NDAs & CDAs

Before two organisations share anything sensitive — a pricing model, a product roadmap, a customer list — someone usually slides a confidentiality agreement across the table first. You’ll meet it constantly in procurement, sales, projects, and partnerships. Understanding what it does makes you faster and safer, even though you’ll never be the one to sign it. (This module is general education, not legal advice — when a real agreement lands, route it to your legal team.)

What an NDA or CDA actually is

An NDA — Non-Disclosure Agreement — is a contract that says “I’m going to show you something private, and you promise not to share it or misuse it.” A CDA, or Confidentiality Agreement, is the same thing under a different name; the two terms are used interchangeably, so don’t let the label confuse you. The whole point is to let two parties talk openly about sensitive matters without either one fearing the other will run off and leak or exploit what they learned.

The protection is legal, not magical. The agreement creates a promise the law will enforce, which means if someone breaches it, the wronged party has a route to do something about it. That backstop is exactly what makes people comfortable enough to share the good information in the first place.

One-way vs. mutual

There are two basic shapes. A one-way (or unilateral) NDA protects information flowing in a single direction — one side is the discloser, the other is the receiver. You’d use this when, say, you’re showing a prospective vendor your confidential requirements but they aren’t sharing anything sensitive back. A mutual (or bilateral) NDA protects information flowing both ways, because both sides expect to reveal something confidential. Most genuine partnership and supplier discussions end up mutual, since real conversations rarely flow in just one direction.

The terms that matter

A confidentiality agreement is short, but a handful of clauses do the heavy lifting. Learn to glance for these.

The definition of confidential information sets the boundary of what’s actually protected. Too narrow and your secrets leak through the gaps; too broad and ordinary public facts get swept in. The term (or duration) says how long the obligation lasts — a year, three years, sometimes forever for genuine trade secrets. The permitted use clause limits why the receiver may use the information: usually “only to evaluate this potential deal,” and nothing else. And the return or destruction clause says that when the talks end, the receiver must hand back or delete everything they were given.

Rule of thumb: if you can’t point to the definition of confidential information, the term, and the permitted use, you haven’t really read the NDA yet — those three decide what it’s worth.

A couple of others worth knowing

You may also see carve-outs (also called exclusions) — things that aren’t covered, like information that was already public or that the receiver already knew. These are normal and reasonable; an NDA that pretends to protect public knowledge is overreaching. And watch the governing law clause, which says whose courts and rules apply if there’s a dispute.

When you need one — and when you don’t

Reach for an NDA before any conversation where genuinely sensitive information will change hands: sharing pricing, designs, source code, strategy, or personal data. You generally don’t need one for information that’s already public or trivial — papering everything with NDAs just slows business down and signals you don’t understand what’s actually sensitive. Judgement, not reflex.

Why you shouldn’t sign it yourself

Here’s the firm part. However well you now understand NDAs, you should not sign one on the company’s behalf unless you’re specifically authorised to. These are binding legal contracts, the wording carries real consequences, and a clause that looks harmless can quietly commit your organisation to something costly. Your job is to recognise an NDA, understand roughly what it’s doing, and get it to the right people — usually legal or a designated signatory — quickly and with context. Knowing the terms makes you a faster, sharper partner to them; it does not make you the one who signs.

Spot the NDA type

Read each situation and decide for yourself, then tap a card to flip it and check your answer.

Sort the NDA elements

Drag each element into the bucket it belongs to — or tap an element, then tap a bucket. Hit Check placement when you’re done.

How to use it

When an NDA lands in your inbox, do three things: check whether it’s one-way or mutual, skim for the definition of confidential information, the term, and the permitted use, and then route it to legal with a short note on what the deal is and any timing pressure. Don’t sign, and don’t let a counterpart pressure you to. Useful phrases: “I’ll need to run this past our legal team before we go further.” “Is this meant to be mutual? Both of us will be sharing sensitive information.” “Can you confirm the term and how the information must be returned at the end?” Saying those marks you as someone who takes confidentiality seriously without overstepping your authority.