Commercial agreements

NDA Playbook: Preferred, Fallback, and Walk-Away Positions for In-House Counsel

Also known as: non-disclosure agreement playbook, confidentiality agreement playbook

ByArshita Anand

A supplier sends over a one-way NDA the afternoon before a product demo. It reads like boilerplate, so it is tempting to sign and move on. Then you notice three things: it binds only you, it protects the supplier's information forever, and it slips an indemnity into paragraph nine. That is a normal day for an in-house reviewer, and it is why you want positions decided in advance rather than argued under a deadline.

This playbook gives you a set position for each term in a non-disclosure agreement, written from the seat of the in-house team reviewing the other side's paper. For every clause that matters you get what to ask for first, what you can live with, the order you give ground in, and the floor where you escalate. It is general information for the in-house reviewer, not legal advice for a specific deal, so calibrate to your risk and the value of what you are about to disclose.

For the plain-English explainer, see what an NDA is; this page is the negotiation positions. For how to triage a stack of NDAs quickly, see NDA triage, and for the template version see the AI-enforced NDA playbook and template.

TL;DR

  • Insist on mutual whenever you are also disclosing. A one-way NDA drafted against you is the single most common trap in counterparty paper.
  • Split the term. Ordinary confidential information gets a fixed duty (two to five years); trade secrets stay protected for as long as they remain secret.
  • The residuals clause is the one to refuse. Drafted broadly it lets the other side keep using what your information taught them and call it no breach.
  • Keep the purpose narrow. "Solely to evaluate a potential transaction between the parties" is the leash; "to explore a business relationship" is not.
  • Compelled disclosure should require prompt notice and cooperation on a protective order, never a flat promise to refuse a subpoena you cannot keep.
  • Deal-breakers to escalate on sight: perpetual confidentiality on ordinary information, broad residuals, a one-way NDA when you also disclose, a non-compete hiding inside the NDA, and any indemnity dropped into an NDA.

How to use this playbook

Each clause below is scored the same way, so you can move fast without re-deriving your position every time.

  • Preferred position is what you ask for first and what you mark counterparty paper up to.
  • Acceptable range is what you can sign without pulling in a senior reviewer.
  • Fallback ladder is the ordered set of concessions, best first, so you give ground on purpose rather than by accident.
  • Walk-away is the floor. At or below it you escalate or refuse; you do not quietly accept it to close the deal.
  • Escalation trigger is the specific language that must go to a senior reviewer no matter how the rest of the deal looks.

Vaquill AI can apply these positions for you across contract review, NDA triage, and drafting: it marks counterparty paper up to your preferred position, flags anything past an escalation trigger, and auto-escalates any clause at or below a deal-breaker. More on that near the end; the point of the model here is that the positions stay yours.

Playbook at a glance: NDA negotiation positions

These are the NDA playbook negotiation positions in one view: your preferred position and your walk-away for each clause. The sections under the table give the full ladder, escalation triggers, and sample language.

In a five-minute review, check these five first: is it mutual, how long does confidentiality survive, is there a residuals clause, how narrow is the purpose, and what happens on compelled disclosure. Those five decide most of the risk; the rest is cleanup.

ClausePreferredWalk-away
Mutual vs one-wayMutualOne-way against you when you also disclose
Definition of Confidential InformationBroad catch-all, no marking requirementMarking required with no cure window for oral disclosures
ExclusionsAll five standard exclusionsFewer than five, or exclusions the recipient must prove impossibly
Permitted use / purposeSingle narrow purposeAny-purpose or vague "business relationship" license
Term and survivalSplit: fixed term plus trade-secret carve-outPerpetual duty on ordinary information
ResidualsNo residuals clauseBroad residuals with no trade-secret carve-out
Return or destructionReturn or certified destruction on requestNo obligation to return or destroy
Remedies / injunctive reliefAcknowledgment of irreparable harmDamages capped or injunctive relief waived
Compelled disclosurePrompt notice plus protective-order cooperationFlat ban that exposes you to contempt
No license / no IP transferExpress "no license granted"Silent, or an implied license to use disclosed material
Governing law and venueYour home state, or neutralA forum that is expensive and hostile to you

Mutual vs one-way

Preferred: A mutual NDA where both sides are Disclosing Party and Receiving Party, so every protection you grant you also receive.

Acceptable range: A one-way NDA in your favor (you are the Disclosing Party only) when only you will share anything sensitive. A one-way NDA against you (you are the Receiving Party only) is acceptable only when you truly receive but disclose nothing, for example when they are pitching and you are only listening.

Fallback ladder: (1) Mutual. (2) One-way in your favor. (3) One-way against you with tight caps on term, purpose, and residuals if, and only if, you truly disclose nothing.

Walk-away: A one-way NDA drafted against you in a deal where you will in fact disclose your own information. You would be bound while they walk free.

Escalation trigger: Any one-way NDA presented for signature where your team expects to share pricing, roadmap, customer data, or source material. Send it up before you sign.

Definition of Confidential Information

Preferred (as Disclosing Party): A broad catch-all: "all information disclosed by or on behalf of the Disclosing Party, in any form, whether or not marked or identified as confidential." No marking requirement.

Acceptable range: A marking requirement paired with a cure window: oral or visual disclosures are protected if confirmed in writing within a set number of days (10 to 30 is common).

Fallback ladder: (1) Broad catch-all, no marking. (2) Catch-all plus a duty to mark where practical. (3) Marking required with a cure window. (4) Marking required for written material only, with a reasonable-person test for oral disclosures.

Walk-away: Marking required with no cure window at all. Someone will forget to stamp a document and you will lose protection on the thing you cared about.

Escalation trigger: A definition that excludes anything the recipient "deems" non-confidential, or that gives the recipient sole discretion over what counts. That inverts the whole clause.

Exclusions

Preferred: The five standard exclusions, drafted so the recipient carries the burden of proof: information that is or becomes public through no fault of the recipient, was already rightfully known to it, is independently developed without use of your information, is rightfully received from a third party with no duty of confidence, or is required to be disclosed by law (handled under Compelled disclosure below).

Acceptable range: The same five, with "independently developed" requiring contemporaneous written evidence rather than an after-the-fact assertion.

Fallback ladder: (1) Five exclusions, recipient bears the burden. (2) Five exclusions, silent on burden. (3) Five exclusions with the independent-development one loosened.

Walk-away: Missing exclusions (which puts the recipient on the hook for information it was free to use), or an "independently developed" carve-out so loose that the recipient can claim it built anything on its own.

Escalation trigger: An "already known" or "independently developed" exclusion with no evidentiary standard at all. That pairing is how a recipient later argues it never needed your information.

Permitted use / purpose limitation

Preferred: A single, narrow, named purpose. Sample language: "The Receiving Party may use Confidential Information solely to evaluate a potential transaction between the parties." The purpose is the leash on every other use.

Acceptable range: A purpose tied to a defined project or evaluation, even if slightly broader, as long as it is bounded and specific.

Fallback ladder: (1) Single named transaction purpose. (2) Purpose covering a defined project and its ordinary follow-on. (3) Purpose covering an ongoing relationship named in the recital.

Walk-away: An any-purpose license, or a purpose so vague ("to explore a possible business relationship") that it authorizes almost any use of what you shared.

Escalation trigger: Any purpose clause that permits use "for the Receiving Party's business purposes" or that lets the recipient use the information to develop competing products.

What actually gets missed: the purpose limit makes every other restriction bite. If the purpose is broad, the marking rules and exclusions barely matter, because the recipient already has permission to use your material. Fix the purpose first.

Term and survival period

There are two clocks: how long the agreement itself runs, and how long the confidentiality duty survives after it ends. Do not let them collapse into one.

Preferred: A split survival term. Ordinary confidential information is protected for a fixed period after disclosure; trade secrets stay protected for as long as they remain trade secrets under applicable law. Under the Defend Trade Secrets Act and the state-law framework based on the Uniform Trade Secrets Act, trade-secret status can last indefinitely as long as the information stays secret. A flat contractual sunset does not erase your statutory trade-secret rights, but it can waive the stronger contractual protection you bargained for. Two to five years is the usual range for ordinary information. How a court treats an open-ended duty on ordinary information is jurisdiction- and fact-dependent, so the safer move is a defined term.

Acceptable range: A fixed term of two to five years for ordinary information, with an express trade-secret carve-out that runs longer.

Sample carve-out: "The confidentiality obligations shall survive for [three] years after termination, except that with respect to trade secrets they shall survive for as long as the information remains a trade secret under applicable law."

Fallback ladder: (1) Split term with an indefinite trade-secret carve-out. (2) Five-year fixed term plus trade-secret carve-out. (3) Three-year fixed term plus carve-out. (4) Two-year fixed term plus carve-out.

Walk-away: A perpetual confidentiality duty on ordinary information (an administrative burden you cannot police), or a flat term that sunsets everything including trade secrets.

Escalation trigger: Any survival clause that caps trade-secret protection at the general term. When the clock runs out, your contract claim expires even though statutory trade-secret remedies may still be available if you kept the information secret, so you lose the stronger, easier contractual path. Read this one alongside the survival clause.

Residuals clause

This is the one to watch. A residuals clause lets the recipient use ideas, know-how, and information retained in the "unaided memory" of its people, "without reference to" your documents. It shows up most often in NDAs from software companies and technical vendors, whose engineers will inevitably see something like your idea again. There are two very different versions. A narrow one covers general skill and experience, the kind of thing an employee carries between jobs anyway. A broad one covers your specific confidential information as long as no one looks at the document. That broad version is nearly impossible to police, because you cannot prove what an engineer did or did not remember, so the recipient can rebuild your material and call it residual memory.

Preferred: No residuals clause. Strike it.

Acceptable range: A narrow residuals clause that expressly excludes trade secrets and grants no license to your patents or copyrights, and that applies only to general skills and experience rather than your specific confidential information.

Sample fallback: "Nothing in this Section grants any license under the Disclosing Party's patents or copyrights, and this Section does not apply to trade secrets or to the intentional memorization of Confidential Information."

Fallback ladder: (1) No residuals. (2) Residuals limited to general skill and experience, trade secrets carved out, no IP license. (3) Residuals with a trade-secret carve-out only.

Walk-away: A broad residuals clause with no trade-secret carve-out, especially in a one-way NDA where you are the discloser. The other side can use what your information taught them and argue no breach.

Escalation trigger: Any residuals language at all when you are the sole or primary discloser. Broad residuals belong on the always-escalate list.

Why this matters in diligence: a broad residuals clause you accepted years ago can surface as a flag when a buyer's counsel asks whether you signed away control of your own know-how, long after the deal it came from is forgotten.

Return or destruction

Preferred: On written request or on termination, the recipient returns or destroys all Confidential Information and copies, and certifies destruction in writing. A reasonable exception for one archival copy kept for legal compliance and for ordinary-course backups is fine, as long as those copies stay subject to the confidentiality duty.

Acceptable range: Return or destruction on request, with certification only if you ask for it.

Fallback ladder: (1) Return or destroy plus certification. (2) Return or destroy on request, no automatic certification. (3) Destroy only, with a compliance-archive carve-out.

Walk-away: No obligation to return or destroy anything. The recipient keeps your material indefinitely with no trigger to give it back.

Escalation trigger: A retention right that lets the recipient keep copies "for any purpose," rather than solely for legal or backup compliance.

Remedies / injunctive relief

Preferred: An acknowledgment that a breach may cause irreparable harm for which money damages are inadequate, so the disclosing party may seek injunctive relief without posting a bond (a court is not bound by such language, but it helps).

Acceptable range: The same acknowledgment with a bond requirement, or without the no-bond language.

Fallback ladder: (1) Irreparable-harm acknowledgment, injunction without bond. (2) Irreparable-harm acknowledgment, bond required. (3) Silent on remedies, leaving both sides to ordinary law.

Walk-away: Any clause that waives injunctive relief or caps damages for a confidentiality breach. Money often cannot fix a leak, and a cap tells the other side the price of breaching.

Escalation trigger: A liability cap or damages waiver that reaches the confidentiality obligations. Read it against your limitation-of-liability position and flag it up.

Compelled disclosure

Preferred: If the recipient is compelled by subpoena, court order, or law to disclose, it must (where legally permitted) give you prompt written notice before disclosing, cooperate with your effort to obtain a protective order, and disclose only the portion legally required.

Acceptable range: Prompt notice and reasonable cooperation, even without the "only the portion required" line.

Fallback ladder: (1) Notice plus protective-order cooperation plus minimum-necessary disclosure. (2) Notice plus cooperation. (3) Notice where legally permitted, no cooperation duty.

Walk-away: A flat ban on any disclosure regardless of legal compulsion. That exposes the recipient to contempt and is unenforceable in practice, so it protects no one.

Escalation trigger: Language that lets the recipient disclose on compulsion with no notice to you at all. You lose the chance to seek protection before your information is out.

No license / no IP transfer

Preferred: Express language that no license or other right in any intellectual property is granted, and that disclosing information is not transferring or assigning any rights in it.

Acceptable range: The same "no license" statement even if it is folded into a general reservation-of-rights sentence.

Fallback ladder: (1) Express no-license clause. (2) General reservation of rights that reaches IP. (3) Silent, relying on the purpose limitation to prevent implied licenses.

Walk-away: An implied or express license to use, copy, or build on the disclosed material beyond the stated purpose. An NDA is meant to protect secrecy, not hand over rights.

Escalation trigger: Any grant of a license, option, or "right to use" the disclosed material. That belongs in a separate agreement, not buried in an NDA. See the assignment clause for how rights are meant to move.

Governing law and venue

Preferred: Your home state's law and your home courts, or a genuinely neutral forum both sides accept.

Acceptable range: A neutral major commercial jurisdiction (for example, the counterparty's home state if it is a reasonable venue), or a split where law and venue are both predictable.

Fallback ladder: (1) Your state, your courts. (2) Neutral state and courts. (3) Counterparty's state if it is a reasonable, low-cost venue for you.

Walk-away: A forum too far or too expensive for your team to litigate in, one that is slow to grant emergency injunctions, or a law whose trade-secret and non-compete rules cut against you. Venue can quietly decide whether you ever enforce the NDA at all.

Escalation trigger: A mandatory arbitration clause with confidentiality-unfriendly rules, or a foreign governing law your team has no way to assess. Read this against the governing-law and dispute-resolution positions in the clause library.

The verdict

An NDA looks like boilerplate, so it gets skimmed, and that is exactly why the traps live there. The five terms that decide whether the agreement is worth anything are mutuality, the split survival term, the residuals clause, the purpose limitation, and compelled disclosure. Get those right and the rest is cleanup.

Two cross-clause moves are worth remembering. Give on notice timing before you give on purpose scope, since a shorter cure window costs you little while a wider purpose costs you the agreement. And never trade a broad residuals clause for a longer survival term, because a broad residuals clause makes the survival term meaningless anyway. The point of a playbook is that you make these calls once, calmly, then apply them the same way to every piece of counterparty paper, instead of re-arguing them under deadline pressure on each deal.

FAQ

What is an NDA playbook? It is a reference that sets your negotiating position for each clause in a non-disclosure agreement before you ever see a specific deal. For every term it records what you ask for first, what you can accept, the order you give ground in, and the floor where you escalate. It lets your team review counterparty NDAs consistently instead of deciding each clause from scratch under deadline.

What should you never accept in an NDA? The recurring deal-breakers are a perpetual confidentiality duty on ordinary information, a broad residuals clause when you are the discloser, a one-way NDA drafted against you in a deal where you also disclose, a non-compete hiding inside confidentiality language, and an indemnity dropped into an NDA. Each belongs on the always-escalate list.

How long should NDA confidentiality last? Use two clocks. For ordinary confidential information, a fixed term of two to five years after disclosure is market standard. For trade secrets, the duty should last as long as the information stays a trade secret, which can be indefinite. A flat term that sunsets everything does not erase your statutory trade-secret rights, but it can end your contract claim and leave you relying on trade-secret law instead of the stronger contractual protection you bargained for.

Should you agree to a residuals clause? As the discloser, prefer to strike it. A residuals clause lets the recipient use what its people remember "without reference to" your documents, which can gut the whole agreement. If you must accept one, keep it narrow: general skill and experience only, trade secrets carved out, and no license to your patents or copyrights.

Is a mutual or one-way NDA better? It depends on who is disclosing. If both sides share sensitive information, a mutual NDA is better because every protection you grant you also receive. A one-way NDA in your favor is fine when only you disclose. A one-way NDA against you is fine only when you truly receive but disclose nothing. A one-way agreement drafted against you in a two-way disclosure is the most common trap in counterparty paper.

What makes an NDA unenforceable? Enforceability depends on state law, scope, duration, the type of information, and whether the clause functions as a restraint on trade, so there is no single rule. Courts are more likely to push back on a duty that is very broad or indefinite for ordinary information, a purpose or scope that operates as a hidden non-compete, a flat ban on disclosure that ignores legal compulsion like a subpoena, and definitions so vague that a court cannot tell what was actually protected. The governing law and venue you agreed to shape all of it.

Can AI enforce an NDA playbook? It can apply one. Once your positions are written down, software can mark up counterparty paper to your preferred wording, flag anything past an escalation trigger, and route any clause at or below a deal-breaker to a senior reviewer. Vaquill AI does this across review, triage, and drafting. The judgment behind the positions still comes from your team; the value of the tool is that it applies those positions the same way on every document, including the boilerplate that usually gets skimmed.

For the rest of the workbench, see the playbooks hub and the confidentiality clause reference.

Stop enforcing your playbook by hand.
Load your positions into Vaquill AI and it marks up counterparty paper to your preferred position, flags anything past your escalation triggers, and drafts the fallback. Privilege-architected. 7-day free trial.
19 min read
Arshita Anand

Arshita Anand

Co-Founder & CEO · Attorney

Arshita leads product and strategy at Vaquill, building the legal AI suite that solo, small-firm, and in-house US lawyers use to run a matter end to end.

Review contracts, check compliance, and draft, all in one workbench.

Vaquill AI is the legal AI suite for in-house counsel and GCs. Load your playbook once and enforce it on every contract. Privilege-architected. 7-day free trial.