What does an NDA actually do?
A non-disclosure agreement (NDA), sometimes called a confidentiality agreement, is a legally binding contract that restricts one or both parties from disclosing specified confidential information to third parties. If the agreement is breached, the disclosing party can seek damages or an injunction, or both.
The key word is specified. A well-drafted NDA defines exactly what information is confidential, who can access it, how it can be used, and for how long the obligation lasts. A poorly drafted one, or a generic template, may protect far less than you think.
The definition of confidential information is the most critical element of any NDA. It needs to be broad enough to cover everything you are disclosing, but specific enough that a court can determine whether a particular piece of information falls within it. Getting this wrong in either direction can leave you exposed.
When startups should ask external parties to sign an NDA
Before sharing your product or technology with a potential development partner
If you are sharing code, architecture, proprietary processes, or unreleased product features with an external software developer, agency, or technical co-founder candidate, an NDA is appropriate. This is one of the clearest use cases: you are disclosing genuinely sensitive information that has commercial value, and the other party has no obligation to keep it confidential without a contractual one in place.
This applies whether the engagement proceeds or not. Discussions often break down before any formal engagement begins. Without an NDA signed before those conversations, there is nothing legally binding the other party to silence.
Before entering due diligence with an investor
Australian founders are sometimes advised not to ask investors to sign NDAs, and for early introductory conversations, that is generally right (more on that below). But when due diligence moves to a detailed stage, when you are sharing financial models, customer data, proprietary technology, or operational detail, a mutual NDA becomes reasonable. At that point, you are no longer pitching; you are opening your books.
The NDA in this context should be mutual, time-limited, and specific about what constitutes confidential information. A one-sided NDA in favour of the founder is unlikely to be accepted by the investor's legal team.
Before sharing confidential information with a supplier or manufacturer
If your product involves a proprietary formulation, design, or manufacturing process, common in food and beverage, consumer goods, and hardware, and you are engaging a third-party manufacturer or supplier, an NDA should be signed before any technical detail is disclosed. This is especially important where the supplier also works with your competitors.
The NDA alone will not necessarily prevent misuse, but it gives you a legal basis to act if your information is used without authorisation.
Before disclosing commercially sensitive terms to a distribution or channel partner
Negotiating a distribution or reseller arrangement often involves disclosing your pricing, margin structure, customer base, or product roadmap. Where that information would cause genuine commercial harm if disclosed to competitors or the market, an NDA is appropriate before those conversations begin.
When engaging a contractor who will access customer data or proprietary systems
Contractors are not automatically subject to the same confidentiality obligations as employees. If you are engaging a freelancer, consultant, or agency who will access your CRM, internal systems, or customer data, a confidentiality obligation, either as a standalone NDA or as a clause within the services agreement, is essential. Note that this is separate from your obligations under the Privacy Act, which apply regardless of what any NDA says.
If you regularly engage external contractors or suppliers, it is worth having a standard NDA template reviewed once and kept ready to use, rather than reaching for a generic online version each time. A fixed-fee template review typically takes less than a day.
When startups probably do not need an NDA
Early-stage investor conversations
Asking a VC or angel investor to sign an NDA before an introductory pitch is generally counterproductive. Most investors will not sign them, not because they intend to misuse your information, but because they see hundreds of pitches and cannot practically manage NDA obligations across their deal flow. Pushing for one signals inexperience. At the pitch stage, avoid sharing anything genuinely proprietary that you are not comfortable being widely known.
General business discussions and networking
Not every external conversation carries confidentiality risk. Casual discussions about your market, your business model, or your growth trajectory do not warrant an NDA. Save the legal overhead for situations where genuinely sensitive, proprietary, or commercially valuable information is being shared.
When the other party already owes you confidentiality
Lawyers, accountants, and other professional advisers owe you confidentiality obligations by law or professional rules. An NDA with your lawyer is redundant. That said, it is worth understanding how your information is handled if it is passed on within your adviser's team, and whether any third parties they engage are similarly bound.
A signed NDA before a conversation is not a signal of distrust. It is a normal part of commercial dealings, and most sophisticated parties will recognise it as such.
One-way vs mutual NDAs: which applies to your situation?
A one-way (or unilateral) NDA protects information flowing in one direction only, typically from you to the other party. This is appropriate when only you are disclosing confidential information: for example, sharing your product specs with a potential manufacturer.
A mutual (or bilateral) NDA protects information flowing in both directions. This is appropriate when both parties are disclosing confidential information, common in partnership negotiations, joint ventures, or investor due diligence where both sides are sharing sensitive commercial detail.
Using a one-way NDA in a situation that calls for a mutual one leaves your counterparty's confidential information unprotected, which can create its own complications if the relationship proceeds.
Where only one party is disclosing confidential information, unilateral arrangements are sometimes structured as a deed or deed poll rather than a standard agreement. This avoids potential enforceability issues that can arise where the recipient is not providing anything in return. If you are putting an NDA in front of a potential partner and the information flow is one-directional, it is worth getting the form right from the outset.
What a well-drafted startup NDA should include
Generic NDA templates are widely available online, but they vary significantly in quality and coverage. At a minimum, your NDA should clearly address:
| Element | What to look for | Common gap in templates |
|---|---|---|
| Definition of confidential information | Broad enough to capture all disclosures, including derivatives and copies | Too narrow, key information falls outside it |
| Permitted purpose | Specifies exactly what the receiving party can use the information for | Missing entirely, no restriction on use |
| Standard exceptions | Information that is already public, independently developed, or legally required to be disclosed | Overly broad exceptions that swallow the obligation |
| Duration | A defined end date, typically two years from signing or last disclosure | Perpetual obligation, harder to negotiate and often resisted |
| Return or destruction | Clear obligation on what happens to the information if the engagement does not proceed | Silent on destruction, information persists indefinitely |
| Remedies | Acknowledges that breach may cause irreparable harm and that injunctive relief is available | Remedies clause missing or limited to damages only |
| Representatives | Extends the obligation to employees and advisers of the receiving party who access the information | Obligation does not flow through to the people who actually handle the information |
Need an NDA drafted or reviewed?
Fixed fee. We will turn it around within two business days and flag anything that does not hold up.
Get in touchA practical approach for founders
The most useful way to think about NDAs is in terms of information value and relationship context. The higher the commercial value of the information you are sharing, and the earlier the relationship, the stronger the case for an NDA before the conversation begins.
It is also worth being realistic about the limits of what an NDA can do. Once commercially sensitive information is in the public domain, it can be difficult or impossible to reinstate its confidential nature. Proving a breach occurred, and tracing how the information entered the public domain, is often harder in practice than it looks on paper. An NDA gives you a legal basis to act, but it is not a substitute for genuine judgment about what you share and with whom.
If you regularly share confidential information with external parties, whether manufacturers, developers, or channel partners, it is worth having a standard NDA template reviewed and kept ready to use, rather than reaching for a generic online version each time.
Frequently asked questions
Does an NDA need to be witnessed or notarised in Australia?
No. An NDA is a standard commercial contract and does not need to be witnessed or notarised to be legally binding in Australia. It needs to be signed by both parties and supported by consideration, which is typically the mutual exchange of confidential information or the promise to enter into a business relationship. Where only one party is disclosing, the agreement is sometimes structured as a deed to sidestep any question about whether consideration exists.
Can an NDA be verbal?
Technically yes, but a verbal confidentiality agreement is extremely difficult to enforce. Without a written record of what was agreed, what information was covered, and what the obligations were, proving a breach in practice is near impossible. Always use a written agreement.
How long should an NDA last?
A typical term is two years from the date of signing or from the date of disclosure, though this varies depending on the industry and the nature of the transaction. Perpetual NDAs, those with no end date, are commercially difficult to negotiate and are often resisted by recipients who cannot assess their long-term obligations. Where the information is particularly sensitive, a longer term can be justified, but the commercial value of most confidential information diminishes over time.
What happens if someone breaches an NDA?
If an NDA is breached, the affected party can seek damages for any loss suffered, or apply for an injunction to prevent further disclosure. In practice, enforcement has limits: proceedings are expensive and time-consuming, proving that a breach occurred and quantifying the resulting loss can be genuinely difficult, and if an injunction is needed urgently the party seeking it will need to act fast and provide an undertaking as to damages. A well-drafted NDA improves your position, but it works best as part of a broader approach to managing what you share and with whom.
Should the NDA cover the receiving party's employees and advisers?
Yes, and this is a gap in many template NDAs. The receiving party's obligation to maintain confidentiality should extend to any employees, officers, or advisers to whom they disclose the information. This is typically achieved either by requiring them to sign individual undertakings, or by including a clause that the recipient is responsible for ensuring their representatives comply with the agreement as if it applied directly to them.
This article is general information only and does not constitute legal advice. The law is complex and fact-specific. What applies in one situation may not apply in yours. For advice specific to your circumstances, speak with a lawyer at Plumlaw at plumlaw.co/contact.