Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
- Overview
Common NDA Mistakes
- Using a generic template for every deal
- Signing after disclosure has already happened
- Describing the information too broadly or too narrowly
- Ignoring the purpose clause
- Forgetting subcontractors and related companies
- Assuming the NDA protects ideas by itself
- Using unrealistic enforcement language
- Relying on the NDA instead of process
- Key Takeaways
Lots of New Zealand founders treat an NDA like a magic shield. They send over a one page template, get a signature, then assume their ideas, pricing, product plans and customer data are protected. That is usually where things go wrong. The most common mistakes are using a generic NDA that does not match the deal, defining confidential information too vaguely, and forgetting that an NDA is only useful if it is realistic to enforce.
Another problem is timing. Businesses often hand over valuable information before the NDA is signed, or they accept the other side's standard terms without checking whether the confidentiality obligations are one sided, full of carve outs, or too short to matter. A signed document can look reassuring while doing very little when things get messy.
This guide explains why an NDA can be useless in practice, what a workable NDA should actually cover under New Zealand law, and what to fix before you sign. If you are sharing commercial information with a supplier, contractor, adviser, investor, agency or potential buyer, this is where founders often get caught.
Overview
An NDA can help protect confidential business information, but only if it is drafted for the real situation and paired with sensible business processes. A weak NDA usually fails because the information is not clearly described, the obligations are too narrow, the exceptions are too broad, or the business cannot show what was disclosed and when.
- Identify exactly what information needs protection, such as pricing models, code, product roadmaps, customer lists, supplier terms or financial forecasts.
- Check whether the NDA is mutual or one way, and whether that matches the relationship.
- Review the definition of confidential information and the exceptions to that definition.
- Make sure the permitted use clause is tight, so the recipient can only use the information for the stated purpose.
- Check the term of the NDA and how long confidentiality obligations continue after disclosure.
- Look for clauses dealing with return or destruction of information, intellectual property, and remedies if the NDA is breached.
- Confirm who is allowed to receive the information, including employees, contractors, related companies and advisers.
- Keep practical records of what you disclosed, when you disclosed it, and to whom.
When New Zealand Businesses Use NDAs
NDAs are most useful when you are about to share specific non-public information with someone who does not otherwise owe you a clear duty of confidence. They are common in early stage deal-making, supplier discussions and contractor relationships, but they are not a substitute for a well-drafted main contract.
For many SMEs, the NDA appears before any money changes hands. You might be sounding out a software developer, discussing a manufacturing arrangement, talking to a marketing agency, or giving a consultant access to internal data before you sign a broader service agreement.
Common founder situations
Here are some real business moments where an NDA often makes sense before you sign a contract or before you rely on a verbal promise:
- You are showing a prototype, process or technical workflow to a developer or manufacturer.
- You are sharing sales data, pricing strategy or customer churn figures with a consultant or adviser.
- You are discussing a potential acquisition, investment, joint venture or strategic partnership.
- You are giving a contractor access to customer databases, internal playbooks or supplier terms.
- You are inviting a potential distributor or reseller to review commercial information before a full agreement is negotiated.
That said, not every conversation needs an NDA. If the information is already public, easily reverse engineered, or not especially sensitive, an NDA may add friction without adding much protection. Founders sometimes ask for an NDA before a first meeting about a broad idea, only to discover the other side refuses because the concept is too general and the obligation too uncertain.
What an NDA does, and does not do
An NDA creates contractual obligations about secrecy and permitted use. It can help you claim loss, seek an injunction in some cases, and create a clear standard of conduct if the recipient misuses information.
But an NDA does not automatically protect every idea you mention. It does not replace intellectual property ownership terms, assignment clauses, employment agreements, contractor terms, privacy compliance, or security controls. If your contractor builds software, for example, confidentiality is only one issue. You also need to deal with who owns the code, what can be reused, and what happens on termination.
This is where founders often get caught. They use an NDA as a stand-in for a proper commercial contract, then realise later that the real problem was not secrecy alone. It was ownership, scope of work, data handling, or a vague statement of what each side could do with the information.
Legal Issues To Check Before You Sign
The main legal question is whether the NDA actually matches the risk you are trying to manage. Before you sign, the document should clearly say what is protected, who must protect it, how it can be used, and what happens if things go wrong.
1. What counts as confidential information
If the definition is vague, the NDA may be hard to enforce. A clause that says all information shared between the parties is confidential can be too broad in practice, especially if there is no way to identify what was disclosed.
A better approach is to define confidential information using categories that fit the deal, such as:
- business plans and financial models
- product specifications and source code
- customer and supplier lists
- pricing, margins and sales strategy
- non-public operational processes
- marketing plans, forecasts and internal reports
You can also cover information disclosed verbally, but only if the NDA explains how that verbal disclosure will be confirmed later, such as in writing within a set number of days.
2. Permitted purpose and use restrictions
An NDA should not just say keep this secret. It should also say what the recipient may use the information for. This is one of the most important fixes if your NDA is currently useless.
If you are talking to a manufacturer, the permitted purpose might be evaluating a supply arrangement. If you are talking to an investor, it might be assessing a potential investment. Without a tight purpose clause, the recipient may argue they were free to use the information internally for broader commercial purposes.
3. Exceptions and carve outs
Every NDA has exceptions. The issue is whether they are reasonable or so wide that they swallow the rule.
Common exceptions include information that:
- is already public, other than through a breach
- was already known to the recipient before disclosure
- is lawfully received from someone else without confidentiality restrictions
- must be disclosed by law, court order or regulatory requirement
These are standard, but the wording matters. A recipient should not be able to rely on a broad exception without evidence. Clauses should also require notice where legally permitted, so the disclosing party has a chance to respond before compulsory disclosure happens.
4. Who can access the information
Businesses rarely act through one person. The NDA should say whether the recipient can share confidential information with employees, contractors, related entities, financiers, legal advisers or accountants.
That access should be limited to people who genuinely need to know and who are bound by equivalent confidentiality obligations. If the recipient can pass information widely through its group with no controls, your practical protection is much weaker.
5. Duration and survival
A common template problem is using a confidentiality period that is too short. Twelve months might be enough for some discussions, but it may be meaningless if you are disclosing sensitive methods, pricing architecture or product plans with a longer shelf life.
The right period depends on the information. Trade secrets and highly sensitive know-how often justify longer protection than ordinary commercial discussions. The NDA should distinguish between the term of the agreement and how long confidentiality obligations survive after the relationship ends.
6. Return, deletion and evidence
If discussions end, the NDA should say what happens to the material. A practical clause usually covers return or destruction of documents and deletion of electronic copies, subject to narrow legal or backup exceptions.
Just as important, your business should keep a record of:
- what documents were shared
- when they were shared
- who received them
- whether they were marked confidential
- what meeting notes or verbal disclosures were made
Without this, enforcement becomes much harder.
7. Intellectual property and privacy overlap
An NDA does not automatically transfer ownership of intellectual property. If you are disclosing ideas, designs, code, branding concepts or technical material before you accept the provider's standard terms, check whether a separate clause or agreement is needed to deal with ownership and licence rights.
If personal information is involved, confidentiality is only part of the picture. New Zealand businesses also need to think about Privacy Act obligations, including whether sharing that information is lawful, necessary and properly safeguarded. An NDA cannot fix a privacy problem created by poor data handling.
8. Governing law and enforceability
If you are dealing with an offshore counterparty, the governing law and dispute provisions matter. A New Zealand SME may hold a signed NDA, but enforcing it overseas can still be costly and complicated.
That does not make the NDA pointless, but it does mean you should be realistic. Sometimes the better protection is a mix of limited disclosure, staged sharing, technical controls and a contract review of the wider arrangement with an entity that has assets in a sensible jurisdiction.
Common NDA Mistakes
Most useless NDAs fail because the business relied on the document instead of thinking through the actual risk. The fix is usually not a longer template. It is a sharper contract and better disclosure discipline.
Using a generic template for every deal
An NDA for investor discussions is not the same as one for a software contractor or manufacturer. Different deals raise different issues around permitted use, subcontracting, data access, intellectual property and duration.
A one size fits all form often leaves obvious gaps. It may also include irrelevant clauses that create confusion or make the other side push back.
Signing after disclosure has already happened
This happens all the time. A founder jumps on a call, shares key numbers or a product demo, then sends the NDA later. At that point, some of the most important information may already have been disclosed without contractual protection.
If you know sensitive information is coming, get the NDA sorted first. If that is not practical, limit the early conversation to high level information until the paperwork is in place.
Describing the information too broadly or too narrowly
If everything is labelled confidential, nothing stands out. If the description is too narrow, the recipient may argue the specific material used was outside the definition.
The aim is clarity. Describe the categories properly, then support that with sensible internal practices such as marking documents and controlling access.
Ignoring the purpose clause
A weak purpose clause lets recipients say they used the information for internal evaluation, benchmarking or business planning, even where that hurts you commercially. This is especially risky where you are speaking with a potential competitor, distributor or strategic partner.
The NDA should limit use to the stated purpose and prohibit any other commercial use, copying or exploitation unless you give written consent.
Forgetting subcontractors and related companies
The party you are speaking to may not do the work itself. It might pass your material to affiliates, external developers, consultants or advisers. If your NDA does not deal with onward disclosure clearly, your information can spread quickly.
Founders often discover this only after a relationship sours. By then, proving who saw what can be difficult.
Assuming the NDA protects ideas by itself
An NDA can stop misuse of confidential information, but it does not turn a general idea into owned intellectual property. If your commercial value sits in copyright, trade marks, designs, code or invention rights, those issues need their own treatment.
This matters before you sign with developers, designers, agencies and manufacturers. The NDA may be part of the solution, but it is not the whole solution.
Using unrealistic enforcement language
Some templates promise sweeping remedies that look powerful on paper but add little in reality. The more useful question is whether the clauses support a practical response if there is a breach.
Good drafting usually covers:
- the right to seek urgent court orders where appropriate
- indemnity or damages language that is commercially sensible
- clear obligations to return or delete information
- survival of confidentiality after termination
Even with good drafting, enforcement depends on evidence, speed and the other party's ability to meet a claim.
Relying on the NDA instead of process
This is the biggest mistake. If your team shares confidential files freely, uses unsecured channels, gives broad folder access, or cannot track disclosures, the contract only goes so far.
Practical steps often matter just as much as legal wording. Limit access internally, share information in stages, watermark sensitive documents where appropriate, and keep clean records of discussions.
FAQs
Is an NDA legally enforceable in New Zealand?
Yes, an NDA can be enforceable in New Zealand if it is properly drafted, supported by a genuine commercial relationship, and clear about the information, obligations and exceptions. Enforceability still depends on the facts, the wording and the evidence available.
Do I need a mutual NDA or a one way NDA?
It depends on who is sharing confidential information. A one way NDA suits situations where only one party is disclosing. A mutual NDA is more suitable where both sides will share sensitive information during the discussions.
Can an NDA protect my business idea?
Sometimes, but only to a point. An NDA can restrict disclosure and misuse of confidential information about the idea. It does not automatically give you intellectual property ownership over a broad concept, and it does not replace proper IP clauses where those are needed.
How long should an NDA last?
There is no single right answer. The term should reflect the nature of the information and the deal. Sensitive know-how, code or pricing strategy may justify a longer confidentiality period than an ordinary preliminary discussion.
What if the other side sends their own NDA?
That is common. Before you accept the provider's standard terms, check whether the confidentiality obligations are balanced, whether the permitted use is narrow enough, whether the exceptions are too broad, and whether the duration and disclosure rules actually protect your business.
Key Takeaways
- An NDA is not automatically useful just because it is signed. It needs to fit the actual deal and the real information being shared.
- The strongest NDAs clearly define confidential information, restrict permitted use, control onward disclosure and set a sensible duration.
- Common problems include generic templates, signing after disclosure, weak purpose clauses, short time periods and no record of what was shared.
- An NDA does not replace clauses about intellectual property ownership, data handling, contractor obligations or the main commercial terms.
- Practical controls matter, including staged disclosure, limited access, written records and careful handling of sensitive documents.
- If the stakes are high, review the NDA before you sign, especially where offshore parties, valuable know-how or customer data are involved.
If you want help with confidentiality clauses, intellectual property terms, permitted use restrictions, contract drafting, and contract negotiation, you can reach us on 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.







