What should your
NDA actually say?

By Jonathan Kleiman, Barrister & Solicitor · Published June 2026

Almost every week, someone is about to share something sensitive and asks me the same thing: "Should I get them to sign an NDA first?" Usually the answer is yes — and just as often, the NDA they were about to use off the internet would not have done what they needed it to do. A non-disclosure agreement is simple in concept and surprisingly easy to get wrong in the details.

At its heart, an NDA is just a promise to keep a secret, written down so it can be enforced. That is it. But the gap between a promise that holds up and one that falls apart is all in the drafting: what counts as confidential, what the recipient may do with it, how long the promise lasts, and what happens if they break it. Get those right and you have a genuinely useful tool. Get them wrong and you have a piece of paper that gives you a false sense of security.

In this guide I will explain, in plain terms, what an NDA is and what it protects, when you actually need one and when you do not, the difference between a one-way and a mutual agreement, the clauses every NDA should contain, and what makes the difference between an agreement an Ontario court will enforce and one it will not. None of this is legal advice for your specific situation — but it is the framework I use every time I draft one.

What an NDA is — and what it actually protects

An NDA — a non-disclosure agreement, also called a confidentiality agreement — is a contract. In it, one side or both sides promise to keep specified information confidential and to use it only for an agreed purpose. The promise runs in two directions at once: do not disclose the information to others, and do not use it for anything beyond the reason you were given it.

What it protects is information — but not just any information. A good NDA protects the things that give your business an edge if they stay private: customer lists and pricing, source code, product designs, financial statements, business plans, manufacturing processes, supplier terms, and genuine trade secrets. The common thread is that the information has value precisely because other people do not have it. Once it is out, that value can be gone for good.

It helps to be clear about what an NDA is not. It is not a patent, a trademark, or a copyright — those are forms of registered intellectual property with their own protections, which I touch on in my overview of trademark and copyright law in Ontario. An NDA does not create ownership rights in an idea. It does something narrower but still powerful: it creates a contractual duty of confidence, so that if the person you trusted with your information misuses it, you have a clear legal basis to act.

It is also worth being realistic about what an NDA can and cannot do in the real world. It will not physically stop someone from talking — no contract can — and it will not magically un-disclose information once it is out. What it does is shift the consequences. Before an NDA, if a contractor repeats your pricing to a competitor, you may have little recourse. After a properly drafted NDA, that same act is a breach of contract you can pursue, and the existence of the agreement itself often deters the disclosure in the first place. People behave more carefully with information they have signed a document to protect. That deterrent effect is quietly one of the most valuable things an NDA does, long before any question of litigation arises.

Is an NDA the same as a confidentiality agreement?

Yes — for practical purposes they are the same thing, and people use the terms interchangeably. "Non-disclosure agreement" and "confidentiality agreement" both describe a contract to keep specified information secret. You will sometimes see "confidentiality clause" used to mean a confidentiality provision tucked inside a larger contract rather than a standalone document, but the underlying obligation is the same. Do not get hung up on the label; focus on what the document says.

When you actually need an NDA — and when you don't

The honest answer is that you do not need an NDA for everything, and over-papering low-stakes conversations just slows business down. The question I ask is simple: am I about to share something genuinely sensitive with someone who is not already bound to keep it secret? If yes, get an NDA in place first. If no, you may be fine without one.

Here are the situations where I almost always recommend one:

• Pitching investors or lenders. Before you hand over financials, projections, or the inner workings of your model, you want a confidentiality obligation in place. (Be aware that some sophisticated investors decline to sign NDAs at the pitch stage — that is a judgment call worth discussing.)
• Hiring a contractor or employee who will see sensitive material — a developer touching your code, a consultant seeing your books, a freelancer handling customer data.
• Exploring a sale or acquisition. Due diligence means opening your books to a prospective buyer. An NDA is standard — and essential — before that process starts. I cover where it fits in my checklist for buying a business in Ontario.
• Sharing customer data, source code, pricing, or trade secrets with any outside party — a vendor, a partner, a potential collaborator.

And here is where an NDA may add little. If the information is already public, an NDA cannot claw it back. If you are sharing with someone who already owes you a duty of confidence — say, your own lawyer or accountant — the duty already exists. And if what you are protecting is really a relationship rather than information, an NDA may be the wrong tool entirely; you might need a properly drafted services agreement instead, which is its own discipline — I get into that in my guide to service agreements for Ontario small businesses.

One-way (unilateral) vs. mutual NDAs

One of the first decisions in any NDA is its structure, and it turns on a simple question: who is actually sharing information?

A unilateral — or one-way — NDA is used when only one side discloses confidential information and the other side is the recipient who must keep it secret. Think of an inventor pitching a manufacturer, or a business owner showing financials to a single prospective buyer. One party talks; the other party listens and is bound to silence. The obligations all run one way.

A mutual NDA is used when both sides will share sensitive information, so both are bound to protect what they receive. This is the right structure when two businesses are exploring a partnership, a joint venture, or a deal where each will open up to the other. Each party is both a discloser and a recipient, and the protections apply in both directions.

The clauses in the two are very similar — the real difference is who carries the obligation. Choosing the wrong structure is a common error. I regularly see a one-way NDA used for what is plainly a two-way conversation, which leaves one side exposed because their disclosures are not protected at all. Match the structure to the actual flow of information, and when in doubt for a genuine two-way discussion, a mutual NDA is usually the safer default.

The key clauses an NDA should include

This is the heart of the document. A short, well-built NDA that nails these clauses is worth far more than a long one that is vague about what it actually protects. Here is what I make sure is in every agreement I draft.

A clear definition of "Confidential Information"

This is the single most important clause, and the one most templates handle badly. The agreement has to define what is actually confidential — clearly enough that, if a dispute ever lands in front of a judge, it is obvious what the protected information was. Too narrow and you leave gaps; too broad and a court may decide it protects nothing. The sweet spot is a definition that captures the categories that genuinely matter (financials, code, customer data, designs, and so on) without trying to swallow the entire universe of everything the recipient might ever learn.

The permitted purpose

A good NDA states the permitted purpose — the specific reason the recipient is allowed to use the information. "To evaluate a possible investment," "to provide development services," "to assess a potential acquisition." This matters because it limits use, not just disclosure. Without a defined purpose, a recipient could keep your secret faithfully and still use it to compete with you. The purpose clause closes that door.

Exclusions

Every fair NDA carves out information that should not be locked up. Standard exclusions cover information that is already public (through no fault of the recipient), that the recipient already lawfully had before you disclosed it, or that they independently developed without using your confidential information. These exclusions are not a weakness — they make the agreement reasonable and far more likely to be enforced. An NDA with no exclusions at all is a red flag that the drafter did not understand the document.

The recipient's obligations

The agreement sets out what the recipient must actually do: keep the information secret, and limit who sees it — typically only those employees or advisors who need it for the permitted purpose and who are themselves bound to confidentiality. The obligations should be concrete. A recipient who shares your trade secret with their entire team has breached if the NDA said only need-to-know people could see it.

A term or duration

Every NDA needs a term — how long the confidentiality obligation lasts. For an ordinary business discussion, a few years is common. For genuine trade secrets, the obligation may need to last as long as the information stays secret. The key is to tie the duration to the nature of the information rather than slapping "forever" on everything, which can make a court skeptical.

Return or destruction of materials

A solid NDA requires the recipient, on request, to return or destroy the confidential materials — documents, files, copies. This matters most when a deal falls through: you want your information back, or destroyed, not sitting on someone else's hard drive. It is an easy clause to include and a painful one to be missing.

Remedies — including the right to an injunction

Finally, the agreement should spell out remedies. The most important is the right to seek an injunction — a court order stopping further disclosure or use — because once a secret is out, money damages alone are often inadequate to fix the harm. A well-drafted NDA expressly acknowledges that damages may not be enough and that the disclosing party may seek injunctive relief. That single acknowledgement can make a real difference if you ever have to go to court quickly to stop a leak.

What makes an NDA enforceable — and what makes one worthless

An NDA is a contract, and like any contract, it is only useful if a court will actually enforce it. The good news is that Ontario courts will generally enforce an NDA — provided it meets a few conditions.

The first is reasonableness. Courts will enforce an NDA that is reasonable in its scope, its duration, and its definition of confidential information. An agreement that protects a defined category of genuinely sensitive material, for a sensible period, is exactly what the courts are comfortable upholding.

The second is consideration — the basic requirement of any contract that each side gives something of value. In a mutual NDA, the mutual promises supply it. In a one-way NDA signed at the start of a relationship, the access to the information and the dealings between the parties generally provide it. Where this gets tricky is asking someone to sign an NDA well after a relationship has already started, with nothing new given in return — that is a situation worth getting advice on, because a bare promise with no fresh consideration can be vulnerable.

Now the other side. What makes an NDA worthless? An agreement that is overbroad, indefinite, or vague about what is actually confidential is harder — sometimes impossible — to enforce. If the definition of confidential information is so sweeping it captures everything, a court may decide it protects nothing, because it cannot tell what the secret even was. If the duration is indefinite for ordinary business information, that too can sink it. The irony is that the instinct to protect everything is exactly what produces an NDA that protects nothing.

Can a court rewrite an overbroad NDA to save it?

You should not count on it. Courts are generally reluctant to rewrite a private agreement to make an unreasonable clause reasonable — and that reluctance is strongest for restrictive provisions. The safer approach is to draft the agreement reasonably in the first place, with a tightly defined scope and a sensible term, rather than overreaching and hoping a judge will trim it back for you. If your NDA is doing too much, the realistic risk is that the court strikes the offending part rather than politely narrowing it.

From my experience

From my experience, the NDAs that cause problems are almost never the ones that went to court — they are the ones that were never properly written in the first place. A client comes to me after the fact, upset that a former contractor took their pricing model to a competitor, and pulls out the "NDA" they used. More often than I would like, it turns out to be a one-paragraph form that defined confidential information as "anything shared," set no real term, named the wrong party, and said nothing about injunctions. On paper they were protected. In practice they were not.

The flip side is just as instructive. The clients who are in the strongest position when something goes wrong are the ones who treated the NDA as a real document at the outset — a mutual agreement where it should have been mutual, a tight definition of what was actually secret, a permitted purpose that boxed in how the information could be used, and an express injunction clause. When one of those clients calls me about a suspected leak, I have something to work with: a clear contract, a clear breach, and a clear remedy. The difference between the two situations is rarely the size of the dispute. It is whether the agreement was built to hold weight before anyone needed it to.

Something I frequently tell clients is that an NDA is a five-minute conversation and a small cost now, or a much larger and more painful conversation later. The information you are protecting is usually the very thing that makes your business worth something. It deserves a document drafted with that in mind, not a placeholder copied from a deal that had nothing to do with yours.

An NDA is not a non-compete — the difference matters

This is one of the most important distinctions in this whole area, and conflating the two is a mistake I see constantly. An NDA is not a non-compete. They protect different things and are judged by different rules.

An NDA protects confidential information. It stops someone from disclosing or misusing what you shared with them. It does not stop them from working in your industry or competing with you — it only stops them from using your secrets to do it.

A non-compete restricts where or whether someone can work or compete against you. That is a far bigger imposition — it limits a person's ability to earn a living — and Ontario courts judge non-competes by much stricter rules, scrutinizing them closely and refusing to enforce ones that go further than genuinely necessary. There are also statutory limits on non-competes in the employment context. I dig into all of this in my guide to non-compete and non-solicitation clauses in Ontario, and a non-compete agreement lawyer can tell you whether one is even enforceable in your situation.

Why does this matter so much? Because if you draft an NDA so broadly that it behaves like a non-compete — effectively preventing someone from working — you invite a court to apply the stricter non-compete analysis and strike it down. Keep the two documents in their lanes. Use an NDA to protect information; if you genuinely need to restrict competition, use a separate, carefully drafted restrictive covenant designed for that job.

What to do if someone breaks an NDA

Say the worst happens: you learn that someone who signed your NDA has disclosed your information or used it for something they were not allowed to. What are your options? Because an NDA is a contract, a breach gives you contractual remedies, and there are usually two that matter most.

The first is damages — compensation for the loss the breach caused you. If the leak cost you a customer, a deal, or a competitive advantage you can quantify, you can claim that loss as a breach of contract. The challenge with confidential-information cases is that the harm can be hard to measure, which is precisely why the second remedy matters so much.

The second is an injunction — a court order telling the person to stop disclosing or using the information, and sometimes to return or destroy what they have. When a secret is at risk of getting out, speed matters far more than money: once your customer list or your formula is in a competitor's hands, no damages award truly puts you back where you were. A well-drafted NDA that expressly acknowledges damages may be inadequate and reserves the right to injunctive relief makes this remedy easier to pursue quickly.

In practice, the first step is rarely a lawsuit. It is usually a firm letter — putting the other side on notice of the breach, demanding they stop and return your materials, and reserving your rights. A surprising number of situations resolve there, especially when the recipient realizes you have a clear agreement and the resolve to enforce it. Whether you escalate to court depends on the seriousness of the harm, the quality of your evidence, and how the other side responds. If it does escalate into a full breach of contract dispute, the clarity of the original agreement is what determines how strong your hand is.

Common mistakes I see with NDAs

After drafting and reviewing a lot of these, the same handful of errors come up again and again. Each one quietly undermines the protection the business thought it had.

Using a one-way NDA for a two-way conversation. One side downloads a template, both sides sign, and only one of them is actually protected. If you are both sharing, you need a mutual NDA.

A definition of confidential information that is either too vague or too sweeping. "All information exchanged between the parties" sounds protective but is exactly the kind of overbreadth that gives a court trouble. Name the categories that matter.

No permitted-purpose clause. Without it, the recipient can keep your secret and still use it against you. Limiting use, not just disclosure, is half the point.

No exclusions. An NDA with no carve-outs for public or independently developed information looks aggressive and reads as poorly drafted — and that hurts enforceability.

No injunction language. Leaving out the acknowledgement that damages may be inadequate and that injunctive relief is available can cost you precious time if you ever need a court to stop a leak fast.

Signing the wrong party. Getting an NDA signed by an individual when the real counterparty is their corporation — or vice versa — is the same naming problem that haunts every contract, and it can leave you with a promise from the wrong person. If a dispute escalates into a breach of contract claim, suing the right party is everything.

Treating a template as a finished document. A generic form is a starting point, not an answer. The whole value of an NDA is in how well it fits your actual facts, which is where a contract lawyer earns their keep.

Key takeaways

• An NDA is a contract to keep a secret. One side or both promise to keep specified information confidential and use it only for an agreed purpose — disclosure and use are both restricted.
• Match the structure to the information flow. Use a one-way (unilateral) NDA when only one side discloses, and a mutual NDA when both sides share. Picking the wrong one leaves someone exposed.
• The clauses are the value. A clear definition of confidential information, a permitted purpose, exclusions, the recipient's obligations, a term, return or destruction, and an injunction remedy are what make an NDA work.
• Reasonable and supported by consideration is what gets enforced. Ontario courts uphold NDAs that are reasonable in scope and duration; overbroad, indefinite, or vague ones are hard or impossible to enforce.
• An NDA is not a non-compete. One protects information; the other restricts competition and is judged by stricter rules. Do not conflate them, or you risk losing both.

Frequently asked questions

What is an NDA?

An NDA — a non-disclosure agreement, sometimes called a confidentiality agreement — is a contract. One side, or both, promises to keep specified information confidential and to use it only for an agreed purpose. The point is to let two parties share something sensitive without the recipient being free to repeat it, sell it, or use it for themselves. People sign them before pitching investors, hiring a contractor, or exploring a sale. It is a normal, everyday business document, and a properly drafted one gives you a clear contractual right to act if your information walks out the door.

Do I really need an NDA?

Not always. If the information is already public, or you are only sharing it with someone who already owes you a duty of confidence, an NDA may add little. But the moment you are handing genuinely sensitive material to someone outside your circle — a prospective buyer doing due diligence, a developer who will see your source code, a contractor who will touch customer data — an NDA is cheap insurance. It sets expectations in writing and gives you something to enforce. In my experience the businesses that regret skipping one are almost always the ones who shared first and asked questions later.

What is the difference between a one-way and a mutual NDA?

A one-way (unilateral) NDA is used when only one side discloses confidential information and the other side is the recipient who must keep it secret. You would use it when you are pitching an idea and they are just listening. A mutual NDA is used when both sides will share sensitive information, so both are bound to protect what they receive — common when two businesses explore a partnership or a deal. The clauses are similar; the difference is who is on the hook. Matching the structure to the actual flow of information matters more than people think.

What should an NDA include?

A workable NDA defines "Confidential Information" clearly, states the permitted purpose the recipient may use it for, and lists exclusions — information that is already public, that the recipient already lawfully had, or that they independently developed. It sets out the recipient's obligations to keep it secret and limit who sees it, a term or duration, return or destruction of materials on request, and remedies, including the right to seek an injunction. A short agreement that nails those points is far more useful than a long one that is vague about what is actually being protected.

How long should an NDA last?

It depends on the information. For an ordinary business discussion, a term of two to five years after disclosure is common and easy to defend. For genuine trade secrets — a formula, a process, source code — you may want the obligation to last as long as the information stays secret, which can be indefinite for that narrow category. The mistake I see is a blanket "forever" applied to everything, which can make a court skeptical. Tie the duration to how long the information realistically stays sensitive, and you are on much firmer ground.

Is an NDA legally enforceable in Ontario?

Generally, yes. Ontario courts will enforce an NDA that is reasonable in scope, duration, and its definition of confidential information, and that is supported by consideration — something of value each side gives. A clear, properly signed NDA is a real contract with real teeth. Where enforceability gets shaky is when the agreement is overbroad, indefinite, or vague about what is actually confidential. An NDA that tries to lock up everything often protects nothing, because a court asked to enforce it cannot tell what the secret even was.

Can an NDA be too broad to enforce?

Yes, and it is a common failing. If the definition of "Confidential Information" is so sweeping it captures everything the recipient ever learns, or the duration is indefinite for ordinary business information, a court may find the whole thing unreasonable and decline to enforce it. The instinct to protect as much as possible can backfire. A tighter agreement — clear about what is confidential, for what purpose, and for how long — is both easier to enforce and more likely to be respected by the other side, who can actually understand what they agreed to.

What is the difference between an NDA and a non-compete?

They do different jobs and are judged by different rules. An NDA protects confidential information — it stops someone from disclosing or misusing what you shared. A non-compete restricts where or whether someone can work or compete against you, and courts in Ontario scrutinize those far more strictly because they limit a person's ability to earn a living. Conflating the two is a real mistake: an overreaching NDA that behaves like a non-compete invites a court to strike it. Keep them separate, and use each for what it is designed to do.

What can I do if someone breaks an NDA?

You have contractual remedies. You can sue for breach of contract and claim damages for the loss the breach caused. Crucially, an NDA usually also lets you seek an injunction — a court order stopping further disclosure or use — because once a secret is out, money alone often cannot fix the harm. That is exactly why a well-drafted NDA expressly acknowledges that damages may be inadequate and reserves the right to injunctive relief. The first practical step is usually a firm letter; whether you escalate depends on the harm, the evidence, and what the other side does next.

Do I need a lawyer to draft an NDA?

You can find templates online, and for a low-stakes situation one may be fine. But an NDA is only as good as its fit to your facts — the wrong structure (one-way when it should be mutual), a sloppy definition of confidential information, or a missing injunction clause can quietly gut its value. For anything that matters — a sale, a key hire, sharing real trade secrets — having a lawyer tailor it is inexpensive relative to what it protects. In my experience the cost of a proper NDA is trivial next to the cost of a leaked secret you cannot get back.

Final thoughts

An NDA is one of those documents that looks trivial until the day you need it — and on that day, the quality of the drafting is everything. A clear, reasonable, well-structured agreement gives you a real contractual right to protect your information and, if necessary, to go to court and stop someone from misusing it. A vague, overbroad form downloaded in a hurry gives you a comforting signature and not much else.

The good news is that getting it right is not expensive or complicated relative to what it protects. Decide whether you actually need one, choose the right structure, define what is genuinely confidential, set a sensible term, and make sure the remedies — especially the right to an injunction — are in there. Keep it separate from any non-compete, and keep it tailored to your facts rather than someone else's template.

If you are about to share something sensitive and want an NDA that will actually hold up, or you have one in front of you to sign and are not sure what it really commits you to, a non-disclosure agreement lawyer can sort it out quickly. As a Toronto business lawyer, I draft and review these regularly — call 416-554-1639 or book a free consultation, and we can make sure the agreement does the job you need it to do.