Executive Summary

A Non-Disclosure Agreement, or NDA, is a contract that protects confidential information shared between parties. It is commonly used when businesses discuss potential partnerships, investors, employment, outsourcing, supplier arrangements, software development, franchising, acquisitions, or professional services.

For startups and SMEs in the Philippines, an NDA can help protect business plans, pricing, customer lists, trade secrets, financial records, formulas, software ideas, marketing strategies, and other sensitive information.

An NDA is not only for large corporations. Small businesses and early-stage startups often need it even more because their competitive advantage may depend on ideas, relationships, technology, branding, customer data, or confidential operating methods.

Under Philippine contract principles, obligations arising from contracts generally have the force of law between the parties and must be complied with in good faith. This means that a properly drafted and valid NDA can create enforceable obligations between the parties.

This guide explains what an NDA is, when businesses should use one, what clauses should be included, common mistakes to avoid, and practical examples for startups and SMEs.

What Is an NDA?

An NDA, or Non-Disclosure Agreement, is a legal agreement where one or more parties promise not to disclose or misuse confidential information.

In simple terms, it says: “I will receive sensitive information, but I will not share it or use it for purposes not allowed by the agreement.”

An NDA may be one-way or mutual.

A one-way NDA is used when only one party will disclose confidential information. For example, a startup shares its business model with a potential contractor.

A mutual NDA is used when both parties will exchange confidential information. For example, two companies are exploring a possible joint venture and both need to disclose financial, technical, or commercial information.

The key purpose of an NDA is to protect trust before confidential information is shared.

Why NDAs Matter for Startups and SMEs

Startups and SMEs often move fast. They speak with suppliers, investors, freelancers, consultants, agencies, developers, distributors, employees, and potential partners.

During these conversations, sensitive information may be disclosed before a final contract is signed.

Without an NDA, the receiving party may misuse the information, share it with competitors, copy the business model, contact customers directly, or use confidential data for another project.

This can be damaging, especially for small businesses that rely heavily on ideas, customer relationships, pricing strategies, prototypes, brand concepts, software, and market plans.

An NDA helps set boundaries. It tells the other party what information is confidential, how it may be used, who may access it, how long confidentiality lasts, and what happens if the agreement is breached.

Step-by-Step Guide: How to Use an NDA Properly

Step 1: Know when to use an NDA

A business should consider using an NDA before sharing sensitive information.

This is especially important when discussing potential investments, partnerships, mergers, acquisitions, software development, product prototypes, customer lists, marketing campaigns, financial records, franchise systems, supplier pricing, or trade secrets.

For startups, an NDA may be useful before pitching detailed business plans to potential partners or before giving a developer access to product specifications.

For SMEs, an NDA may be useful before sharing supplier information, internal pricing, customer databases, employee records, or operational manuals.

An NDA should be signed before confidential information is disclosed, not after the information has already been shared.

Step 2: Identify the parties correctly

The NDA should clearly identify who is disclosing information and who is receiving it.

If the party is an individual, use the full legal name and address. If the party is a corporation, partnership, or registered business, use the registered legal name and principal office address.

For companies, the person signing the NDA should have authority. This may be shown through a board resolution, secretary’s certificate, written authorization, or position that clearly carries signing authority.

This matters because an NDA is only useful if it can be enforced against the correct party.

Step 3: Define confidential information clearly

A strong NDA should explain what information is protected.

Confidential information may include business plans, trade secrets, formulas, financial records, pricing, customer lists, supplier lists, marketing strategies, software code, product designs, technical data, internal policies, contracts, proposals, and personal data.

The definition should be broad enough to protect the business, but not so vague that it becomes confusing.

A good NDA may also state that confidential information can be shared orally, visually, electronically, physically, or through access to systems, documents, meetings, or demonstrations.

For example, a startup demonstrating a prototype should make clear that the concept, design, technical process, and business model are confidential even if not all details are written down.

Step 4: State the permitted purpose

An NDA should state the purpose for which confidential information may be used.

This is one of the most important clauses.

For example, the NDA may say that the information may only be used to evaluate a possible investment, perform a specific service, prepare a proposal, negotiate a partnership, or assess a business transaction.

Without a permitted purpose, the receiving party may argue that it had broader freedom to use the information.

A clear purpose clause helps prevent misuse. It tells the receiving party: “You may use this information only for this specific reason.”

Step 5: Limit who may access the information

The NDA should identify who can receive or access confidential information.

In many cases, the receiving party may need to share the information with employees, officers, lawyers, accountants, consultants, or advisers. The NDA should allow this only when necessary and should require those persons to keep the information confidential.

The receiving party should remain responsible for unauthorized disclosure by its representatives.

This is especially important when dealing with agencies, outsourcing providers, software developers, accounting firms, consultants, investors, or groups where multiple people may access sensitive records.

Step 6: Add non-use and non-disclosure obligations

The heart of an NDA is the promise not to disclose and not to misuse the information.

The receiving party should agree not to disclose confidential information to unauthorized persons and not to use it for any purpose other than the permitted purpose.

This means the receiving party should not use confidential information to compete, copy, solicit customers, build a similar product, approach suppliers, or benefit another business unless allowed.

For startups and SMEs, this clause is critical because the real danger is not only disclosure. The bigger risk is often unauthorized use.

Step 7: Include exclusions from confidentiality

Not all information should be treated as confidential forever.

An NDA usually excludes information that is already publicly available, already known to the receiving party before disclosure, independently developed without using the confidential information, or lawfully received from another source without confidentiality restrictions.

These exclusions make the NDA more balanced and reasonable.

For example, if a marketing strategy is already publicly available on the company’s website, it may not be proper to treat that same public information as confidential.

Step 8: Set the confidentiality period

The NDA should state how long confidentiality obligations will last.

Some NDAs last for two, three, or five years. Some information, such as trade secrets, may need protection for as long as the information remains confidential and commercially valuable.

The correct period depends on the type of information.

For example, a short-term marketing plan may lose value after a campaign ends. But a formula, source code, customer database, or proprietary process may require longer protection.

Businesses should avoid using a random term without considering the nature of the information.

Step 9: Address return or destruction of documents

The NDA should explain what happens when discussions end or when the business relationship is over.

The receiving party may be required to return or destroy confidential documents, delete digital files, remove access to systems, and certify compliance upon request.

This is important because confidential information can remain in emails, cloud folders, hard drives, shared drives, messaging apps, and printed documents.

Startups and SMEs should pay attention to digital copies. Confidential information is often easier to duplicate than to recover.

Step 10: Include remedies for breach

An NDA should state what may happen if the receiving party violates the agreement.

Possible remedies may include damages, injunction, return of information, deletion of files, attorney’s fees, and other legal remedies allowed by law.

An injunction may be important because money may not fully repair the damage caused by disclosure of trade secrets, customer lists, or product strategies.

For example, if a former consultant is about to disclose a client list to a competitor, the business may need urgent legal action to stop the disclosure.

Step 11: Consider data privacy obligations

If the confidential information includes personal data, the NDA should work together with data privacy compliance.

The Philippines has the Data Privacy Act of 2012, which applies to the processing of personal information in government and the private sector. Businesses that share employee records, customer lists, IDs, financial information, contact details, or user data should not rely on an NDA alone.

An NDA protects confidentiality, but data privacy laws may require additional safeguards such as lawful basis for processing, security measures, access controls, retention limits, breach response, and proper data sharing arrangements.

For SMEs and startups handling customer data, privacy clauses should be reviewed carefully.

Step 12: Review intellectual property issues

An NDA does not automatically transfer ownership of ideas, designs, software, trademarks, or inventions.

This is a common misunderstanding.

An NDA only protects confidential information. If the parties also want to address ownership of intellectual property, they should include separate IP clauses or sign a separate intellectual property assignment, development agreement, service agreement, employment agreement, or technology agreement.

For example, if a startup shares an app idea with a developer, the NDA may prevent disclosure of the idea. But the startup still needs a development agreement stating who owns the source code, designs, documentation, and final product.

IPOPHL recognizes protection for undisclosed information or trade secrets as part of the intellectual property framework, but businesses should still use proper contracts to preserve ownership and confidentiality.

Risks and Penalties

The main risk of not having an NDA is loss of control over sensitive business information.

A competitor may learn your pricing. A supplier may use your strategy. A freelancer may reuse your concept. A potential partner may approach your customers directly.

A former employee may share internal documents. An investor discussion may expose your business model without clear limits.

For startups, this can affect fundraising, product launch, investor confidence, and competitive advantage.

For SMEs, it can affect customer relationships, supplier negotiations, trade secrets, and business reputation.

There may also be legal risks if personal data is disclosed without proper controls. If customer or employee information is involved, confidentiality should be paired with data privacy compliance.

A poorly drafted NDA may also create problems. If the NDA is too vague, signed by the wrong party, lacks a clear purpose, or does not define remedies, enforcement may become difficult.

Practical Examples

Example 1: Startup pitching to a potential investor

A startup is preparing to pitch a new platform to a potential investor. The pitch includes revenue projections, technical roadmap, customer acquisition strategy, and product architecture.

Before sharing detailed confidential information, the startup may ask the investor to sign an NDA.

The NDA should define the permitted purpose as evaluating a possible investment. It should prevent the investor from using the information for a competing business or sharing it with unauthorized third parties.

Example 2: SME sharing customer data with a service provider

An SME hires an outside marketing agency. The agency will access customer names, phone numbers, emails, purchase history, and campaign data.

The SME should use an NDA together with data privacy clauses. The agreement should limit use of customer data, restrict disclosure, require security safeguards, and require deletion or return of data after the engagement.

Example 3: Founder discussing a business idea with a developer

A founder shares an app concept, prototype screens, revenue model, and user flow with a freelance developer.

An NDA can protect the confidential information, but it is not enough by itself. The founder should also use a development agreement that states ownership of the code, deliverables, documentation, and intellectual property after payment.

Example 4: Supplier receiving internal pricing information

A retailer shares confidential pricing data and sales forecasts with a supplier to negotiate better terms.

The NDA should prevent the supplier from sharing the information with competitors or using it to disadvantage the retailer in future negotiations.

Example 5: Employee with access to trade secrets

A company hires an employee who will access recipes, formulas, client lists, internal systems, or financial information.

The employment contract should include confidentiality clauses, and a separate NDA may be used for highly sensitive roles. The obligation should continue even after employment ends.

Common Mistakes to Avoid

Mistake 1: Signing an NDA after disclosure

An NDA should be signed before confidential information is shared. Once information has already been disclosed without restrictions, protection may become harder.

Mistake 2: Using a generic NDA

A generic NDA may not fit the transaction. NDAs should be customized based on whether the situation involves investors, employees, consultants, suppliers, technology, customer data, or joint ventures.

Mistake 3: Defining confidential information too vaguely

If the definition is too vague, the receiving party may not know what is protected. The NDA should clearly describe the categories of protected information.

Mistake 4: Forgetting the permitted purpose

Without a clear purpose, the receiving party may argue that the information could be used broadly. The NDA should limit use to a specific transaction or relationship.

Mistake 5: Assuming an NDA transfers IP ownership

It does not. An NDA protects confidentiality. Intellectual property ownership should be addressed separately.

FAQ Section

What does NDA mean?

NDA means Non-Disclosure Agreement.

It is a contract that prevents a person or business from disclosing or misusing confidential information.

Is an NDA enforceable in the Philippines?

Yes, an NDA may be enforceable if it meets the requirements of a valid contract and its terms are lawful, clear, and reasonable.

Who needs an NDA?

Startups, SMEs, employers, service providers, consultants, suppliers, investors, freelancers, developers, and businesses sharing confidential information may need an NDA.

Is an NDA enough to protect a business idea?

An NDA can help protect confidential information about the idea, but it does not automatically protect intellectual property or prevent all competition. For stronger protection, businesses may also need IP registration, assignment agreements, service contracts, employment contracts, or technology agreements.

What information can be protected by an NDA?

An NDA can protect business plans, financial data, customer lists, supplier lists, formulas, trade secrets, software, product designs, marketing strategies, pricing, internal processes, and other sensitive information.

How long should an NDA last?

It depends on the information. Some obligations may last a few years, while trade secrets may need protection for as long as they remain confidential and commercially valuable.

Should an NDA be notarized?

Not all NDAs need to be notarized to be valid. However, notarization may help with evidentiary value and formality in certain situations.

Can an NDA cover personal data?

Yes, but if personal data is involved, the NDA should be paired with data privacy clauses and compliance with the Data Privacy Act.

What happens if someone violates an NDA?

The injured party may seek remedies such as damages, injunction, return or destruction of documents, attorney’s fees, and other remedies depending on the agreement and applicable law.

Call-to-Action

An NDA is a practical and powerful tool for protecting confidential information. For startups and SMEs, it can help safeguard business ideas, trade secrets, customer data, financial records, pricing strategies, and strategic plans before they are shared with investors, employees, freelancers, suppliers, consultants, or potential partners.

But an NDA must be properly drafted. It should clearly define the confidential information, permitted purpose, obligations of the receiving party, duration, exclusions, remedies, data privacy obligations, and related intellectual property issues.

Aureada CPA Law Firm assists startups, SMEs, professionals, founders, employers, investors, and business owners in drafting, reviewing, and negotiating NDAs, confidentiality agreements, service contracts, employment agreements, data privacy documents, and intellectual property protection strategies.

If your business is preparing to share sensitive information, legal review before disclosure can help protect your rights, preserve your competitive advantage, and reduce future disputes.