NDA Essentials: When You Need One
Back to Library
Legal, Risk & Compliance 12 min read Jan 2026

NDA Essentials: When You Need One

Matt Haycox

Matt Haycox

Entrepreneur, Investor, Mentor

Share 12 min

Most founders leak value without noticing, a deck shared too early, a contractor brief sent without guardrails, a โ€˜quick chatโ€™ that turns into a copied feature. Get NDAs right and you reduce the odds of being ripped off, spooked investors and messy fallouts when things move fast.

If you want the bigger picture of staying protected while you scale, cross-reference Legal, Risk & Compliance: The Practical Framework Every Founder Needs to Protect Their Business. This article then drills into NDAs in plain English, what they do, what they donโ€™t and how to use them without slowing your team down.

In this article, weโ€™re going to discuss how to:

  • Decide when an NDA is worth it and when itโ€™s theatre
  • Use a simple NDA process that doesnโ€™t kill momentum
  • Pick and adapt an NDA template so it matches your real risk

What An NDA Is For, In Founder Terms

An NDA (non-disclosure agreement) is a short contract that sets rules for how someone can use information you share. In practice, itโ€™s a tool to (1) stop casual misuse, (2) create leverage if someone behaves badly and (3) make expectations explicit before you hand over sensitive details.

The output youโ€™re aiming for is not โ€˜maximum legal coverageโ€™. Itโ€™s predictable behaviour and fewer expensive distractions.

  • Best-case outcome: People treat your information as confidential, you collaborate faster and you avoid misunderstandings.
  • Worst-case outcome: You spend time negotiating a pointless NDA, share too much anyway, then learn it doesnโ€™t help because you canโ€™t prove what was shared.
  • Reality: An NDA is only as good as your processes: what you share, to whom and how you record it.

When You Actually Need An NDA, And When You Donโ€™t

Most founders swing between two extremes: โ€˜NDA everythingโ€™ or โ€˜NDAs are uselessโ€™. Both are wrong. Use an NDA when the information has real, specific value and youโ€™re about to put it in someone elseโ€™s hands.

Use An NDA When The Information Is Both Valuable And Shareable

Here are practical triggers Iโ€™d class as NDA-worthy:

  • Supplier quotes and margins: Unit costs, manufacturing methods, freight rates, pricing rules and discount tiers.
  • Product build specifics: Technical architecture, source code access, unreleased roadmaps, security design, API keys and vendor contracts.
  • Commercial playbooks: Lead lists, conversion scripts, partner terms, customer pricing by segment and churn reduction tactics.
  • Data access: Customer datasets, employee records, proprietary research, financial models with assumptions.

Quick sense check: if a competitor got this information, would it change what they do next week? If yes, you need controls, an NDA is one of them.

Skip The NDA When It Adds Friction And Little Protection

Common situations where an NDA is often more trouble than itโ€™s worth:

  • Early investor outreach: Many investors wonโ€™t sign, and your pitch should be robust enough to survive being repeated. Protect the โ€˜howโ€™, not the headline.
  • First-touch sales calls: You can sell without disclosing your full recipe. Keep it at problem, proof and outcomes.
  • General networking: Donโ€™t share sensitive information in casual settings. An NDA doesnโ€™t fix loose talk.

Better approach: share less, structure access and document what you did share.

Gather The Right Signals In A Few Hours Before You Share Anything

If youโ€™re about to send files, grant access or walk someone through your systems, do a 2-hour pre-check. This makes your NDA decision obvious and stops you from signing paperwork that doesnโ€™t match reality.

Internal Signals First (60 To 90 Minutes)

Pull these artefacts and facts from inside the business:

  • What exactly is confidential: List 5 to 10 items, for example: โ€˜supplier cost sheetโ€™, โ€˜Q1 roadmapโ€™, โ€˜customer churn dashboardโ€™, โ€˜ad account structureโ€™.
  • Where it lives: Google Drive, Notion, GitHub, Slack, CRM, accounting software.
  • Who currently has access: Names, emails, roles, plus any shared logins that should not exist.
  • What youโ€™re about to disclose: A one-paragraph summary of what theyโ€™ll see and what they wonโ€™t.
  • Business impact if it leaks: Put a number on it, even if itโ€™s rough, for example: โ€˜Would increase CAC by ยฃ20โ€™, โ€˜Would allow undercut by 5%โ€™, โ€˜Would lose one key distributorโ€™.

This is also where you spot the uncomfortable truth: if 12 contractors already have access to the same files, the NDA is a secondary control. Fix access first.

Public Signals Next (30 Minutes)

Then do a quick external scan on the person or company youโ€™re dealing with:

  • Company registration and directors: Basic diligence, especially for overseas suppliers and new agencies.
  • Website claims versus reality: Case studies, client logos, staff headcount and consistency.
  • LinkedIn footprint: Role history, tenure, real colleagues, and whether they hop from brand to brand every 4 months.
  • Reputation markers: Reviews, disputes, public lawsuits, and patterns of โ€˜we built the same thing for Xโ€™.

Youโ€™re not trying to become a private investigator. Youโ€™re trying to decide the level of access to give and whether an NDA alone is enough.

Choosing An NDA Template That Actually Protects You

A generic NDA template can be fine if you use it like a tool, not a magic shield. The mistake is downloading the first PDF you see, sending it without context and assuming youโ€™re โ€˜coveredโ€™.

Hereโ€™s what I look for when Iโ€™m assessing an NDA template for a founder-led business:

  • Clear definition of confidential information: Broad enough to cover formats (spoken, written, visual) but specific enough to be enforceable.
  • Purpose limitation: They can use your information only to evaluate the deal or perform the work, not for โ€˜any business purposeโ€™.
  • Standard exclusions: Information already public, already known, independently developed, disclosed under law. These shouldnโ€™t become loopholes.
  • Return or destruction: When the relationship ends, they delete or return materials and confirm it.
  • Term and survival: The NDA term can be 12 to 36 months, but confidentiality obligations often survive longer for trade secrets.
  • Injunctive relief wording: A practical lever if someone is about to misuse information and you need action fast.
  • Governing law and jurisdiction: Match it to where you can realistically enforce, not what sounds impressive.

Youโ€™ll also need to choose between a mutual NDA (both sides share) and a one-way NDA (only your information is protected). If youโ€™re hiring a freelancer, itโ€™s usually one-way. If youโ€™re exploring a partnership where both parties share, make it mutual.

Use the phrase โ€˜NDA templateโ€™ with respect. It should be a starting point, then you adapt it to the deal in front of you. Iโ€™ve seen founders lose time arguing over tiny wording while leaving the real leak wide open: unlimited access to shared folders.

A One-Sentence Offer Template You Can Use Before You Send The NDA

Before you throw an NDA at someone, set the commercial frame. This reduces negotiation and keeps you from over-sharing out of excitement.

Offer template: โ€˜If we can agree confidentiality terms today, Iโ€™ll share [specific artefact] so you can assess [specific purpose], then weโ€™ll decide by [date] whether to move forward on [next step].โ€™

This does two things: it limits the purpose, and it sets a decision date so you donโ€™t end up in NDA limbo for 3 weeks.

Validation In 7 To 14 Days: Small Tests That Reduce NDA Risk

NDAs are one control. Validation is another. If youโ€™re bringing in a new supplier, partner or contractor, run low-exposure tests before you hand over the crown jewels.

Day 1 To 2: Start With A Thin Slice

Give them a constrained task that still proves capability:

  • Agency: Audit one channel, one campaign or one landing page, not the whole ad account.
  • Developer: Build one feature flag behind a sandbox environment, not full production access.
  • Manufacturer: Quote one SKU with a sample run, not your full range and margins.

What youโ€™re looking for is responsiveness, quality and whether they respect boundaries.

Day 3 To 7: Escalate Access Only When They Earn It

Set clear completion checks so you donโ€™t โ€˜feelโ€™ your way through it:

  • Time: Replies within 24 hours on business days.
  • Quality: 0 critical errors in the first deliverable, no missing files, no broken links.
  • Process: Uses your agreed channels, documents decisions, doesnโ€™t create shadow copies of files.

If they fail, youโ€™ve lost days, not months. You also havenโ€™t given them unrestricted information.

Day 8 To 14: Convert To A Proper Working Relationship

This is where you move from NDA-only protection to real commercial protection: a statement of work, payment terms, IP clauses and a clean exit. If you havenโ€™t already, refer to Legal, Risk & Compliance: The Practical Framework Every Founder Needs to Protect Their Business to make sure your legal hygiene isnโ€™t lagging behind your growth.

Pricing And Unit Economics: NDAs Donโ€™t Save A Bad Deal

Founders sometimes treat NDAs like insurance, then walk into awful economics. An NDA wonโ€™t fix margin leakage, it just reduces information leakage.

Use a simple unit economics check before you share sensitive data like pricing models or supplier costs.

A Quick Margin Sensitivity Example

Letโ€™s say you sell a subscription for ยฃ99/month. You pay ยฃ25/month in delivery costs (support time, software, fulfilment), and you spend ยฃ45 to acquire a customer. If average retention is 4 months, your rough contribution margin over the lifetime is:

Revenue: ยฃ99 x 4 = ยฃ396
Delivery costs: ยฃ25 x 4 = ยฃ100
Acquisition: ยฃ45
Contribution: ยฃ396 – ยฃ100 – ยฃ45 = ยฃ251

If a partner sees your model and undercuts you by 10%, you might feel it. But the bigger problem could be retention. If retention drops to 3 months, contribution falls to ยฃ152. Thatโ€™s a bigger hit than most โ€˜leaksโ€™.

Point: protect what matters, but donโ€™t use an NDA template as a substitute for hard commercial thinking.

Operational Guardrails That Protect Margin And Time

NDAs work best when they sit inside a simple operating system. Youโ€™re not trying to build a compliance department, youโ€™re trying to stop preventable mistakes.

Access Controls: The Unsexy Winner

Do these this week:

  • Create a โ€˜share packโ€™ folder: Only put what youโ€™re comfortable disclosing. Do not share your whole drive.
  • Time-box access: Access expires after 14 days unless renewed.
  • Use named accounts: No shared logins, no โ€˜assistant@โ€™ aliases.
  • Log what you shared: A simple spreadsheet with date, person, files, purpose, NDA signed (yes/no).

These guardrails are often more protective than arguing over one sentence in an NDA.

Keep A Lightweight Evidence Trail

If anything goes wrong, you need to show what was confidential and when you disclosed it. Keep:

  • The signed NDA: PDF plus email thread.
  • A list of disclosed artefacts: File names and versions.
  • Meeting notes: What was discussed, who attended.

This takes 10 minutes, and it turns a messy dispute into something you can actually manage.

Micro Cases: How Founders Use NDAs Without Losing Momentum

Case 1, Manchester SaaS founder hiring a contractor: She used a one-way NDA template, then gave the developer access only to a staging environment for 7 days. After a clean first sprint, access expanded to one repo, not the whole codebase.

Case 2, Dubai e-commerce operator negotiating with a new fulfilment partner: He shared SKU dimensions and volume forecasts under NDA but held back supplier invoices and margin targets until a pilot run hit 98% on-time dispatch for 10 working days.

Case 3, London consultancy pitching a corporate: They skipped the NDA for the first call, sold outcomes and case studies, then used a mutual NDA before sharing a diagnostic report with client data and internal stakeholder notes.

Case 4, Edinburgh hardware startup using an overseas manufacturer: They used an NDA plus process controls: separate CAD access, watermarking on drawings and a unique identifier per supplier. The NDA was the backstop, the operational controls did the heavy lifting.

Common NDA Risks, And The Hedges That Actually Work

Here are the traps I see founders fall into, plus practical hedges you can apply fast.

  • Risk: Believing the NDA stops theft. Hedge: Share in layers, keep high-value details behind a second gate (paid pilot, statement of work, limited access).
  • Risk: Not knowing what you disclosed. Hedge: Use a disclosure log and a curated โ€˜share packโ€™ folder.
  • Risk: Signing someone elseโ€™s NDA without reading the carve-outs. Hedge: Check purpose limitation, exclusions and who can receive the information inside their organisation.
  • Risk: Cross-border enforcement fantasy. Hedge: Choose governing law you can enforce, and rely more on access control and payment milestones where enforcement is hard.
  • Risk: Over-sharing to โ€˜proveโ€™ your value. Hedge: Sell outcomes first, then disclose detail as trust and traction build.

If you want one rule: never disclose something that would hurt you unless youโ€™ve got both an NDA and a practical way to limit access.

A Do And Donโ€™t Checklist For NDAs

  • Do: Use one NDA template across the business so the team doesnโ€™t improvise under pressure.
  • Do: Put the purpose and decision date in writing before you share files.
  • Do: Keep a disclosure log, itโ€™s boring and it wins disputes.
  • Donโ€™t: Send an NDA to investors as a default, it often backfires.
  • Donโ€™t: Share your whole drive then hope the NDA saves you.
  • Donโ€™t: Ignore IP and deliverables, the NDA is not a services agreement.

Download The Essential Contracts Pack And Lock This In Properly

If you want to move from โ€˜scrappy NDAsโ€™ to a repeatable approach that protects your work, IP and revenue, download The Essential Contracts Pack: Clauses That Protect Your Work, IP & Revenue and standardise what your team uses. Itโ€™ll save you hours of back-and-forth, and it stops you relying on a random NDA template you found online.

  • Use NDAs selectively: Apply them when the information is valuable and shareable, then back them up with access control.
  • Validate fast: Run thin-slice tests in 7 to 14 days before you disclose the high-value details and pricing logic.
  • Protect time and margin: Standardise your NDA template, log disclosures and escalate access only when performance earns it.

FAQ For NDA Essentials

Do I need an NDA before I pitch investors?

Usually no, many investors wonโ€™t sign and you shouldnโ€™t be sharing trade-secret level detail in a first pitch anyway. Pitch the problem, proof and plan, then use confidentiality controls later when diligence gets specific.

Is a free NDA template good enough?

Sometimes, but only if it covers purpose limitation, clear confidentiality definitions, return or destruction and jurisdiction you can enforce. The bigger issue is process, a decent NDA template plus tight access beats a perfect NDA with sloppy sharing.

Should I use a mutual NDA or a one-way NDA?

If both sides will disclose sensitive information, go mutual. If youโ€™re hiring someone to do work for you and theyโ€™re not sharing valuable confidential information back, one-way is cleaner and faster.

How long should an NDA last?

For most commercial discussions, 12 to 36 months is common for the agreement term, with confidentiality obligations lasting longer for trade secrets. The right answer depends on how quickly the information becomes stale and how feasible enforcement is for you.

What counts as โ€˜confidential informationโ€™ in practice?

Things like pricing rules, cost breakdowns, unreleased roadmaps, customer data, source code and playbooks. If youโ€™d be annoyed to see it in a competitorโ€™s hands, treat it as confidential and control access.

Can I enforce an NDA if someone is overseas?

It can be harder and more expensive, which is why operational controls matter more in cross-border deals. Use milestones, staged access and small pilots so youโ€™re not relying on enforcement as your first line of defence.

Is an NDA the same as an employment contract or contractor agreement?

No, an NDA covers confidentiality only. You still need terms for deliverables, payment, IP ownership, termination and liability, especially with contractors and agencies.

Whatโ€™s the fastest way to use an NDA without slowing down a deal?

Send your standard NDA template with a one-paragraph note stating the purpose and decision date. Share a curated โ€˜share packโ€™ folder, then expand access only after the first deliverable is on time and on spec.

Want More Like This?

JOIN GROWTH HQ

Get direct mentorship from Matt, access recorded courses and training, and join a network of operators who are actually building — not just talking about it.

Learn More