Non-disclosure agreements are among the most common contracts in business. You encounter them when interviewing for jobs, exploring partnerships, hiring contractors, evaluating acquisitions, or discussing business ideas with potential collaborators. They are so routine that many people sign them without a second thought.
That is a problem. While a well-drafted NDA is a perfectly reasonable way to protect legitimate trade secrets and confidential business information, a poorly drafted or deliberately one-sided NDA can expose you to significant legal risk, restrict your professional freedom, and create obligations that are nearly impossible to fulfill.
Here are 7 NDA red flag clauses that should make you pause before signing.
1. Overly Broad Definition of “Confidential Information”
What the clause looks like: “Confidential Information shall mean any and all information, whether written, oral, electronic, visual, or otherwise, disclosed by or on behalf of the Disclosing Party, including but not limited to business plans, financial data, customer lists, technical specifications, marketing strategies, employee information, operational procedures, and any other information of any nature whatsoever.”
Why it is a red flag: When “confidential information” means “any information of any nature whatsoever,” the definition is so broad that it is practically meaningless and simultaneously all-encompassing. You cannot reasonably protect information if you do not know what qualifies. Under a clause like this, even publicly available information mentioned in a meeting could theoretically be treated as confidential.
The phrase “including but not limited to” followed by a long list is a classic drafting technique that sounds specific but is actually expansive. The list creates the impression of defined boundaries, while “but not limited to” ensures those boundaries do not actually exist.
What is reasonable: Confidential information should be defined with specificity. It should be limited to information that is marked as confidential, identified as confidential at the time of disclosure, or that a reasonable person would understand to be confidential given its nature. The definition should explicitly exclude information that is already publicly known, independently developed, or received from a third party without restriction.
Standard Exclusions to Look For
A well-drafted NDA should include these carve-outs from the definition of confidential information:
- Information that was already in the public domain at the time of disclosure
- Information that becomes publicly available through no fault of the receiving party
- Information that the receiving party already possessed before disclosure
- Information that the receiving party independently develops without reference to the confidential information
- Information received from a third party who was not under an obligation of confidentiality
If these exclusions are missing, the NDA is either poorly drafted or deliberately one-sided. Either way, it is a red flag.
2. Perpetual or Unreasonably Long Duration
What the clause looks like: “The obligations of confidentiality set forth in this Agreement shall survive in perpetuity” or “The obligations of confidentiality shall continue for a period of ten (10) years following disclosure.”
Why it is a red flag: A perpetual NDA means you are bound forever. Information that is cutting-edge today will be common knowledge in five years, but under a perpetual NDA, you are still obligated to treat it as confidential. A 10-year NDA is only slightly better. Over a decade, industries transform, companies pivot, and the information you promised to protect may become irrelevant or publicly available, yet you remain technically bound.
Perpetual NDAs also create a practical problem: you need to remember and comply with the terms indefinitely. Over a career spanning multiple companies, projects, and partnerships, you could accumulate dozens of perpetual NDAs, each with different terms and different definitions of what is confidential. Keeping track of all of them becomes impossible.
What is reasonable: For most business information, a confidentiality period of 2-5 years is standard and sufficient. Trade secrets are an exception and may warrant longer protection, but even trade secret NDAs should acknowledge that the obligation ends if the information ceases to qualify as a trade secret (for example, if it becomes publicly known).
3. Non-Mutual Obligations
What the clause looks like: The NDA only imposes confidentiality obligations on you while the other party has no reciprocal obligations. Information flows both ways, but protection only flows one way.
Why it is a red flag: In most business discussions, both parties share sensitive information. If you are exploring a partnership, you will share details about your business just as the other party shares details about theirs. A one-way NDA means your information has no protection while the other party’s information is fully covered.
Non-mutual NDAs are sometimes appropriate when the information flow is genuinely one-directional, such as when you are receiving a confidential briefing with no expectation of sharing your own proprietary information. But in practice, many companies present one-way NDAs as a standard formality when the relationship actually involves bilateral information exchange.
What is reasonable: If both parties will be sharing confidential information, the NDA should be mutual. Both parties should have the same obligations to protect the other’s information, the same exclusions, and the same remedies for breach. If the other party insists on a one-way NDA, ask why they believe your information does not deserve the same protection.
4. Residuals Clause Missing or Poorly Drafted
What the clause looks like: There is no “residuals” clause, meaning the NDA does not address what happens with information that you remember in your head rather than record in documents or files.
Why it is a red flag: When you receive confidential information, some of it inevitably becomes part of your general knowledge and expertise. You cannot un-learn something. A strict NDA without a residuals clause could theoretically prevent you from using your own professional judgment and experience because that judgment was informed by confidential information.
This is particularly problematic in technology and consulting, where people routinely learn about approaches, architectures, and strategies that become part of their professional toolkit. Without a residuals clause, merely thinking about a problem in a way that was influenced by confidential information could constitute a breach.
What is reasonable: A residuals clause permits the receiving party to use “residual knowledge” — information retained in unaided memory without deliberate memorization — in the course of their normal business activities. This acknowledges the practical reality that humans cannot selectively forget information and protects professionals from liability for using their general knowledge and skills.
5. Liquidated Damages Clauses
What the clause looks like: “In the event of a breach of this Agreement, the Receiving Party shall pay liquidated damages in the amount of $500,000, which the parties agree represents a reasonable estimate of the damages that would result from a breach.”
Why it is a red flag: Liquidated damages clauses set a predetermined penalty for breach, regardless of the actual harm caused. In an NDA, this can be particularly dangerous because breaches can be unintentional. You might accidentally mention something covered by the NDA in a conversation, and the other party could claim a breach and demand the full liquidated damages amount.
The stated amount may bear no relationship to the actual harm caused by a breach. A company might lose nothing from a minor inadvertent disclosure, but the liquidated damages clause entitles them to a six-figure payment. While courts can refuse to enforce liquidated damages that are clearly penalties rather than reasonable estimates, litigating that question is expensive and uncertain.
What is reasonable: Most NDAs rely on actual damages (the harmed party must prove the breach and the resulting loss) and may include provisions for injunctive relief (a court order to stop ongoing or threatened disclosure). This is more proportionate than a predetermined penalty because the remedy matches the actual harm.
If the other party insists on liquidated damages, the amount should be genuinely reasonable in proportion to the type of information being protected, and there should be a distinction between inadvertent and deliberate breaches.
6. Non-Solicitation or Non-Compete Provisions Bundled In
What the clause looks like: “During the term of this Agreement and for a period of 24 months thereafter, the Receiving Party shall not directly or indirectly solicit, hire, or engage any employee, contractor, or customer of the Disclosing Party” or “The Receiving Party shall not engage in any business that competes with the Disclosing Party for a period of 12 months following termination.”
Why it is a red flag: An NDA is supposed to protect confidential information. It is not supposed to restrict who you can hire or what businesses you can pursue. Bundling non-solicitation or non-compete provisions into an NDA is a common tactic for slipping these restrictions past people who would scrutinize them more carefully in a standalone agreement.
Non-compete clauses are particularly concerning. If you are simply evaluating a potential business relationship and the NDA includes a non-compete, you could be restricted from competing with the other party even if the relationship never materializes. You signed the NDA to have a conversation, and now you are barred from an entire market segment.
What is reasonable: An NDA should contain confidentiality provisions and nothing else. Non-solicitation, non-compete, and other restrictive covenants belong in separate agreements where they can be evaluated on their own merits. If the other party wants these protections, they should present them as distinct agreements, not bury them in an NDA.
This tactic is similar to what you might find in employment contracts, where restrictive clauses are bundled into broader agreements to reduce scrutiny.
7. No Defined Process for Return or Destruction of Information
What the clause looks like: There is no clause addressing what happens to confidential information when the NDA terminates or the business relationship ends.
Why it is a red flag: Without a return or destruction clause, you may be obligated to protect confidential information indefinitely because you still have it, even after the NDA’s stated term expires. Conversely, the other party may retain your confidential information with no obligation to return or destroy it.
Additionally, the absence of a clear process creates ambiguity about your obligations. Do you need to delete emails that contain confidential information? What about backup copies? Notes you took during meetings? Without a defined process, these questions are unanswered, and any answer you choose could be deemed wrong after the fact.
What is reasonable: The NDA should include a clause requiring both parties to return or destroy confidential information (and certify the destruction) upon request or upon termination of the agreement. It should include reasonable exceptions for copies retained in automatic backup systems and copies required to be retained by law or regulation. The obligation to maintain confidentiality should survive return or destruction for a defined period.
Additional NDA Provisions to Review
Beyond these seven red flags, pay attention to these additional provisions.
Governing Law and Jurisdiction
Which state’s laws govern the NDA, and where must disputes be resolved? If you are in California and the NDA requires disputes to be litigated in Delaware, you are at a geographic disadvantage. Negotiate for a neutral jurisdiction or your home state.
Notice Requirements
How are you notified of a claimed breach? How must you respond? Ensure the NDA includes a cure period — a window of time to remedy an alleged breach before the other party can pursue remedies.
Permitted Disclosures
Can you share confidential information with your lawyers, accountants, or advisors? A well-drafted NDA permits disclosure to professional advisors who are bound by their own confidentiality obligations. If the NDA prohibits even this, it is unreasonable.
Government and Court-Ordered Disclosures
The NDA should explicitly permit disclosures required by law, regulation, or court order. Without this carve-out, complying with a subpoena or regulatory inquiry could put you in breach of the NDA.
How to Evaluate an NDA Before Signing
Step 1: Determine Whether an NDA Is Appropriate
Not every business conversation requires an NDA. If you are having a preliminary discussion and no genuinely confidential information will be shared, you can decline to sign. An NDA is appropriate when specific trade secrets, proprietary technology, financial data, or strategic plans will be disclosed.
Step 2: Check the Balance
Is the NDA mutual or one-sided? If both parties are sharing information, the obligations should be reciprocal.
Step 3: Review the Key Clauses
Focus on the definition of confidential information, the duration, the exclusions, and any bundled restrictions. These are the clauses that determine whether the NDA is reasonable or problematic.
Step 4: Scan It with Fineprint
Use Fineprint to scan the NDA and get an instant analysis of its key provisions. It will flag one-sided terms, overly broad definitions, missing exclusions, and any non-standard clauses that deserve attention. This is faster and cheaper than a full legal review and gives you a solid foundation for negotiation. For agreements where the stakes are particularly high, you can follow up with a professional contract review.
Step 5: Negotiate
NDAs are negotiable. If you identify red flag clauses, propose specific alternatives. Most companies will accept reasonable modifications, especially if you can explain why the current language is problematic and propose balanced alternatives.
The Bottom Line on NDAs
Non-disclosure agreements serve an important purpose. Businesses need to share sensitive information to explore partnerships, hire employees, and evaluate opportunities. NDAs create a framework of trust that makes these conversations possible.
But trust should be mutual, and protections should be balanced. A well-drafted NDA protects both parties’ legitimate interests without creating unnecessary risk or imposing unreasonable restrictions. A poorly drafted NDA is a trap, sometimes intentionally so.
Before you sign, read the agreement carefully. Look for the seven red flags outlined above. And if something does not look right, speak up. The few minutes you spend reviewing an NDA could save you years of legal headaches and professional restrictions.
Your confidential information deserves protection. So does your freedom to work, compete, and grow. Make sure the NDA you sign respects both.