Elements of an NDA for Startups to Ponder

I participated in a session yesterday on IP protection for technology companies that presented a wealth of good advice on certain provisions of Nondisclosure Agreements (NDAs) to which founders and IP owners should pay close attention. These agreements are sometimes confusing to the uninitiated, and often drafted in a manner that heavily favors the side producing the document. Knowing what to look for when an NDA is pushed across the table (or the electrons arrive at your inbox) is of utmost importance when discussing technology with a potential partner. Of course, some partners (such as VCs) will generally refuse to enter into NDAs at all. Often times these people talk to so many companies about their ideas in the course of a business day that there is simply no practical way for them to avoid running afoul of the provisions of an NDA. At the opposite end of the spectrum are mutual NDAs, where the terms apply (generally equally) to both sides. Mutual NDAs are far less likely to contain one-sided provisions. A unilateral NDA, however, presents the opportunity for one side to fine tune the language to benefit themselves (as either the recipient or discloser of confidential information), and may contain some tricky clauses for which every startup founder should watch out. I outline a few of these in this post.

Residual Information Clauses

One clause to be keenly aware of is what is known as a “residuals” or “residual information” clause. These are often structured to permit the recipient to freely use any information that is retained in his or her unaided memory (i.e., anything that they can remember about the confidential information falls outside the scope of the NDA). This information could be diagrams, a spoken description of a product, or a peek at some proprietary software code. While the technical nature of some of this confidential information may render it difficult to commit to memory, it is not hard to imagine that a highly skilled developer reviewing a great piece of code may be able to commit it to memory and regurgitate it later on for his or her own use. If your NDA allows for the other party to retain and use such “residuals”, you may find yourself without much recourse if this should happen to you.

Such a clause clearly benefits the recipient of information, to the detriment of the discloser. If you are considering entering into an NDA that contains a residuals clause, caution should be exercised. At the very least, the definition of what constitutes “residual information” should be narrow enough that it only pertains to things like general ideas and know-how, rather than retained trade secrets or other specific confidential information. There should be a line drawn that makes a distinction based on the character of the information being relayed, rather than allowing for any information retained to be used. (See other great blog posts here and here for some more information on residuals clauses).

Defining Confidential Information

Although I’ve covered the importance of having a strong definition of “confidential information” in the context of a founders’ agreement in another post, in an NDA there is a slightly different calculus depending on whether you are the recipient or the discloser. Generally, a startup will be in position of the discloser, and will want as broad a definition of confidential information as possible, so that anything that is said or related to the recipient (or even information from a third party) could be considered confidential. The recipient naturally favors a narrow definition, in order to avoid potential liability for their own use or disclosures down the road. With this in mind, the recipient may require you to list specific subject matter in the agreement, to clearly mark information as “confidential” in order for it to be covered, or to attach specific dates to the covered disclosures themselves. Just as important as defining what constitutes confidential information is defining what does not constitute confidential information. It is common to see clauses carving out information “already in possession of the recipient” or in the public domain from the definition of confidential information.

Non-use or Non-disclosure?

In addition to agreeing to not disclose confidential information to 3rd parties, the recipient should also agree to not use the received confidential information for anything other than a “permitted purpose”—a term that should be defined in the NDA itself. Without such a clause, the recipient may retain critical confidential information and use it to build their own product that could put you out of business. To prevent this, care should be taken to define the purposes for which the disclosed information may be used.

Despite restrictions placed in NDAs, there are examples of companies learning confidential information in meetings covered by an NDA, and then proceeding to use such information in their own products. A partial workaround for this might be to stage your disclosures by first offering a plain NDA, but not giving up much information. If the meeting goes well, and there is a high likelihood of a deal or partnership, a stronger NDA can then be put in place for subsequent discussions. Another option particularly useful for protecting source code is to have a disinterested 3rd party do a code review, and pass the information on to the recipient in a more general report. This protects specific algorithms and pieces of code developed by the discloser, while allowing the recipient to ascertain the usefulness of the discloser’s technology.


There are hot button issues other than these to consider when drafting or reviewing an NDA, and these important legal documents should not be considered a one-size-fits-all proposition. Care should be taken to ensure that the terms that you have agreed to regarding critical confidential information won’t come back to haunt your company years later.

Submit a Comment