Free Non-Disclosure Agreement Templates: Mutual vs One-Way (and When Each Applies)

Last reviewed: 2026-05-08 — ScoutMyTool Editorial

A consultant about to take a meeting with a Fortune 500 prospect signs the mutual NDA the prospect's procurement team sends — and three weeks later realizes the contract she pitched contains a non-solicitation clause and a 7-year confidentiality term, neither of which she negotiated. A startup founder drafting their first vendor agreement uses a one-way NDA they downloaded off LegalZoom — and learns mid-deal that the vendor was the one disclosing pricing information that the startup is now contractually bound to keep secret indefinitely. Both deals went sideways for the same reason: the wrong NDA shape was applied to the wrong situation, by parties who hadn't thought carefully about who was actually disclosing what to whom. NDAs are not interchangeable templates — the choice between mutual and one-way is a substantive decision about which party is exposed to disclosure risk, and the term length, jurisdiction, and clause set should follow from that decision.

This guide walks through when each NDA shape fits which transaction, the clauses that are non-negotiable, the California Business & Professions Code §16600 rule that voids overbroad NDAs in California, and how to pick the right free NDA template before signing anything. Get this right and the NDA actually protects what it should; get it wrong and you've signed away rights you didn't realize were at stake.

Free document templates

Business Plan Template

Formal payment request

Browse all tools →

When Mutual vs One-Way Is the Right Choice

A one-way (unilateral) NDA binds one party — the receiving party — to keep the other party's confidential information secret. It fits transactions where information flow is one-directional. The classic example is a vendor pitching a product to a customer: the vendor discloses technical details, pricing, roadmap; the customer mostly listens. The customer signs a one-way NDA agreeing to keep what the vendor disclosed confidential. The vendor doesn't sign anything because they aren't receiving confidential information.

A mutual (bilateral) NDA binds both parties to keep each other's confidential information secret. It fits transactions where both sides will disclose — M&A diligence (each side reveals financials, customer lists, employee data), strategic partnership negotiations (both companies share roadmap and integration plans), joint-venture exploration. Mutual NDAs are the common default for "two companies in a serious conversation about doing business together," because both parties anticipate sharing things they'd want kept confidential.

The wrong-shape mistake usually comes from defaulting to the corporate-procurement template a larger party hands the smaller party. A solo consultant pitching to a Fortune 500 typically receives a mutual NDA — but in the actual transaction, the consultant is the one disclosing methodology, frameworks, and pricing; the Fortune 500 is mostly listening. Signing the mutual binds the consultant to confidentiality on the F500's information without the consultant actually receiving meaningful confidential info from the F500. The consultant should either negotiate to a one-way (with the consultant as the disclosing party) or accept that the mutual now restricts what the consultant can disclose to future prospects (the F500's reaction, feedback, scope of interest).

How NDAs Are Structured

Every functional NDA contains six core clauses. The strength of the agreement depends on how each is written.

Definition of confidential information. This clause specifies what the NDA covers. The two patterns are "marked-as-confidential" (only information explicitly labeled as confidential at disclosure is covered) and "deemed confidential" (any information that a reasonable person would understand to be confidential is covered, regardless of marking). Marked-as-confidential is friendlier to the receiving party but harder to enforce; deemed confidential is friendlier to the disclosing party but creates ambiguity. Trade-secret-only NDAs narrow the definition further to information that meets the Defend Trade Secrets Act 18 USC §1836 definition of trade secret.

Exclusions. Standard exclusions: information that was already publicly available, was already known to the receiving party before disclosure, was independently developed by the receiving party without reference to the disclosure, or was rightfully disclosed by a third party. These are nearly universal and the rare NDA without all four exclusions is a negotiation red flag.

Term length. The duration during which the receiving party must keep the information confidential. Typical commercial NDAs run 2–5 years for general confidential info and indefinite (sometimes phrased as "until the information is no longer a trade secret") for trade secrets. Term length over 5 years for general confidential information is unusual and worth pushing back on; trade-secret indefinite is standard.

Permitted uses. The clause restricting how the receiving party may use the disclosed information. Almost always restricted to the specific transaction or purpose for which the disclosure was made. A consultant who signs an NDA "for purposes of evaluating a potential engagement" cannot use the disclosed information to evaluate other prospects' engagements.

Return or destruction obligation. What happens at the end of the relationship. Standard practice: receiving party returns or certifies destruction of all confidential materials within 30 days of termination or written request. Some NDAs allow the receiving party to retain one archival copy in their legal records (a "litigation hold" carve-out).

Governing law and jurisdiction. Which state's law governs and where disputes are litigated. This matters more than parties usually think. California courts apply Bus & Prof Code §16600 which voids most non-compete and non-solicitation clauses; New York courts apply a more permissive standard. Picking the governing law is effectively picking which state's overlay rules apply to the agreement.

Picking the right NDA shape comes down to actual information flow, not the form the bigger party hands you. Statutory backdrops differ by state — California's Bus & Prof Code §16600 voids most non-compete clauses regardless of governing-law choice; the federal Defend Trade Secrets Act (18 USC §1836) overlays trade-secret protection on top of any state NDA.

Step-by-Step Using ScoutMyTool

The non-disclosure agreement template generates either a mutual or one-way NDA based on the option selected, with state-specific governing-law clauses and the standard six-clause structure. Customize the parties, the definition of confidential information (marked-as-confidential vs deemed confidential), the term length, and any specific permitted uses, then sign.

For NDAs that need to be embedded in a larger contract (employment, contractor engagement), use the relevant primary contract template — independent contractor agreement usually includes a confidentiality clause that obviates the need for a separate NDA. For one-time disclosure protection (single meeting, single document share), the standalone NDA is the right tool. For long-term relationships, embedded confidentiality in the primary contract is cleaner.

After signing, the PDF redaction tool handles any subsequent need to share a redacted version with third parties (e.g., showing potential investors a redacted NDA-protected term sheet).

Worked Examples

Example 1 — Solo consultant pitching to Fortune 500. A management consultant is preparing to pitch a methodology to a F500 procurement team. Information flow: consultant → F500 (methodology details, pricing, references). F500 → consultant (mostly listening; will share scope of interest after the pitch). Right NDA: one-way, with the consultant as the disclosing party, F500 as the receiving party. Term: 3 years. Permitted use: "evaluating a potential engagement with the consultant." Governing law: California (consultant is CA-based; the §16600 protection limits any non-solicitation clause F500 procurement might add). What if F500 procurement insists on mutual? Either accept and read carefully (mutual binds the consultant to keep F500's responses confidential, including any feedback that might be useful in future pitches), or push back and explain why one-way fits the transaction.

Example 2 — Two startups exploring acquisition. Acquirer and target are in early conversations. Each will share financials, customer lists, employee data, technology details. Right NDA: mutual, 5-year term, deemed-confidential definition (anything a reasonable person would understand to be confidential), specific permitted use of "evaluating a potential acquisition transaction." Governing law: usually Delaware (where most acquisitions are structured), with carve-out for the residency of the smaller party if the deal doesn't close. Both parties should review the return/destruction clause carefully — at deal break, neither party wants the other retaining the diligence materials.

Example 3 — Vendor-customer with reciprocal pricing sensitivity. A B2B SaaS vendor is closing a 7-figure deal with a regulated financial institution. Vendor will disclose pricing, security architecture, roadmap. Customer will disclose internal security requirements, regulatory constraints, integration architecture. Right NDA: mutual, 5-year term, marked-as-confidential definition (both parties will explicitly mark confidential disclosures), governing law of the customer's jurisdiction (typical for regulated industries). Trade-secret carve-out: indefinite confidentiality on items specifically marked as trade secrets, mostly to protect customer's security architecture.

Example 4 — Contractor with prior similar engagements. A contractor hired by Company A for development work previously did similar work for Company B. Company A's NDA includes broad "any information learned during the engagement" confidentiality, which could be read to prevent the contractor from doing similar work for Company C. Solution: negotiate a residual-knowledge clause carving out information retained in unaided memory (general skills, methodology, industry knowledge) from the confidentiality scope. Residual-knowledge clauses are well-precedented in tech contractor agreements per USPTO trade-secret guidance.

Common Pitfalls

The biggest pitfall is using a corporate procurement template without reading it. Large companies write their NDAs to favor themselves — broad definition of confidential information, long term, narrow permitted use. The smaller party often signs without realizing how restrictive the agreement is for their future business activity.

The second is overly broad confidentiality definitions. "Any information disclosed by either party" is too broad — it covers information already publicly available, already known to the receiving party, etc. Always check that the four standard exclusions are present (publicly available, prior knowledge, independent development, third-party disclosure). An NDA without those exclusions has been deliberately drafted to be over-restrictive.

The third is overly long terms. A 10-year NDA on general business information is unusual and probably unenforceable. Most jurisdictions will refuse to enforce a confidentiality term longer than the underlying business value of the information. Push back on terms over 5 years for general business information; trade secrets are different and indefinite is standard.

The fourth is missing the residual-knowledge clause for technical contractors. Without it, a contractor who learns "Company A uses a microservices architecture with PostgreSQL backends" might be technically prohibited from saying "I've worked with microservices and PostgreSQL" on their resume. Residual-knowledge clauses prevent this absurdity by carving out general skills from the confidentiality scope.

The fifth is non-compete bundling. Some NDAs bundle a non-compete or non-solicitation clause inside the NDA. In California, §16600 voids almost all non-competes regardless of context, so a CA-governing-law NDA with a bundled non-compete is partially unenforceable on its face. In other states, bundled non-competes get scrutiny under reasonableness standards. Always read the full NDA, not just the obvious confidentiality clauses.

Frequently Asked Questions

Q: Should I use a mutual or one-way NDA for a vendor pitch? A: One-way NDA, with the vendor as the disclosing party and the prospect as the receiving party. The vendor is the one disclosing confidential information (pricing, technology, roadmap); the prospect is mostly listening. A mutual NDA in this context binds the prospect to keep the vendor's information confidential AND binds the vendor to keep the prospect's responses confidential — which is rarely what either party actually intends.

Q: How long should an NDA last? A: 2–5 years for general confidential business information. Indefinite (or "until the information is no longer a trade secret") for actual trade secrets. Terms over 5 years for general business information are unusual and may face enforceability challenges in some jurisdictions. The USPTO trade-secret guidance specifically addresses the distinction between fixed-term confidentiality and indefinite trade-secret protection.

Q: Are NDAs enforceable in California? A: Yes for confidentiality, but Bus & Prof Code §16600 voids most non-compete and non-solicitation clauses. An NDA in California can require confidentiality but cannot prevent the receiving party from working in the same field or from soliciting clients/employees. Out-of-state NDAs that try to invoke non-California governing law to evade §16600 are generally not enforceable when the dispute is litigated in California.

Q: Does an NDA need to be notarized? A: No. NDAs are valid contracts once signed by both parties. Notarization is not required for enforceability in any US jurisdiction. Some parties notarize for evidentiary value, but it's unnecessary in routine NDA practice.

Q: Can an NDA be enforced against an employee after they leave? A: The confidentiality obligations survive termination of employment. The receiving party — including former employees — remains bound by the NDA for the term length specified. Trade-secret obligations are typically indefinite. Per the Defend Trade Secrets Act §1836, federal trade-secret protection is available alongside state-law NDA enforcement.

Q: What if the other party breaches the NDA? A: Standard NDA remedies include monetary damages, injunctive relief (court order to stop using the disclosed information), and recovery of attorney's fees if the NDA includes a fee-shifting clause. Trade-secret violations can also trigger DTSA federal claims with treble damages for willful breach. The practical challenge is proving the breach — if the receiving party uses the information without leaving paper-trail evidence, enforcement is difficult.

Q: Can I modify a template NDA before signing? A: Yes — and you should. Templates are starting points, not final documents. Common modifications: shorten the term length, add residual-knowledge carve-outs (especially for contractors and consultants), specify the four standard exclusions explicitly if missing, change governing law to a jurisdiction favorable to your position, narrow the definition of "confidential information" if it's overly broad. Send red-lined versions back to the counterparty rather than signing as-is.

Wrapping Up

NDAs are not generic templates — the choice between mutual and one-way depends on which party is actually disclosing what, and the term, definition, and governing-law clauses should follow that choice. Use the NDA template generator to start with a state-specific, well-structured agreement, customize the parties and term length to your transaction, and always read the four standard exclusions before signing. For ongoing relationships where confidentiality is one piece of a larger agreement, embed the confidentiality clause in the primary contract — like the independent contractor agreement template — rather than maintaining a separate NDA. Five minutes of careful review at signing prevents the kind of "wait, I signed that?" surprise that turns routine deals into multi-year confidentiality exposures. This article is general legal-information, not legal advice; consult a licensed attorney before signing any NDA that materially affects your business.