Crash Course on Non-Disclosure Agreements (‘NDAs’)
Non-disclosure agreements are a crucial, but often overlooked, tool in allowing startup companies to grow, build strategic partnerships and explore new business relationships necessary to develop their product or bring it to market. These agreements are often short (sometimes only a page or two) and lead many founders to forego legal advice to get past this "formality" and begin working with the other party to the NDA. Yet, NDAs are important agreements with potentially far-reaching implications for the protection of a company's confidential information and intellectual property, and mishandling of NDAs can come back to haunt a startup years later.
To follow is a short list of some main points to take into consideration; if you are not using a lawyer, consider these points when negotiating an NDA. Keep in mind that there are more points to consider and that these are just a few of the main ones. The list assumes that you are disclosing sensitive information and, accordingly, your focus is on protection of confidential information shared.
1. Mutual vs. Unilateral("one sided") – Should the agreement be mutual or unilateral? If only one party is sharing and disclosing confidential information (such party, the discloser) and the other party is only receiving confidential information (such party, the recipient), then a unilateral NDA may be in place. Often people are indifferent, but still do think about this – you may want to remain in a clear position of no exposure to information of the other party which may block you in the future. If you agree to adopt a mutual NDA, you should still ask yourself which party in the engagement is expected to be the more heavily disclosing party. A mutual NDA can be drafted in favour of the discloser or in favour of the recipient on some of the key points mentioned below and simply accepting the notion of a mutual NDA (sometimes startups do this to appease the other party) doesn’t eliminate the need to consider these points in light of the question of who is expected to be more on the disclosing end.
2. Purpose– The NDA should set the purpose for which information is shared by the discloser, and the recipient. If drafted correctly, the significance here would be that the recipient will be limited to using the confidential information only for that purpose.
3. Timeframe– There is a period of time during which information shared is covered by the agreement, and then there is a separate period of time during which information disclosed remains protected by the agreement. Make sure to set a suitable period of time (normally, this would be around 3 to 5 years). You could try and say that the confidentiality undertakings go on forever until information is simply no longer confidential, but often people will not want to sign an indefinite agreement; in such case, you should try and add a statement that after the contractual period of time, information that constitutes a trade secret of the discloser will still continue to enjoy all protections under applicable law.
4. Others– Does the agreement allow the recipient to share the discloser's information with others such as affiliates, consultants, advisors, etc.? Consider if agreeable. Will you be fine with the recipient sharing your information with all its affiliates (often loosely defined, for example not limited to relations of 100% holdings, etc.) Will you be fine with the recipient sharing your information with outside-of-the-organisation people such as consultants and advisors, who may also be working with others such as competitors of yours, etc.?
5. Ownership– The NDA may be a good place to add a statement that you remain the sole owner of all information shared by you, and you can also try and state that you remain the sole owner even in cases where the other party may contribute to the information by provision of feedback, advice, recommendations, etc.
6. "As-is"– It is good practice to have the NDA state that all information shared by you is provided "as-is", with no representations, warranties, etc. with respect to it. This protects you, for example, against a claim by the recipient that he was damaged by something you shared (e.g. the confidential information infringes on a third party's intellectual property rights).
7. Assignment by Recipient– Beware of the clause in the agreement allowing assignment of the agreement by the recipient to others, such as in case of an M&A transaction (for example, where the recipient sells its assets and operations to a third party). The buyer of the assets and operations may actually be a company with whom you would actually not agree to share your confidential information. The same is true also in case of a change of control over the recipient, especially if the recipient may share the information with its affiliates (this second scenario is rarely ever dealt with, but the risk is still there).
8. Assignment by Discloser– On the other hand, you may want to try and allow the discloser to assign its rights as a discloser to any buyer of discloser, so that the buyer buys the assets and operations together with the full suite of protection that the discloser has.
9. Limited Liability, etc.– Most commercial agreements contain provisions according to which the parties' liability is limited in various manners. Not all such limitations are in place in an NDA. For example, in case of misuse of discloser's confidential information, discloser would expect compensation for indirect damages. So, limitation of liability provisions needs to be carefully reviewed.
10. Governing Law and Jurisdiction– The agreement will state the laws of which country (jurisdiction) will govern the agreement, and also in which country will the parties litigate in case of a dispute or conflict (venue). There are various considerations here, so just in a nut shell – pick a jurisdiction that is favourable to you, where it would be easy for you to conduct a legal proceeding and to enforce it, if needed.
Remember, the NDA is usually sufficient only to govern the exchange of confidential information from one party to another and the treatment of this information. At times, startups believe that once an NDA is signed they are protected enough to commence a commercial engagement. For example, startups at times sign a potential employee or service provider on an NDA and then begin working together (with their commercial understandings agreed orally or in an email). In reality, this could mean that other important legal points, such as the agreement on whether or not intellectual property produced or created in the relationship is assigned to one party or another, have been overlooked. The NDA should either strive to cover these points (it is not unusual to have an NDA include an "assignment of inventions" clause if it is signed with an employee, service provider or consultant) or should serve the parties only for the purpose of evaluating and negotiating their future engagement, whereas an agreement on the other key and commercial legal points should be added to it.