Speak with a lawyer now - Call: 613.869.5440

Signed in as:

filler@godaddy.com

Account

Before you sign, run a Contract Risk Check

Quickly spot the clauses that quietly shift risk onto you.

NDA Guide (US & Canada): How to Review a NDA

NDA Guide (US & Canada) | How to Review, Negotiate, and Avoid Non-Disclosure Agreement Traps

NDA Guide (US & Canada): How to Review a Non-Disclosure Agreement Before You Sign

Suggested URL: /nda-guide/
SEO Title Tag: NDA Guide (US & Canada) | How to Review, Negotiate, and Avoid NDA Traps
Meta Description: A practical NDA guide for founders and small businesses. Learn key clauses, red flags, negotiation scripts, and US-Canada legal watch-outs. Educational only.

Above-the-fold (Hero)

An NDA should do one job: protect confidential information—without quietly restricting your business, creating impossible obligations, or turning normal operations into a breach risk.

This NDA Guide teaches you how to review and negotiate a non-disclosure agreement (also called a confidentiality agreement) in plain language, with a fast checklist, common red flags, and negotiation scripts designed for founders, startups, and small business owners doing deals in the United States and Canada.

Primary CTA: Get the NDA “Before You Sign” Pack (Deal Snapshot + Scorecard + Script Library) → (internal link: /nda-before-you-sign/)

Secondary CTA: Download the Free Contract Risk Checklist → (internal link: /free-checklist/)

Disclosure: Educational information only — not legal advice.

Quick internal links

Prefer the “red flags only” version? → (internal link: /nda-risk-check/)
Reviewing a contractor contract too? → (internal link: /contractor-agreement-risk-check/)
Reviewing a service agreement? → (internal link: /service-agreement-risk-check/)

What is an NDA (and when do you actually need one)?

A Non-Disclosure Agreement (NDA) is a contract where one or both parties agree to keep specified information confidential and use it only for a defined purpose (e.g., evaluating a partnership, vendor, acquisition, or product demo).

You typically need an NDA when you’re sharing:

pricing strategy, customer lists, proprietary processes, playbooks
financials during a sale or investment discussion
product roadmaps, designs, specs, code, inventions (with extra care)

You often don’t need an NDA for:

general marketing conversations
information already public or easily observable
early “getting to know you” chats where nothing sensitive is shared

The 60-second NDA review process

Purpose: Why is information being shared, and what is it allowed to be used for?
Definition: What counts as “Confidential Information” (and what doesn’t)?
Term: How long do obligations last (and is it reasonable)?
Sharing: Can you share with employees/contractors/advisors on a need-to-know basis?
Return/Destruction: Is it realistic given backups + recordkeeping?
Hidden restrictions: Any non-compete, non-solicit, IP grab, or “residuals” clause?

If you hit 2+ red flags, slow down and use scripts (below) or consider review.

Key NDA terms explained (plain language)

1) “Confidential Information”

This is the definition that controls almost everything. Overbroad definitions (“everything we tell you is confidential, forever”) are a top source of accidental breach.

2) “Purpose” / permitted use

This controls what you can do with the information. If the purpose is vague (“business discussions”), you can get boxed in later.

3) Term (duration)

A reasonable NDA often has a finite confidentiality term for ordinary business info, while trade secrets may remain protected as long as they remain trade secrets.

4) Exclusions

Look for standard carve-outs like: already known, independently developed, public, or received lawfully from a third party.

5) Remedies / injunction

NDAs often include “injunctive relief” language. That can be normal, but watch for one-sided remedies and extreme language.

6) Governing law + venue

Cross-border deals can create surprise risk if you agree to an inconvenient forum or unfamiliar rules.

The 7 NDA red flags (with negotiation scripts)

1) “Confidential Information” is defined as “everything”

Why it matters: You can breach accidentally by normal business activity.
Script: “Can we define Confidential Information as information marked confidential (or reasonably understood to be confidential) and limited to the stated purpose of disclosure?”

2) Standard exclusions are missing

Why it matters: Exclusions protect you from unrealistic obligations.
Script: “Can we add standard exclusions (public info, already known, independently developed, or received lawfully from a third party)?”

3) Confidentiality lasts forever for everything

Why it matters: Perpetual obligations increase long-tail risk.
Script: “Can we set a reasonable confidentiality term for general business information, while keeping trade secrets protected as long as they remain trade secrets?”

4) Purpose / permitted use is vague or missing

Why it matters: The “use” clause controls what you can do.
Script: “Let’s add a clear Purpose clause and limit use strictly to that purpose.”

5) Sharing rules are impractical (or too loose)

Why it matters: You either can’t operate, or info spreads too far.
Script: “Can we allow disclosure to employees/contractors/advisors on a need-to-know basis, provided they’re bound by confidentiality obligations?”

6) Return/destruction requirements are unrealistic

Why it matters: Backups and record retention are normal.
Script: “Can we allow retention of archival/backup copies created in the ordinary course and copies required by law, with confidentiality continuing?”

7) Hidden non-compete / non-solicit language slipped in

Why it matters: NDAs shouldn’t restrict competition—only disclosure.
Script: “We can agree to confidentiality, but we can’t agree to non-compete language inside an NDA. Please remove that section.”

US ↔ Canada NDA watch-outs (practical)

If your counterparty is in a different country, clarify:

Where data is stored and who can access it (including subcontractors)
Security obligations (keep them reasonable for the data involved)
Governing law/venue (don’t ignore this—especially for enforcement)
Regulatory carve-outs (see whistleblowing and workplace-rights updates below)

Using AI to review an NDA (what AI can and can’t do)

AI can help you:

summarize the NDA in plain English
highlight defined terms, deadlines, and unusual clauses
generate negotiation email language

AI cannot reliably:

match the NDA to your exact risk tolerance
catch jurisdiction-specific enforceability issues every time
protect sensitive information if you paste confidential text into the wrong tool/workspace

If you use AI, treat it like a junior assistant: useful for speed, not a substitute for judgment.

“Latest” NDA legal developments to be aware of (US + Canada)

These developments are especially relevant if your NDA is tied to employment, settlement, workplace conduct, or whistleblowing (even if your business NDA is “commercial” — templates often recycle clauses).

United States

Speak Out Act (federal): Limits the enforceability of pre-dispute nondisclosure and non-disparagement clauses involving sexual assault and sexual harassment disputes. (Congress.gov)
State laws expanding restrictions: Many states regulate confidentiality provisions in harassment/discrimination contexts; Washington is among the most restrictive (it broadly restricts certain workplace nondisclosure provisions). (Washington State Legislature)
California: SB 331 (“Silenced No More”) expanded limits on confidentiality/non-disparagement in certain workplace settlement and separation contexts (building on SB 820). (LegiScan)
SEC whistleblower rule: The SEC has repeatedly enforced Rule 21F-17 against agreements or policies that could impede reporting; it announced settled actions against seven public companies in 2024 and continues emphasizing unobstructed reporting. (Securities and Exchange Commission)
NLRB (labor law): The NLRB has taken the position that overly broad confidentiality and non-disparagement clauses in severance agreements can violate worker rights; litigation and appellate review have kept this area active. (National Labor Relations Board)

Practical takeaway: NDAs (and confidentiality language more broadly) increasingly need explicit carve-outs for legally protected reporting and disclosures in sensitive contexts.

Canada

Prince Edward Island: PEI enacted a Non-Disclosure Agreements Act limiting NDAs in harassment/discrimination contexts (including rules around when an NDA is permitted). (Government of Prince Edward Island)
Uniform Law Conference of Canada (ULCC): Ongoing work has examined uniform legislative approaches to address concerns about NDAs (notably in harassment/discrimination and related contexts). (ULCC)
Ontario (proposed): Ontario has considered legislation (Bill 124) aimed at regulating NDAs related to discrimination/harassment/sexual misconduct. (Legislative Assembly of Ontario)
Federal discussion: Canadian Senate materials reflect active policy attention on limiting misuse of NDAs in certain contexts (e.g., federally funded workplaces/entities). (SenCanada)

Practical takeaway: In Canada, the direction of travel mirrors the U.S./UK trend: more scrutiny of NDAs used to silence misconduct—meaning your NDA templates should avoid “gag clause” overreach and include reasonable carve-outs.

When to escalate (pause + consider legal review)

Escalate if the NDA involves:

source code, inventions, core IP, patent strategy
a residuals clause you can’t remove
heavy audit/security requirements
non-compete/non-solicit restrictions
very large counterparties with one-sided remedies
regulated data (health/financial/minors) or cross-border data transfers

CTA section (conversion-focused)

Want the complete NDA toolkit (fillable Deal Snapshot, full scorecard, and a full script library with A/B/C fallback options)?

Button: Get the NDA “Before You Sign” Pack → (internal link: /nda-before-you-sign/)
Not ready yet? Start here: Download the Free Checklist → (internal link: /free-checklist/)

FAQ (SEO-friendly)

Is this legal advice?

No. This is educational information to help you spot common issues and negotiate more clearly.

Is a mutual NDA always better than a one-way NDA?

Not always. If only one side is disclosing meaningful confidential information, a one-way NDA can be appropriate.

What’s the single fastest way to reduce NDA risk?

Tighten (1) the definition, (2) the purpose, (3) the term, and (4) practical sharing + backup retention.

Can I just use AI to review an NDA?

AI can help summarize and flag obvious issues, but it won’t reliably match your risk tolerance or catch every enforceability issue—especially across jurisdictions or regulated contexts.

Where do I go next on ContractRiskCheck?

Quick scan: (internal link: /nda-risk-check/)
Full toolkit: (internal link: /nda-before-you-sign/)
Reviewing other contracts: (internal links: /contractor-agreement-risk-check/, /service-agreement-risk-check/)