Jake Stein is the co-founder and CEO at Common Paper, a company that creates open source, standard contracts and software to help startups close deals faster. Common Paper standard contracts are like the SAFE, but for sales instead of fundraising. Previously, he co-founded Stitch (acquired by Talend) and RJMetrics (acquired by Magento, then Adobe).
To operate efficiently and maintain strong relationships, companies often need to share sensitive information with partners, employees, and customers. That could mean disclosing financial results, client lists, product roadmaps, security practices, and more. Without access to the right data, it can be difficult — or even impossible — to evaluate a potential partnership, collaborate effectively on a project, or perform daily work tasks.
While sharing data with selected people and companies is sometimes necessary, it’s critical that it doesn’t spread too far. For example, if a company’s security practices became public information, it could serve as a roadmap for a potential hacker. Non-disclosure agreements, also known as NDAs or confidentiality agreements, are the primary tool for protecting sensitive information. But when you’re building a business, when do you need one, and what should you know about them?
What is an NDA?
An NDA is a contract between parties that creates a legal obligation to keep information confidential. Think of it as a formal promise to protect valuable business secrets. While the concept is simple, the implications and use of NDAs can be nuanced.
Unfortunately, there’s no definitive list of the types of information that do and don’t require an NDA. Like many things in business, there are tradeoffs. The risk of information leaking needs to be balanced against the cost of adding the friction to a deal. However, depending on the situation, an NDA may not add friction and instead inspire confidence in your counterparty that you take confidentiality seriously.
That’s why it’s important to understand the norms and common patterns in using NDAs, and use that to inform your decision about how and when to use them.
When do founders use NDAs?
Three of the situations where founders frequently use NDAs are sales conversations, discussing potential partnerships, and hiring new employees.
Sales
In a sales process, vendors often share product details or their roadmap. Additionally, the customer might ask for information on compliance and security posture, like in a SOC 2 report. These can be critical inputs to aid a customer's purchasing decision, but it could be problematic and put the business at risk if it was released publicly. On the other side, the customer might provide data from their business to help create an implementation plan or to get pricing details. Putting an NDA in place can streamline and protect the information sharing for both parties.
Business Partnerships
Partnerships can take many forms, including co-selling, co-marketing, referrals, reselling, and more. It’s not always apparent upfront what the right model is, or even if a partnership makes sense in the first place. To make these decisions, both sides likely need to share sensitive information about their product, customers, and strategy, to give full context. As a result, an NDA is usually put in place early on in partnership conversations.
Hiring
Employees and contractors need access to the company’s systems and data to do their job. As part of onboarding, most companies have new team members sign a NDA along with an invention assignment agreement. That creates a comprehensive protection package that safeguards a company’s sensitive information and makes it clear that the work product this person creates in the course of their job is owned by the company.
NDAs in Venture Capital
While NDAs are commonplace for founders doing sales, partnerships, or employee onboarding, fundraising is a different story. Most Venture Capitalists won't sign NDAs for initial meetings. Before making an investment in a space, they might meet with more than a dozen founding teams who plan to tackle the problem in different ways. That can add up to hundreds of founders per year, and it would be impractical to track and manage such a high volume of NDAs. Additionally, the founders’ idea is often not the key to the value of the company. Ed Sim, an early stage VC, highlights what’s most important when making a new investment:
“At the company’s inception, the most important factor is the founding team. The idea is going to evolve or change completely over time. If the founders are trying to get everyone they talk to to sign an NDA, it’s a signal they may be focused on the wrong things.”
— Ed Sim, Founder and General Partner Partner at Boldstart Ventures
However, NDAs become more common as startups get to a later stage and raise growth equity, and they are a common part of merger and acquisition discussions.
“When there’s a formal process of raising growth equity or M&A, especially if there’s an investment bank running that process, the parties involved will sign an NDA. The team is still a critical factor in later stage financings and acquisitions, but the difference is that now there’s a lot of data about the business’s operations to evaluate as part of the investment decision. Companies often want to put an NDA in place before sharing that data.”
— Martin Angert, Venture Partner at Susquehanna Growth Equity
What happens when an NDA is violated?
After they’re signed, most NDAs are, metaphorically or literally, put in a drawer and forgotten. Most of the time, NDAs are never needed again — but when they are, they can be absolutely crucial. There’s a spectrum of possible outcomes when an NDA is breached. In some cases, the first step will be a letter from an attorney reminding the recipient of their obligations and demanding they cease and desist from the actions that violate the obligations. If it becomes public, there can be reputational damage, and any business relationship is at high risk.
All that said, an NDA is a legally binding contract, and when one party breaches it, the other party can sue them. A notable example of how serious NDA violations can be is the 2017 legal battle between Waymo and Uber. The dispute centered around a former Waymo employee who allegedly stole trade secrets before joining Uber, leading to accusations of breached confidentiality obligations and misappropriated intellectual property. The case was settled in 2018, with Uber agreeing to pay Waymo $244 million in equity.
What does Mercury use for its NDA?
Mercury takes its NDA and confidentiality process very seriously. Its General Counsel, Robert Gonzalez, joined Mercury in 2022, inheriting a set of custom legal templates that the company had been using. Some of these, including the NDA template, were creating more problems than they solved, causing Gonzalez to look for another solution.
“Half the time we were going to enter into an NDA, the other side came back with tons of redlines to our form, or they rejected using it entirely. I switched us over to the Common Paper Mutual NDA, and now we get almost zero pushback. Partially, it’s just a better agreement, but also I think the fact that it’s a free and open standard really resonates with people.”
— Robert Gonzalez, General Counsel at Mercury
Today, Mercury signs NDAs with customers who need access to the company’s SOC 2 report, as well as numerous vendors and partners. This is part of an overall strategy for the legal team to ensure security and compliance while also enabling the business teams to maintain high velocity.
Takeaways
Startups contain a lot of important information that, when shared with the wrong parties, can put the business at risk. An NDA is a tool to control certain types of risk, but it’s key to understand when and how to use one. As a founder, you have to make tradeoffs about when it’s more important to focus on minimizing downside risk versus maximizing upside potential. Are you closing the big deal by any means necessary? Or do you make sure that you never agree to terms that could come back to bite you?
Ideally, you can find some opportunities to harness the upside and control the downside risk at the same time. When you use a non-disclosure agreement that is fair and in line with standards, it can inspire confidence with your counterparties, remove friction from deals, and ensure that you have the protection you need.
Jake Stein