted norm is no NDA for the initial pitch, then a mutual NDA once you move into detailed diligence and open your data room.

What is the difference between a unilateral and a mutual NDA? In a unilateral (one-way) NDA, only one party shares information and only the recipient is bound to protect it. In a mutual (bilateral) NDA, both parties share confidential information and both are obligated to keep the other's secrets. Mutual NDAs are common when two companies explore a partnership or deal.

How long does an NDA last? It depends on the term you write in. Many NDAs run one to five years, while obligations covering true trade secrets can last as long as the information stays secret. The agreement should state both the contract term and how long confidentiality survives after it ends.

Can I write my own NDA without a lawyer? For routine, low-stakes situations, a reputable free template for a standard mutual NDA is often fine. For high-value deals, acquisitions, or anything involving patents or large liabilities, have a lawyer review it. This article is educational and is not legal advice.

Does an NDA stop someone from leaking my documents? Not by itself. An NDA gives you a legal claim after a breach, but it cannot physically prevent forwarding, downloading, or screenshotting. To actually control access, combine the NDA with technical controls like passcodes, expiring links, per-viewer watermarks, and an enforced acceptance gate that records who agreed before they could open the file.

Ready to put an NDA in front of your most sensitive documents? You can share securely with Plox for free, add a one-click NDA gate, and see exactly who opened what, no credit card and no sales call required.