If you’re building a business, you’re going to share information. With employees, contractors, suppliers, potential investors, collaborators, and sometimes even customers.
The tricky part is that the more you share, the more you risk losing control of what makes your business valuable in the first place - your ideas, pricing, processes, data, and strategy.
That’s where a Non-Disclosure Agreement (NDA) can help. This guide is updated for today’s business environment, where fast-moving digital collaboration, remote work, and data handling expectations make confidentiality more important than ever.
Below, we’ll break down what an NDA is, when you should use one, what to include, and the common mistakes we see business owners make when they try to “DIY” confidentiality.
What Is An NDA (And What Does It Actually Do)?
An NDA (Non-Disclosure Agreement) is a contract that sets clear rules about confidential information.
In simple terms, it’s an agreement where one party agrees:
- to keep certain information confidential,
- to use it only for a specific purpose (e.g. evaluating a partnership), and
- not to share it with others without permission.
NDAs are used across all sorts of industries - from tech and creative businesses to hospitality, retail, professional services and manufacturing.
Why An NDA Matters For Small Businesses
It’s easy to assume NDAs are “only for big companies”. But in reality, smaller businesses often have more to lose because:
- your competitive advantage might be concentrated in one system, one supplier relationship, or one method;
- you might be relying on contractors rather than large internal teams;
- you’re more likely to be pitching or collaborating to grow; and
- a dispute can take up time and money you simply don’t have.
An NDA won’t magically prevent someone from doing the wrong thing, but it can put you in a far stronger position if there’s a breach - and it often stops problems before they start, simply because expectations are clear.
What An NDA Is Not
It also helps to be clear on what an NDA doesn’t do.
- It doesn’t automatically protect your IP. It supports confidentiality, but it doesn’t assign ownership of inventions, brand assets, code, designs, or content. For that, you may need IP assignment terms in your contractor or supplier agreements.
- It doesn’t stop someone competing by itself. A confidentiality obligation is different from a restraint of trade or non-compete. Sometimes you need both (but they serve different purposes).
- It doesn’t fix unclear business relationships. If you’re working with a collaborator, you may need a broader agreement covering roles, deliverables, payments, and ownership - not just confidentiality.
Think of an NDA as one piece of your legal foundations. A very useful piece - but not the whole structure.
When Should You Use An NDA In Your Business?
A good rule of thumb is: if you’re about to share information that would harm your business if it got out, it’s worth considering an NDA.
Here are common situations where NDAs come up in day-to-day business.
1) Hiring Or Engaging People (Employees And Contractors)
New team members often gain access to sensitive information quickly - customer lists, internal processes, pricing, strategy, and operational systems.
Confidentiality obligations are usually included in a properly drafted Employment Contract or contractor agreement, but sometimes you’ll also use a standalone NDA for:
- early-stage discussions before someone starts work;
- short-term projects;
- consultants with broad access; or
- where multiple parties need to sign the same confidentiality terms.
Practical tip: if someone is actually performing work, an NDA alone is rarely enough. You’ll usually want a broader contract covering scope, payment, IP, and liability.
2) Talking To Potential Investors Or Strategic Partners
Pitching your business often involves sharing financials, customer metrics, growth strategy, and product plans.
While some investors may resist signing an NDA at the very start (depending on the context), it’s still worth thinking strategically about:
- what you can share without an NDA (high-level, non-sensitive info), versus
- what should only be shared once confidentiality is locked in (detailed financials, customer lists, technical details).
If you’re also discussing equity, governance or business ownership changes, it’s worth aligning confidentiality with your broader company documentation (for example, terms that sit alongside a Shareholders Agreement once the relationship progresses).
3) Working With Suppliers, Manufacturers, Or Developers
If you’re sharing product formulas, packaging plans, design concepts, or a unique way of delivering your service, suppliers and developers may need access to the “how” behind your business.
This is one of the most common NDA scenarios we see, especially for businesses that are building:
- software platforms or apps;
- branded product lines (including white-label and manufacturing arrangements);
- new food or beverage products;
- specialised service models; or
- new operational systems.
In these cases, your NDA should work hand-in-hand with the commercial agreement that covers delivery, quality standards, timelines, and IP ownership.
4) Exploring A Sale, Purchase, Or Merger
During due diligence, businesses often exchange highly sensitive information - revenue reports, supplier contracts, employee details, and internal processes.
An NDA is typically one of the first documents signed before information is shared. If you’re in this space, you may also be dealing with formal transaction documents such as an Asset Sale Agreement or share sale documentation.
Even if the deal doesn’t go ahead, you’ll still want strong confidentiality protections in place.
What Should A Good NDA Include?
NDAs aren’t “one size fits all”. The most effective NDAs are clear, practical, and tailored to the situation.
Here are the key clauses we typically look for when drafting or reviewing NDAs for New Zealand businesses.
This is the heart of the NDA. If the definition is too narrow, your sensitive information might fall outside it. If it’s too broad, it can become unrealistic and harder to enforce (and may scare off the other party).
A good definition usually covers things like:
- pricing, costs and profit margins;
- customer and supplier details;
- product plans, specifications and roadmaps;
- processes, systems, and internal documentation;
- technical information (including code, designs, prototypes); and
- business strategies and commercial opportunities.
It also often deals with whether information must be marked “confidential” to be protected - and how verbal disclosures are handled.
A common mistake in generic templates is that they forget to properly limit how the other party can use your information.
Your NDA should clearly say the confidential information can only be used for the defined purpose - for example:
- evaluating a proposed partnership;
- quoting for services;
- developing a prototype;
- providing specified services; or
- assessing an acquisition.
This matters because “don’t disclose” alone isn’t always enough - sometimes the bigger risk is misuse (like using your pricing model internally) rather than directly leaking it.
In real businesses, information rarely stays with one person. It might be shared with staff, contractors, professional advisers, or related companies.
Your NDA should deal with:
- who can receive the information (e.g. employees who “need to know”);
- whether the recipient must ensure their team members keep it confidential; and
- whether sharing with third parties requires written consent.
This is especially important if you’re sharing information with a larger organisation, where multiple departments may be involved.
Confidentiality isn’t just about intention - it’s also about practical security.
Many NDAs now include obligations to take reasonable steps to protect confidential information, such as:
- using secure systems and access controls;
- not downloading data onto personal devices without permission;
- restricting access within the business;
- promptly notifying you of any suspected breach.
If your NDA involves personal information (like customer details), privacy compliance also comes into play under the Privacy Act 2020. In those scenarios, your confidentiality terms should align with your broader privacy approach (including an appropriate Privacy Policy if you collect personal information through your website or platform).
Term: How Long Does Confidentiality Last?
NDAs can run for:
- a fixed period (e.g. 2–5 years), or
- indefinitely (especially for trade secrets).
What’s appropriate depends on the type of information. For example, a short marketing plan might lose sensitivity quickly, but a proprietary method or algorithm may remain valuable for years.
It’s also worth clarifying that confidentiality can continue even after a commercial relationship ends.
If the relationship ends - or the discussions go nowhere - you’ll usually want the other party to return or delete confidential information.
Good NDAs clearly cover:
- returning physical documents;
- deleting electronic copies (including backups where practical);
- confirming destruction in writing if requested.
This can be crucial in reducing ongoing leakage risk.
Exclusions: What Isn’t Confidential?
Most NDAs exclude information that is:
- already public (without a breach);
- already known to the receiving party (and they can prove it);
- independently developed without using your information; or
- required to be disclosed by law (e.g. a court order).
These exclusions are normal - and often necessary for fairness and enforceability.
What Happens If There’s A Breach?
Your NDA should set out what you can do if there’s a breach. This often includes:
- the right to seek damages (compensation);
- the ability to apply for urgent court orders to stop disclosure (often called injunctive relief); and
- costs or indemnity provisions (depending on the situation).
The right remedy depends on your goals. Sometimes the priority is stopping further damage, not chasing money after the fact.
What Are Common NDA Mistakes Business Owners Make?
NDAs feel simple, which is exactly why they’re easy to get wrong. Below are issues we commonly see when businesses use templates or copy-paste documents from the internet.
Using A Generic Template That Doesn’t Match The Relationship
An NDA for a contractor building your software is very different from an NDA for a potential buyer looking at your financials.
Templates often miss key points like:
- who owns improvements or feedback;
- whether confidential information can be shared with advisers;
- what security measures must be used; and
- how long obligations should last.
This is one reason it’s risky to “set and forget” your legal documents as your business grows.
If your NDA tries to label everything as confidential, it can create practical problems. The other party may not be able to comply, or the document might be challenged as unreasonable.
A better approach is to define confidentiality broadly enough to protect you, but specifically enough that it’s workable.
Not Thinking About IP Ownership
If you’re sharing information in a context where someone will create something for you (like designs, code, branding, or written content), confidentiality isn’t the whole story.
You’ll likely need terms that deal with ownership, licences, and assignment of intellectual property. Depending on the arrangement, this can sit in a services agreement rather than the NDA.
If you disclose customer data, staff data, or health information (in relevant sectors), you may be dealing with more than commercial confidentiality.
New Zealand’s Privacy Act 2020 focuses on how personal information is collected, stored, used, and disclosed. Even if the other party signs an NDA, you should still ensure you’re only sharing personal information where you’re legally entitled to, and that the data is protected appropriately.
Signing The Wrong Type Of NDA
There are usually two common structures:
- One-way NDA (only one party discloses confidential information), and
- Mutual NDA (both parties disclose confidential information).
Signing a mutual NDA can be fine - but you should make sure you actually understand what you are agreeing to keep confidential too.
For example, if you’re receiving a supplier’s pricing model, you might be agreeing not to disclose their information. That’s not necessarily a bad thing - but you should be aware of it and ensure it doesn’t block your operations (like getting advice from your accountant or business adviser).
How Do NDAs Fit Into Your Wider Legal Foundations?
A strong NDA is a great start, but most businesses need a broader “legal toolkit” to stay protected from day one.
In practice, confidentiality often overlaps with other parts of your legal setup.
Employment And Contractor Arrangements
For team members, confidentiality clauses should usually sit inside the contract that governs the working relationship - not as an afterthought.
For employees, that will typically be your Employment Contract, plus policies and processes (especially if the employee will handle customer data or company systems).
For contractors, you’ll want confidentiality plus clear terms on deliverables, fees, and IP ownership.
Business Structure And Ownership Documents
If you’re running a company with multiple founders or shareholders, confidentiality should also be consistent with your governance documents.
For example, your Company Constitution and Shareholders Agreement may cover:
- what information shareholders can access;
- what happens when a shareholder exits;
- whether shareholder information can be shared externally; and
- how disputes are managed.
This becomes especially important if a co-founder leaves, or if you bring on investors later - moments where “who knows what” can become a real issue.
Commercial Contracts And Customer Terms
If your business provides services, your confidentiality obligations might flow both ways:
- your customers may share sensitive business info with you, and
- you may share methods, pricing, or internal materials with them.
In those cases, it’s often best to embed confidentiality into your core service contract or terms rather than relying solely on a standalone NDA. A tailored Service Agreement can cover confidentiality alongside scope, payment terms, limitations of liability, and dispute management.
Deals, Due Diligence, And Exit Planning
If you’re selling, buying, or restructuring a business, confidentiality becomes central very quickly.
NDAs often sit alongside transaction documents, including an Asset Sale Agreement where the deal involves selling business assets rather than shares.
Getting the NDA right early can prevent a common nightmare scenario: a deal falls over, but your confidential information keeps circulating.
Key Takeaways
- An NDA helps protect your confidential information by setting clear rules on what can be shared, how it can be used, and who can access it.
- NDAs are especially useful when dealing with employees, contractors, suppliers, investors, collaborators, or business sale discussions where sensitive information is being exchanged.
- A well-drafted NDA should clearly define confidential information, limit permitted use, set security expectations, deal with return or deletion of information, and specify how long confidentiality lasts.
- Common NDA mistakes include relying on generic templates, using overly broad definitions, ignoring IP ownership issues, and overlooking privacy obligations under the Privacy Act 2020 when personal information is involved.
- NDAs work best as part of your wider legal foundations, alongside the right contracts and governance documents for how your business actually operates.
If you’d like help drafting or reviewing an NDA (or making sure your contracts and policies work together properly), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
