How to Review an NDA Before Signing: A Plain-English Checklist

NDAs are often treated as routine paperwork — a formality before the real conversation starts. But small wording differences between a standard NDA and an overreaching one can have consequences that last years after the business relationship ends.

Non-disclosure agreements come in many forms: pre-employment NDAs, vendor NDAs, partnership NDAs, and investor NDAs. What they have in common is that they're usually drafted by the other party's lawyer, in the other party's interest. This checklist covers the 7 things you must verify before you sign any of them.

The 7-Point NDA Checklist

Is It Mutual or One-Sided?

A mutual NDA (also called a bilateral NDA) protects both parties equally — if you share a trade secret, they can't disclose it; if they share one, you can't disclose it. A one-sided NDA only protects the disclosing party. If you're sharing anything meaningful — your business model, technical architecture, customer data, financial projections — a one-sided NDA offers you zero protection.

One-Sided Red Flag"Recipient agrees to hold all information received from Discloser in strict confidence." — if this is the entire obligation, there is no reciprocal protection for what you share.

In exploratory business conversations, insist on mutuality. A company that refuses a mutual NDA in a context where both parties are sharing sensitive information is signaling that the relationship will not be balanced.

How Long Does It Last?

Standard NDAs run 2 to 5 years from the date of signing or the date of disclosure, whichever is later. Some NDAs, particularly in M&A due diligence contexts, run 1 to 3 years. Perpetual NDAs — ones with no end date or that say "indefinitely" — are a red flag in most commercial contexts because they impose permanent legal obligations on information that may be commercially irrelevant in a few years.

Red Flag Language"Recipient's obligations under this Agreement shall continue in perpetuity with respect to any Confidential Information received hereunder."

Exceptions exist: trade secrets can legitimately require indefinite protection because trade secret law already extends that long. But generic business information shouldn't.

How Broad Is the Definition of "Confidential"?

The scope of what counts as confidential information is where most NDAs become overreaching. A well-drafted NDA defines confidential information specifically: technical specifications, customer lists, financial projections, proprietary processes. An overreaching NDA defines it as "any information disclosed by Discloser in any form, whether or not marked confidential."

Red Flag Language"'Confidential Information' means all information disclosed by either party in any form, oral or written, regardless of whether it is identified as confidential at the time of disclosure."

An all-encompassing definition means a casual remark during a meeting could technically be covered. Ask for a definition that requires either marking information as confidential or identifying it verbally at the time of disclosure with a written summary within 30 days.

Are There Proper Exclusions?

Every NDA should have explicit carve-outs for information that shouldn't be protected. Without these, you could theoretically be restricted from using your own general knowledge or discussing things that are already public. The four standard exclusions are:

Information that is or becomes publicly available through no fault of the recipient
Information the recipient independently develops without reference to the disclosed information
Information received from a third party without confidentiality obligations
Information required to be disclosed by law, regulation, or court order

Watch forNDAs that include these exclusions but add narrow conditions that gut them: "publicly available, provided Recipient did not directly or indirectly contribute to such availability." This lets the other party argue any exclusion doesn't apply.

Is There a Non-Compete Hidden Inside?

This is the most common NDA ambush. A standard NDA restricts disclosure — you can't tell third parties about what you learned. But some NDAs, particularly employment-related ones, bundle in non-compete language under a confidentiality label. Look for phrases like "Recipient agrees not to use the Confidential Information to develop competing products or services" or "engage in any activity that uses or benefits from the Confidential Information."

Non-Compete Bundled as NDA"Recipient shall not, during the term of this Agreement or for 2 years thereafter, engage in any business that competes with Discloser or that uses Confidential Information in any way, directly or indirectly."

"In any way, directly or indirectly" combined with a broad definition of Confidential Information creates a stealth non-compete. If you're a consultant, freelancer, or employee reviewing an NDA, search for every variant of "compete," "restriction," "engage," and "business" — these words don't belong in a pure confidentiality agreement.

What Happens to Information After It Ends?

When an NDA expires or the parties decide to end the relationship, what happens to the confidential information you received? There are two options: return or destroy. The obligation should be specific: "Within 10 business days of termination, Recipient shall return or certifiably destroy all materials containing Confidential Information." Vague obligations like "cease use of" without a return or destruction requirement leave you indefinitely holding sensitive information with unclear obligations.

Also check whether the survival clause (which determines which obligations survive the NDA's expiration) applies to the return/destroy obligation. Some NDAs have survivability language that accidentally removes the obligation to destroy materials.

What Jurisdiction Governs It?

The governing law clause determines which state's courts and laws apply to any dispute. This matters more than most people realize. Delaware law is commonly used because it's business-friendly and well-developed. New York law is common in financial services. California law often disfavors overly broad restrictive covenants. If a non-compete is bundled into your NDA, the governing law jurisdiction can determine whether that restriction is enforceable at all — California law might void a restriction that New York law would enforce.

Practical tipIf the other party insists on a jurisdiction that's far from where you operate, ask for a mutual convenience clause: disputes must be filed in the jurisdiction where the defendant is located, not exclusively in the disclosing party's preferred forum.

NDA Language That Should Make You Pause

Here are four clause patterns and what they actually mean in plain English:

Clause 1"Recipient acknowledges that any breach may cause irreparable harm for which monetary damages would be inadequate, and consents to injunctive relief without bond."

Plain English: You're pre-agreeing that the other party can get a court injunction against you immediately — without posting a bond and without proving actual damages — just by claiming you breached the NDA. This is common but worth understanding. It means a lawsuit threat is a much faster and cheaper weapon against you than in a normal contract dispute.

Clause 2"The receiving party shall not disclose the existence of this Agreement or the discussions between the parties."

Plain English: You can't tell anyone you have this NDA or that you're talking to this company. This prevents you from disclosing the relationship even to advisors. Ask for an explicit carve-out allowing disclosure to your attorneys and accountants on a confidential basis — you need to be able to get advice.

Clause 3"Recipient's obligations hereunder are of a special, unique character which gives them peculiar value, and any breach will render the Discloser's remedy at law inadequate."

Plain English: Boilerplate designed to strengthen injunction arguments. Not harmful on its own, but combined with aggressive breach definitions, it's used to turn any technical violation into a basis for emergency court action.

Clause 4"This Agreement may be amended by the Discloser at any time, with amendments effective upon notice to Recipient."

Plain English: The other party can unilaterally change the NDA's terms by sending you an email. This clause should never be accepted. All amendments should require mutual written agreement, signed by both parties.

What's Acceptable vs. What to Push Back On

Topic	Acceptable	Push Back
Duration	2–5 years, or 1–2 years for consumer-facing NDAs	Perpetual, indefinite, or "until no longer proprietary"
Structure	Mutual obligations, both parties bound	One-sided when both parties are sharing substantive information
Scope	Specific categories of information, marked or identified at disclosure	Any information ever shared in any form, oral or written
Exclusions	All 4 standard exclusions present and unqualified	Missing exclusions or exclusions narrowed with additional conditions
Non-compete	Absent entirely (or only applies to information actually used)	Any restriction on competitive activity or use of "general knowledge"
Amendment	Requires mutual written consent, signed by both parties	Unilateral amendment rights with or without notice

Review your NDA before you sign

Paste your NDA into Kaido and get a plain-English analysis in under 60 seconds — including whether it's mutual, how broad the confidentiality scope is, and whether there's a hidden non-compete buried in the language.

Analyze my NDA →