Free NDA Playbook For Contract Review and Negotiation

Identify if the NDA is Mutual

Mutual NDA

A mutual NDA ensures all the information shared by the parties is treated confidential. Reciprocal obligations at the outset mitigates risk in case of any change in the circumstances later.

Sample Comment for Client:

We recommend adopting a mutual NDA. Even where it appears that only one party will disclose confidential information initially, a mutual agreement ensures reciprocal protection, mitigates risk for our client, and avoids the need to revisit negotiations should circumstances change.

Sample Clause

Identify the type of information that needs to be kept confidential. The definition can be broad but should be clear and unambiguous.

A well-drafted definition determines the scope of protection under the NDA. Both parties should easily understand what information is covered.

Clearly define the categories of information (technical, commercial, financial, etc.) and avoid vague terms. Ensure the clause covers all relevant forms (written, oral, electronic).

Sample NDA Clause Example:
"Information means any and all information which is now or at any time after the date of this Agreement in the possession of either party, including, but not limited to discoveries, ideas, concepts, know-how, techniques, designs, specifications, drawings, blueprints, tracings, diagrams, models, samples, the products, flow charts, data, computer programs, drives, disks, diskettes, tapes, patents, patent applications, copyrighted materials, marketing plans, customer names and other technical, financial or commercial information and intellectual properties, whether in writing, oral or other tangible or intangible forms and is disclosed to the other pursuant to this Agreement, including without limitation any information or analysis derived from that Information."

Has the information been disclosed already or will be disclosed after the execution of the NDA?

Confidential information should ideally be disclosed after execution of the NDA.

Information disclosed before the NDA is signed may not be protected unless it is expressly included within the scope of "Confidential Information."

If information was shared before signing, specify in the agreement that such information is also treated as confidential. Otherwise, the disclosing party may lose protection for previously shared information.

Should the confidential information be marked or not marked?

Big teams: Use 'the reasonable standard' i.e. information that a reasonable person would understand to be confidential will still be covered.

Small teams: Use 'Marked Confidential Information' i.e. clearly state that only marked information is protected

Marking information as confidential brings clarity and avoids disputes about which information is protected. However, relying solely on markings can be impractical for large teams handling high volumes of data.

If marked:
Sample NDA Clause Example:
"All information expressly designated or marked as 'Confidential' by the Disclosing Party shall be treated as confidential. Only information that is clearly marked as Confidential shall be subject to the obligations of this Agreement."

If unmarked:
Sample NDA Clause Example:
"Information that is not explicitly marked as confidential shall still be treated as confidential if, under the circumstances, a reasonable person would understand the information to be confidential. The Receiving Party shall exercise reasonable care to protect such information from unauthorized disclosure"

Should the purpose be general or specific?

Specific, not unnecessarily restrictive. Purpose should not be vague, ambiguous or so broad that it falls outside the scope of the transaction contemplated by the parties

It ensures the confidential information is used by the parties receiving only for the purpose as agreed in the NDA.

Use precise language describing the business context, project, or transaction.

Sample NDA Clause Example: The Receiving Party shall use the Confidential Information solely for the purpose of evaluating and negotiating a potential business transaction between the Parties and for no other purpose.

Are these obligations included

Include the following 5 standard confidentiality obligations: Confidentiality – Keep all disclosed information strictly confidential. Non-Use – Use confidential information only for the agreed purpose. Limited Disclosure – Disclose confidential information only to employees, contractors, or agents who need it and who are bound by similar confidentiality obligations. Protection Measures – Take reasonable measures to protect the information from unauthorized use or disclosure. Return or Destruction – Upon termination or request, return or destroy confidential information, including all copies.

Without clearly defined obligations, the disclosing party risks misuse or accidental disclosure of sensitive information, weakening legal protection.

Explicitly include these five obligations in the NDA. Sample NDA Clause Example: "The Receiving Party agrees to: (i) maintain all Confidential Information in strict confidence; (ii) use Confidential Information solely for the Purpose defined in this Agreement; (iii) disclose Confidential Information only to employees, contractors, or agents who need access and who are bound by confidentiality obligations at least as strict as those in this Agreement; (iv) take all reasonable measures to prevent unauthorized use or disclosure of the Confidential Information; and (v) promptly return or destroy all Confidential Information upon termination of this Agreement or upon request by the Disclosing Party."

Which obligations survive termination of NDA?

The receiving party must continue to protect retained confidential information and trade secrets even after the NDA expires or is terminated.

Without specifying survival obligations, the disclosing party risks that sensitive information could be disclosed or misused after the NDA ends, undermining the purpose of confidentiality protections.

Explicitly state which obligations survive termination.Include different treatment for general confidential information vs. trade secrets, as trade secrets may have perpetual protection under law.Sample NDA Clause Example:(i) with respect to any retained Confidential Information, the obligation to comply with the confidentiality and non-use provisions of this Agreement will survive any such termination for so long as such Confidential Information is retained, and (ii) with respect to trade secrets, the obligation to comply with the confidentiality and non-use provisions of this Agreement will survive for so long as they qualify as trade secrets under applicable law.

What is the Term of NDA?

Define the initial duration of the NDA (e.g., 1, 2, or 5 years).Clarify that survival obligations apply beyond this term for retained confidential information and trade secrets.

Without a defined term, parties may dispute when obligations begin or end.

State the initial duration of the NDA Explicitly include a survival clause covering retained confidential information and trade secrets. Sample NDA Clause Example: "This Agreement shall commence on the Effective Date and continue in effect for [X] years unless earlier terminated in accordance with its terms. Notwithstanding the foregoing, the obligations with respect to retained Confidential Information and trade secrets shall survive termination or expiration as provided herein"

Who should have access to confidential information?

Options:

• Strict need-to-know

• Tiered access based on sensitivity

• Limited external advisors

• Mandatory written approval for broader disclosure

Limits unauthorized access; reduces risk of leaks

• Define categories of confidential information (if using tiers)

• Specify who qualifies for need-to-know access

• Include obligations for external advisors and require written approval for broader disclosure

Sample NDA Clause Example: "The Receiving Party shall only disclose Confidential Information to its Representatives on a strict need-to-know basis, and solely for the Purpose defined in this Agreement, ensuring such Representatives are bound by confidentiality obligations no less restrictive than those contained herein"

Is the Receiving Party liable for breach if a representative improperly discloses confidential information?

Yes - the receiving party should be liable for breach of NDA by its representatives

This enables the disclosing party to take legal action against the receiving party for the breach, regardless of whether the representative was the direct cause

The receiving party has a duty to take reasonable steps to ensure its representatives comply with the NDA's terms

Sample NDA Clause Example: "The Receiving Party will be responsible for any unauthorized access, use, or disclosure of the Confidential Information by its Representatives."

Does the NDA include the standard carve-outs from the confidential information?

Should include the standard carve-outs in NDAs:

• publicly available information

• information already known

• independently developed information

• information from a third party

• legally compelled disclosure

Sample NDA Clause Example:
Confidential Information shall not include information that: (a) is or becomes publicly available through no breach of this Agreement by the Receiving Party; (b) was already known to the Receiving Party prior to disclosure by the Disclosing Party without restriction on use or disclosure; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; (d) is rightfully obtained by the Receiving Party from a third party without restriction on use or disclosure; or (e) is required to be disclosed by law, regulation, or court order, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement and cooperates, at the Disclosing Party's expense, in seeking a protective order or other appropriate remedy.

What is the process for the return or destruction of Confidential Information?

Upon termination or expiration of the NDA, the Recipient must either destroy or return all Confidential Information to the Discloser and provide a certificate of destruction or written confirmation of return.

Always include a certificate of destruction or return requirement. This ensures the Discloser has formal evidence that confidential materials have been properly handled. If your business uses automated backup systems, make sure IT policies are aligned with the 180-day retention limit so the NDA obligations continue to apply even to retained backups.

Return or Destruction of Confidential Information:

Within 30 days of the Discloser's written request or the termination or expiration of this Agreement (whichever occurs first), the Recipient shall:
(a) Return or Destroy: Promptly return to the Discloser all tangible and electronic copies of Confidential Information in its possession or control, including all copies, summaries, extracts, and derivatives; or, at the Discloser's option, permanently destroy such Confidential Information.
(b) Certification: Provide the Discloser with a written certification signed by an authorized officer confirming that all Confidential Information has been returned or destroyed in accordance with this clause.

Can a party retain the confidential information as backup?

The Recipient may retain confidential information only to the extent required by law, regulatory obligations, or standard backup. It must be deleted within a specified period. Most importantly, all retained information must remain subject to the confidentiality obligations of the NDA.

Ensures the Discloser's sensitive information is not kept indefinitely, reducing risk of accidental disclosure.

Backup Retention Exception: Notwithstanding the foregoing, the Recipient may retain Confidential Information solely to the extent required by applicable law, regulatory obligations, or standard backup and disaster recovery procedures, provided that such retained information remains subject to the confidentiality obligations of this Agreement and is permanently deleted within 180 days.

Do the confidentiality obligations apply to retained confidential information?

Confidentiality obligations should survive the termination or expiration of the NDA for all retained confidential information.

Protects the Discloser's sensitive information beyond the active term of the NDA.

Continued Confidentiality Obligation: All confidentiality obligations under this Agreement shall continue to apply to any retained Confidential Information until it is properly destroyed or returned.

What is the relief in case of breach?

Damages vs. Injunction
Injunction: This is the primary and most important remedy in an NDA breach. Injunction allows the Discloser to stop further disclosure or use immediately.
Monetary Damages: This is a secondary relief as it can compensate for losses. This can be used in addition to an injunction.

Injunction empowers Discloser to stop the breach beyond just claiming money.

Sample NDA Clause Example:
Remedies for Breach
The Recipient acknowledges that any unauthorized use or disclosure of Confidential Information may cause irreparable harm to the Discloser for which monetary damages may be insufficient. Accordingly, the Discloser shall be entitled, in addition to any other rights or remedies available at law or in equity, to seek injunctive or other equitable relief to prevent or curtail any actual or threatened breach of this Agreement. The Discloser may also seek monetary damages for any losses incurred as a result of such breach. The rights to equitable relief and damages are cumulative and not exclusive of any other remedies.

Do you want to make this clause mutual? Just enter the AI prompt on Doclegal.ai 'Make the Remedies for breach clause mutual' and it will generate instantly.

AI Training Prohibition

Explicitly prohibits the use of Confidential Information for the purpose of training, developing, testing, or improving any AI model, Large Language Model (LLM), or machine learning algorithm, whether private or public

A clear exclusion allowing the use of Confidential Information (CI) for internal machine learning or AI models, but not for training external/public models

Sample NDA Clause language:

AI Training Prohibition:
"The Recipient shall not use, input, upload, or otherwise disclose any of the Client's Confidential Information to any artificial intelligence system, machine learning model, or similar automated data processing technology for the purposes of training, fine-tuning, or enhancing such systems, unless expressly authorized in writing by the Client. This prohibition applies during the term of this Agreement and indefinitely thereafter.

The Recipient may, however, use internal AI powered systems to analyze the Confidential Information solely for the purposes of this Agreement, provided that such systems do not retain, learn from, or incorporate the Confidential Information into any model or dataset, and that the Confidential Information is not disclosed to or accessed by any external AI service or platform."

AI-Derived IP Ownership

It clearly states that any intellectual property (IP) or derivative works developed using the CI, even if generated by an AI platform, remains the sole property of the Disclosing Party.

Ensure the receiving party has a clear right to use/own outputs from its internal AI analysis of the CI, or that the NDA specifies who owns any derivative works

Sample NDA Clause Language:

AI-Derived Intellectual Property Ownership
"Any intellectual property, invention, or derivative work developed, generated, or derived from the Discloser's Confidential Information, including through the use of any Artificial Intelligence (AI) system, Large Language Model (LLM), or machine learning algorithm, shall be and remain the exclusive property of the Discloser, unless otherwise agreed in writing.

The Recipient may use its internal AI models to analyze the Confidential Information solely for the purposes of this Agreement. However, any insights, outputs, or materials generated from such analysis that are based on or incorporate the Confidential Information shall not be used or commercialized by the Recipient except as expressly permitted by the Discloser in writing."

Confidential Information Definition

Keep the definition specific, focusing on proprietary business information.

Expand the definition of "Confidential Information" to explicitly include datasets generated or provided by AI

Sample Clause Language:

Confidential Information includes: (a) Data and datasets provided to or generated by AI models; (b) Generative AI prompts, queries, and instructions that contain or disclose Confidential Information; (c) Any output, analysis, or derivative work generated by an AI model using the Confidential Information.