A Non-Disclosure Agreement is the contract that protects confidential information shared between parties. For contractor engagements, the NDA is usually the first document signed. This guide walks through a free mutual NDA template for contractors, with sample clause language for each section and primary-source citations for the Defend Trade Secrets Act notice that most templates miss.
Mutual versus one-way NDAs
The default for contractor engagements is mutual. Both sides typically share confidential information during scoping and engagement.
| Situation | NDA type |
|---|---|
| Contractor engagement (typical) | Mutual |
| Pre-acquisition due diligence | One-way (seller discloses) |
| Vendor RFP process | One-way (vendor receives confidential RFP) |
| Investor pitch | One-way (founder discloses) |
| Employment offer (during interview) | Mutual |
| Co-development partnership | Mutual |
The clause structure is identical. A one-way NDA simply removes the reciprocal obligations on the disclosing party.
The eight sections every NDA needs
1. Parties and purpose
This Mutual Non-Disclosure Agreement ("Agreement") is entered into as of
[Date] between [Party A Legal Name], a [State] [entity type] ("Party A"),
and [Party B Legal Name], a [State/Country] [entity type or individual]
("Party B"), each a "Party" and together the "Parties." The Parties wish
to evaluate a potential business relationship involving [brief description
of purpose] (the "Purpose") and in connection with that evaluation may
disclose to each other certain Confidential Information.The Purpose clause matters. It limits the receiving party to using the information only for the stated evaluation, not for any other purpose.
2. Definition of Confidential Information
"Confidential Information" means any non-public information disclosed by
one Party (the "Disclosing Party") to the other (the "Receiving Party")
in connection with the Purpose, in any form (oral, written, electronic,
visual), whether or not marked as confidential, that a reasonable person
would understand to be confidential given the nature of the information
and the circumstances of disclosure. Confidential Information includes
without limitation technical information, source code, business plans,
financial information, customer and prospect lists, pricing, product
roadmaps, marketing strategies, and the existence and terms of this
Agreement and any discussions between the Parties.Two approaches exist. The narrow approach requires information to be marked confidential to qualify. The broad approach treats anything a reasonable person would understand to be confidential as covered. The broad approach is standard because most operational disclosures are not pre-marked.
3. Exclusions
Confidential Information does not include information that the Receiving
Party can demonstrate (a) was publicly known at the time of disclosure,
(b) becomes publicly known through no fault of the Receiving Party,
(c) was rightfully known to the Receiving Party before disclosure without
any obligation of confidentiality, (d) was independently developed by the
Receiving Party without use of or reference to the Disclosing Party's
Confidential Information, or (e) is required to be disclosed by law,
regulation, subpoena, or court order, provided that the Receiving Party
gives the Disclosing Party prompt notice (where lawful) and cooperates
with any effort by the Disclosing Party to seek a protective order.Without exclusions, the NDA covers information the receiving party already has or could lawfully obtain. Courts routinely strike or narrow NDAs that lack standard exclusions. Including them is not a concession. It is what makes the rest of the NDA enforceable.
4. Obligations of the Receiving Party
The Receiving Party shall (a) hold the Confidential Information in strict
confidence, (b) use it solely for the Purpose, (c) protect it with the
same degree of care it uses to protect its own confidential information
of similar importance, but in no event less than reasonable care, (d)
disclose it only to its employees, contractors, advisors, and agents who
have a need to know for the Purpose and who are bound by confidentiality
obligations no less protective than those in this Agreement, and (e)
remain responsible for any breach by such employees, contractors,
advisors, or agents.
The Receiving Party shall not (i) reverse-engineer, decompile, or
disassemble any tangible objects embodying the Confidential Information,
or (ii) make copies of the Confidential Information except as necessary
for the Purpose.The standard-of-care language (same care as own information, but not less than reasonable care) is the default and what courts expect.
5. Term of confidentiality
This Agreement commences on the date first written above and continues
for 2 years (the "Term"). The Receiving Party's obligations with respect
to Confidential Information disclosed during the Term shall continue for
5 years from the date of disclosure of each item of Confidential
Information. The Receiving Party's obligations with respect to any
Confidential Information that constitutes a trade secret under applicable
law shall continue for as long as such information remains a trade
secret.The tiered structure (term of agreement, term of confidentiality, longer term for trade secrets) is standard. A flat 3- or 5-year term is the common alternative for less complex NDAs.
6. Return or destruction of materials
On the earlier of (a) completion of the Purpose, (b) termination of this
Agreement, or (c) written request by the Disclosing Party, the Receiving
Party shall promptly return or destroy all Confidential Information of
the Disclosing Party in its possession and certify such return or
destruction in writing if requested. The Receiving Party may retain (i)
one archival copy as required by law or its document-retention policy,
and (ii) copies in routine backup systems that cannot reasonably be
selectively deleted, in each case subject to the continuing
confidentiality obligations in this Agreement.The archival and backup carve-outs are the practical version. A pure return-or-destroy obligation is impossible to comply with given modern backup systems.
7. Remedies and Defend Trade Secrets Act notice
The Receiving Party acknowledges that money damages may be an inadequate
remedy for a breach of this Agreement and that the Disclosing Party shall
be entitled to seek injunctive relief and other equitable remedies, in
addition to any other available remedies at law or in equity, without
posting bond or other security.
DTSA Whistleblower Notice. Pursuant to the Defend Trade Secrets Act, 18
USC 1833(b), the Receiving Party is hereby notified that the Receiving
Party shall not be held criminally or civilly liable under any federal
or state trade secret law for the disclosure of a trade secret that is
made (i) in confidence to a federal, state, or local government official,
either directly or indirectly, or to an attorney, and solely for the
purpose of reporting or investigating a suspected violation of law, or
(ii) in a complaint or other document filed in a lawsuit or other
proceeding, if such filing is made under seal. An individual who files a
lawsuit for retaliation by an employer for reporting a suspected violation
of law may disclose the trade secret to the attorney of the individual
and use the trade secret information in the court proceeding, if the
individual (i) files any document containing the trade secret under seal,
and (ii) does not disclose the trade secret, except pursuant to court
order.The DTSA notice is required under 18 USC 1833(b) (https://www.law.cornell.edu/uscode/text/18/1833) for any agreement governing the use of a trade secret entered into with a contractor or consultant. Omitting the notice does not invalidate the NDA. It eliminates the right to recover exemplary damages and attorneys’ fees in a trade-secret misappropriation suit under the DTSA. Including it costs nothing. Omitting it costs real money in a real case.
The injunctive-relief clause matters because money damages are usually inadequate for confidentiality breaches (you cannot un-disclose information). Courts often require injunctive relief to be expressly contemplated by the contract.
8. Governing law, dispute resolution, and miscellaneous
This Agreement is governed by the laws of the State of [Delaware/
California/New York], without regard to its conflict-of-laws principles.
The Parties consent to the exclusive jurisdiction of the state and
federal courts located in [County, State] for any dispute arising under
this Agreement, except that either Party may seek injunctive relief in
any court of competent jurisdiction.
This Agreement constitutes the entire agreement between the Parties
regarding the Purpose and supersedes all prior agreements on the subject
matter. No amendment is effective unless in writing signed by both
Parties. If any provision is held unenforceable, the remaining provisions
remain in effect. This Agreement may be executed in counterparts and by
electronic signature, which the Parties acknowledge satisfy the ESIGN Act
(15 USC 7001) and applicable state UETA statutes.
This Agreement does not create any obligation to enter into any further
agreement, transfer any rights in any Confidential Information, or
engage in any business relationship. No license under any patent,
copyright, trade secret, or other intellectual property right is granted
or implied by this Agreement.The “no obligation” and “no license” clauses prevent the NDA from being argued as implying a broader relationship. The ESIGN consent language (https://www.law.cornell.edu/uscode/text/15/7001) is required for electronic signatures to be effective under federal law.
For cross-border NDAs, replace the court-jurisdiction clause with arbitration:
Any dispute arising under this Agreement shall be settled by binding
arbitration administered by the [International Chamber of Commerce / AAA
International / SIAC] under its rules, with the seat in [Singapore /
London / New York], and the arbitration conducted in English. Judgment
on the award may be entered in any court of competent jurisdiction.Arbitration is preferred for cross-border enforcement under the New York Convention.
Country-specific considerations
India
The Indian Contract Act 1872 governs NDA enforceability. NDAs are generally enforceable as contracts. The Information Technology Act 2000 recognizes electronic signatures. Non-compete clauses paired with the NDA are not enforceable in India under Section 27 of the Contract Act, so do not bundle non-compete terms into the NDA for India contractors.
EU (GDPR)
If the Confidential Information includes personal data of EU residents, the NDA is not sufficient. You also need a Data Processing Agreement under Article 28 of GDPR. The NDA covers business confidentiality. The DPA covers personal data processing. They are separate documents covering different obligations.
UK
UK NDAs are enforceable but the Public Interest Disclosure Act 1998 creates a UK equivalent of the DTSA whistleblower protection. UK NDAs cannot lawfully prevent disclosure to regulators or for whistleblowing purposes. The DTSA notice in the template covers US law. For UK signers, add a parallel whistleblower notice referencing PIDA.
Common NDA failure modes
- No exclusions. NDAs without standard exclusions get narrowed or struck by courts because they cover information the receiving party lawfully possesses.
- Missing DTSA notice. Eliminates exemplary damages in trade-secret cases. Costs zero to include.
- Indefinite term with no carve-out. Some jurisdictions (France, Germany) view perpetual confidentiality as unreasonable restraint. Frame indefinite as “as long as the information remains confidential.”
- No injunctive-relief clause. Money damages are usually inadequate for confidentiality breaches.
- Bundled non-compete. Non-compete clauses inside NDAs frequently invalidate the entire document in jurisdictions where non-competes are unenforceable (California, India, much of the EU).
- No purpose limitation. Without a specific purpose, the receiving party can argue any use is permitted.
- One-sided when both sides disclose. Asymmetric NDAs in symmetric situations create unnecessary friction.
NDA versus other agreements
| Document | Purpose | When |
|---|---|---|
| NDA | Protect confidential information | Before any disclosure |
| IP assignment | Transfer ownership of work product | When contractor creates work product |
| MSA | Master terms for ongoing relationship | Recurring contractor engagement |
| SOW | Project-specific scope and fees | Each project under an MSA |
| DPA | GDPR Article 28 processing terms | When contractor processes personal data |
An NDA alone is not sufficient for a contractor engagement that creates work product. You also need an IP assignment. An NDA alone is not sufficient when the contractor processes personal data. You also need a DPA.
Get a country-aware version
This template is a US-anchored mutual NDA. The right NDA for a specific engagement depends on the contractor’s country (PIDA notice for UK, no non-compete bundling for India, moral-rights considerations for France and Germany), the type of disclosure (trade secrets versus business confidential), and the dispute-resolution preference (court versus arbitration).
Omnivoo Contract Management generates a country-aware NDA in minutes alongside the SOW or MSA. You answer a short set of questions about the engagement and the platform produces an NDA with the right whistleblower notices for the contractor’s jurisdiction, the right exclusions, e-signature under ESIGN and eIDAS, and KYC on the contractor. The product is flat USD 49 per contract bundle with payment fees passed through at cost.
For the related templates, see our free MSA template and free SOW template. For data processing, see our free DPA template. To skip the manual drafting entirely, Omnivoo Contract Management handles the full bundle.
If you remember three things
- Mutual NDAs are the default for contractor engagements. One-way is rare.
- Standard exclusions (public, prior, independent, lawful disclosure) are what make the rest of the NDA enforceable. Without them, courts narrow or strike.
- The DTSA whistleblower notice under 18 USC 1833(b) is the cheapest insurance in contract law. Include it.
Use Omnivoo Contract Management at /solutions/contract-management to generate a country-aware NDA in minutes, with e-sign, KYC, and payment all included for USD 49 flat.