NDA Mistakes Startups Make: 6 Clauses That Quietly Sabotage Founder Equity and Recruiting
NDA Mistakes Startups Make: 6 Clauses That Quietly Sabotage Founder Equity and Recruiting
A founder of a 2-person startup signs a "standard NDA" with a potential customer prospect during early sales discussions. The NDA includes broad confidentiality language plus a non-solicitation clause prohibiting hiring "any employee" of the customer for 5 years. Two years later, when the founder identifies a great engineer at the customer's company they want to recruit, they discover the NDA they signed prevents the hire. Worse, when due-diligence happens during a Series A round, the venture firm flags the NDA as a "concerning restriction" affecting future hiring flexibility. The "standard NDA" wasn't standard — it was customer-favorable boilerplate the founder didn't read carefully. NDA mistakes are surprisingly common in early-stage startups because founders treat them as administrative formalities rather than significant legal commitments.
This guide covers six common NDA mistakes startups make: overbroad confidentiality definitions, missing residual-knowledge carve-outs, indefinite term traps, IP assignment confusion, non-solicitation/non-compete bundling, and the venture-diligence implications. Use the non-disclosure agreement template for state-aware NDAs that avoid these traps.
Mistake 1: Overbroad Confidential Information Definitions
The trap: NDAs that define "Confidential Information" as "any information disclosed by either party" without exclusions. This means literally anything the parties discuss becomes subject to confidentiality, including information that:
- Is already publicly available
- Was already known to the receiving party before disclosure
- Was independently developed by the receiving party
- Was rightfully disclosed by a third party
The fix: Always include the four standard exclusions. The USPTO trade-secret guidance specifically addresses what should and shouldn't be covered as confidential information. Without exclusions, the NDA is over-broad and may be partially unenforceable in court.
Mistake 2: Missing Residual-Knowledge Clause for Technical Roles
The trap: A founder signs an NDA with a customer that defines anything "learned during the engagement" as confidential. The founder is also a technical practitioner who carries methodology, framework, and skill knowledge between engagements. The broad NDA could be read to prevent the founder from doing similar work for other customers.
The fix: Include a residual-knowledge clause: "Information retained in unaided memory by the receiving party, including general skills, methodology, industry knowledge, is not Confidential Information for purposes of this Agreement." Standard in technical-services contracts; protects the contractor's ability to work in their field.
The principle is well-precedented in USPTO trade-secret cases — general skills and knowledge cannot be permanently embargoed.
Mistake 3: Indefinite Term Length
The trap: NDA term of "perpetually" or "indefinitely" for general business information. While trade-secret obligations can be indefinite (information remains a trade secret as long as it has commercial value), general business information shouldn't be confidentially-bound forever.
The fix: 2-5 year terms for general confidential business information; indefinite for actual trade secrets (with explicit "trade secret" categorization). Per Defend Trade Secrets Act 18 USC §1836, trade secrets get separate, indefinite protection; non-trade-secret confidential info is reasonably time-limited.
Most jurisdictions will refuse to enforce indefinite confidentiality on routine business information beyond ~5 years; if the language is overbroad, courts may invalidate the entire confidentiality term.
Mistake 4: IP Assignment Confusion in Mutual NDAs
The trap: A mutual NDA includes language about "any intellectual property arising from the discussions" being jointly owned. This sounds reasonable but creates ambiguity about which party owns what was developed during the relationship — particularly problematic when one party contributed pre-existing IP.
The fix: NDAs should generally NOT address IP assignment. IP ownership belongs in separate documents (employment agreements, contractor agreements, JV/M&A agreements). If IP must be addressed in the NDA: explicit statement that "no IP rights are conveyed by this Agreement" — leaving IP transactions to dedicated documents.
The American Bar Association IP licensing resources cover the proper structure for IP-bearing transactions.
Mistake 5: Non-Solicitation and Non-Compete Bundling
The trap: An NDA bundled with a non-solicitation (can't hire from each other for X years) or non-compete (can't work in same field for X years) clause. The bundling often catches the smaller party (the one signing the customer-provided template) by surprise.
The fix: Strip non-solicit/non-compete from NDAs. They should be separate, negotiated agreements when warranted. In California, Bus & Prof Code §16600 voids most non-competes regardless. Non-solicits are more enforceable but should be narrow, time-limited, and reciprocal.
For startups recruiting, broad non-solicits in customer NDAs can prevent later hires. Read carefully before signing.
Mistake 6: Lack of Reciprocity in "Mutual" NDAs
The trap: A "mutual NDA" that's actually one-way in practice. The larger party (typically the customer) does most of the actual disclosing; the smaller party (typically the vendor/startup) just listens and gets bound by confidentiality on the customer's behalf. The reverse confidentiality (customer's obligation to keep startup info confidential) is rarely meaningful in practice.
The fix: For genuinely one-way information flow, use a one-way NDA with the discloser as the protected party. For genuinely mutual exchanges (M&A diligence, JV negotiations), ensure both parties are actually disclosing meaningful information. The mutual NDA framework should match the actual transaction.
Venture Diligence Implications
VC and other investors commonly review startups' executed NDAs during due diligence. Concerns flagged:
- Overbroad confidentiality on the startup's information that limits future commercial flexibility
- Non-solicit clauses preventing future hires
- IP-related language in NDAs that might cloud ownership
- Indefinite-term obligations that survive acquisition events
- One-sided "mutual" NDAs where the startup gave away protections
Per VC due-diligence checklists referenced in ABA Business Law Section guidance, problematic NDAs can complicate or delay financing rounds. Some founders end up in the awkward position of asking customers to amend old NDAs as a precondition for funding.
Best practice: maintain a list of all NDAs the startup has signed. Review for problematic clauses early. Renegotiate if needed before funding rounds.
How the NDA Template Helps
The non-disclosure agreement template generates state-aware NDAs with the four standard exclusions, residual-knowledge carve-out, and reasonable term length. Customize for mutual or one-way, specific permitted use, and term.
Pair with the partnership agreement template for joint ventures, the freelance contract template for contractor engagements, and the residential lease agreement template for office leases that may include confidentiality clauses.
Worked Examples
Example 1 — Vendor NDA from F500 customer. F500 procurement sends a "standard NDA" — 7-year term, broad "any information" definition, non-solicit on F500 employees for 5 years. The startup founder needs to negotiate: (1) 3-year term, (2) standard 4 exclusions, (3) strip the non-solicit (or limit to 18 months and reciprocal), (4) confirm one-way (founder is discloser of methodology) rather than mutual.
Example 2 — M&A diligence NDA. Acquirer and target signing for diligence. Mutual NDA, 5-year term, standard exclusions, deemed-confidential definition, specific permitted use of "evaluating potential acquisition." Notarized for evidentiary value. Properly structured.
Example 3 — Investor NDA before pitch. Common request: investor wants to sign NDA before pitch. Standard VC practice is to refuse signing NDAs at this stage — investors see hundreds of pitches and can't track conflicts. Founder should pitch high-level value proposition without revealing actual trade-secret-level detail. Save deeper info disclosure for post-term-sheet diligence.
Example 4 — Customer NDA blocking later hires. A startup signs a customer NDA with a 3-year non-solicit on customer employees. Two years later, the startup wants to hire a great engineer at the customer. The non-solicit prevents direct hire; possible workaround: hire happens 1+ year after engineer leaves customer (most non-solicits are limited to current employees + recent departures). Or wait out the non-solicit period. Or negotiate a release from customer. None are great options compared to having stripped the non-solicit at signing.
Common Pitfalls
The biggest pitfall is treating customer-provided NDAs as administrative paperwork. Read carefully. Negotiate. Strip problematic provisions. The five-minute review at signing prevents months of complications later.
The second is missing the four standard exclusions. Without them, NDA confidentiality scope is overbroad and partially unenforceable.
The third is bundling IP assignment, non-compete, or non-solicit into NDAs. These deserve separate, deliberate documents — not afterthoughts in confidentiality agreements.
The fourth is using "mutual" NDA template when transaction is genuinely one-way. The smaller party gets bound to confidentiality on the larger party's "disclosed" information that often isn't meaningfully disclosed.
The fifth is failing to maintain an NDA inventory for the startup. When VC diligence happens, scrambling to find old NDAs and identify problematic clauses is stressful. Maintain organized records.
Frequently Asked Questions
Q: What clauses should every NDA include? A: Definition of confidential information, four standard exclusions (publicly available, prior knowledge, independent development, third-party disclosure), reasonable term length (2-5 years general / indefinite trade secrets), permitted uses, return/destruction obligation, governing law.
Q: Should I sign the customer's NDA template? A: Read carefully first. Most templates favor the larger party. Common revisions: shorter term, residual-knowledge carve-out, strip non-solicit/non-compete, ensure four exclusions present, confirm appropriate scope (mutual vs one-way).
Q: How long should an NDA term be? A: 2-5 years for general confidential business information. Indefinite (or "until no longer a trade secret") for actual trade secrets. Indefinite-term for general business info is unusual and may be unenforceable.
Q: Can I sign an NDA with no IP language? A: Yes, and you should. NDAs shouldn't address IP assignment. IP belongs in separate employment, contractor, or JV agreements. If the NDA has IP language, strip it or clarify "no IP rights are conveyed."
Q: Are NDAs enforceable in California? A: Yes for confidentiality, but Bus & Prof Code §16600 voids most non-competes regardless. Non-solicits more enforceable but reasonableness applies. Trade-secret protections remain robust under DTSA federal law regardless of state.
Q: Do investors sign NDAs before pitches? A: Standard VC practice is to refuse pre-pitch NDAs. They see hundreds of deals; tracking conflicts is impractical. Pitch high-level without trade-secret detail; save deeper disclosure for post-term-sheet diligence.
Wrapping Up
NDA mistakes can quietly sabotage future commercial flexibility, recruiting, IP positions, and investor due diligence. Six common mistakes: overbroad definitions, missing residual-knowledge clause, indefinite terms, IP-confusion language, bundled non-solicits, and false-mutual templates. Use the non-disclosure agreement template for state-aware NDAs with the right structure, the partnership agreement template for JVs, the freelance contract template for contractor engagements, and the residential lease agreement template for office leases. Maintain an NDA inventory and review for problematic clauses regularly. Five minutes at signing prevents months of later complications.