NDA — Mutual NDA Checklist

# Mutual NDA — Pre-Sign Checklist

**Parties:** [Company A] and [Company B]
**Purpose:** [Why we're talking — e.g., "evaluating partnership", "due diligence for acquisition"]
**Effective date:** [DATE]
**Governing law:** [Jurisdiction]

---

## 1. Definition of Confidential Information

- [ ] **Broad enough** to cover everything you'll actually share: written, oral, electronic, technical, business, financial, customer data, source code, designs, roadmaps.
- [ ] **Marking requirement?** Some NDAs require info to be marked "Confidential" — fine in principle but **impractical** for oral discussions. Push back if the NDA requires marking; broaden to "info a reasonable person would understand to be confidential."
- [ ] **No third-party info you can't actually disclose.** If you're a fiduciary for a third party's confidential info, the NDA can't override that obligation.

## 2. Standard exclusions (must be present)

The NDA should explicitly exclude information that:

- [ ] Was already known to the recipient before disclosure
- [ ] Is or becomes publicly available without breach of the NDA
- [ ] Is independently developed by the recipient without reference to the confidential info
- [ ] Is rightfully obtained from a third party without confidentiality restrictions
- [ ] Is required to be disclosed by law (with notice to the disclosing party if possible)

If these aren't in the NDA, push back. Without them, you'd be in breach the moment you read a competitor's marketing page.

## 3. Use restrictions

- [ ] **Limited to the stated purpose.** Recipient can use the info ONLY for the purpose defined at the top. Not for any other reason.
- [ ] **Need-to-know access only.** Recipient can share with employees / advisors who need to know, provided they're bound by similar confidentiality.
- [ ] **No reverse engineering** — explicit prohibition on deriving the underlying tech / process.

## 4. Term + survival

- [ ] **Term of the NDA itself.** Typically 2-5 years. Shorter is harder to negotiate; longer is rarely needed.
- [ ] **Survival of confidentiality obligations.** Confidentiality usually survives the NDA's expiration — often 3-5 years post-disclosure for general info, **indefinitely for trade secrets** (this is normal and you should accept).
- [ ] **Return / destroy.** On request or termination, recipient returns or destroys all confidential info + provides certification. Practical default: 30 days.

## 5. Remedies + governing law

- [ ] **Injunctive relief.** NDA breaches are hard to quantify in money; standard language allows the disclosing party to seek a court injunction without proving monetary damages.
- [ ] **Governing law + venue.** Whose courts decide disputes? Usually the disclosing party's home jurisdiction or a neutral one. Avoid jurisdictions where enforcement is weak.
- [ ] **Attorneys' fees.** Often included — losing party pays. Cuts both ways.

## 6. Common founder mistakes

- Signing an NDA drafted by a much larger counterparty without legal review — usually one-sided in their favour
- Signing a unilateral NDA (only one party is bound) when sharing of info will flow both ways — push for mutual
- Marking-requirement clauses that make oral disclosures uncovered in practice
- Overly broad confidentiality definitions that prevent you from operating in your category
- Forgetting to track NDAs in a registry — when an acquirer does diligence, they'll ask for every NDA you've signed

## 7. Before you sign

- [ ] Reviewed by counsel (especially if the other party's lawyer drafted it)
- [ ] Marked file confirms exact version signed
- [ ] Added to your NDA registry / contracts database
- [ ] Counterparty contact details captured for future reference

---

**Educational only — not legal advice.** NDAs look simple but accumulate fast — a startup that's 3 years old often has 50+ NDAs in force. Track them and review periodically.