As a CTO or Head of Software Development, understanding the dynamics and best practices of an NDA is crucial to protecting your organization from potential disclosures of trade secrets.
An NDA is a commonly executed agreement between companies and outsourcing companies or software developers, which ensures that very confidential information disclosed during the software development process does not fall into the hands of the wrong persons. It also ensures that the recipients of the information do not disclose it to third parties.
In this article, we discuss the types of NDA agreements, the key terms of a software development NDA, and the top five questions you should ask about an NDA before signing it.
Deliver your web app
in weeks not months
NDA stands for a non-disclosure agreement. This agreement ensures that when you share proprietary information (such as ideas, trade secrets, terms and conditions of your contract) with another company and their personnel, they will have an obligation to keep it a secret.
An NDA can be used by several parties and for different purposes. In terms of software development, a non-disclosure agreement is usually signed between a company (the client) and an outsourcing company or software developer (the service provider) before they enter into a business relationship.
It identifies the confidential information being shared by the client or service provider and requires the other party to keep the information confidential throughout the software development process and, at least for some time beyond that. A good NDA also restricts the use of the ideas and information to a specific permitted purpose, such as software development. And if they disclose such information or use it for other purposes, you can seek legal recourse or even demand some compensation from them.
An NDA may be unilateral, mutual, or multilateral.
There are several instances when you should sign an NDA, such as when entering into a business deal, starting a new project, or disclosing a project to potential investors. However, in respect of software development, when to sign an NDA, among other software project documents, is surrounded by controversy.
Generally, you should sign an NDA before sharing any proprietary information with the software outsourcing company, your software developer, or any third party. Such instances include when:
Here are a few reasons to sign an NDA before sharing any confidential information with third parties:
However, you are not always required to sign an NDA. For instance, if you hire a software development company to create a publicly available website, having an NDA signed prior to the website's creation will only slow down the process. If your project does not require the sharing of any confidential information, an NDA may also be unnecessary. A simple non-disclosure clause combined with a few other provisions in the Service Agreement will suffice to protect you.
At Softkraft, we work with international clients and fully understand your desire to safeguard your critical business information.
We offer NDA templates for the clients to choose or review and sign NDAs proposed by our prospects before building software for them. Feel free to review a free sample NDA clause you can find here and here.
An NDA may be customized or drafted in several ways. However, there are key components that must be included in every NDA. We will now discuss the key clauses/provisions which are included in typical NDAs.
The parties to an NDA will depend on the type of the NDA. In a unilateral or mutual agreement, the parties are the Disclosing Party and the Recipient. Bear in mind that if the Recipient would need to disclose your personal information with their associated firms, partners, or agents, then you would need to extend the scope of the parties to the NDA to cover them. The NDA could also place an obligation on the Recipient to not only directly protect your confidential information but also ensure that their employees or other third parties they are likely to engage for the purpose of your project also protect your information.
In software development, an NDA should be signed not only by the software developers but also by anybody who has access to the source code, designs, product documentation, or other confidential information. That includes product managers, designers, QAs, and DevOps engineers. It is advisable to sign this agreement with your internal staff as well.
Source
This section of NDA for software development specifies the types of information that are considered confidential. Does it include written and oral information? On what conditions? It also identifies the type of information that will not be deemed confidential.
As the Disclosing party, you should make this definition as broad as possible to cover all types and forms of information and to prevent the Recipient party from using any loopholes.
Source
This section is the main content of your NDA. It consists of two types of obligations on the Recipient:
Source
This section of an NDA for software development usually covers the Recipient’s obligation to maintain the confidentiality of the shared information and restrict its use. Restrictions might include, for example:
Source
Your NDA for software development will be weak unless you specify the implications of a possible breach by any of the parties. A breach could lead to legal liability, monetary damage, loss of professional reputation, or a stop-work injunction from a court.
Typically, in case of damage, the Disclosing party would seek financial compensation – often a fixed amount set by the contract. Some include attorneys’ fees and court costs which can be collected from the breaching party if the claimant wins the case. It’s a good idea to avoid grossly unrealistic penalties as you may alienate some excellent providers or end up signing the NDA with ignorant or very desperate vendors.
Additionally, you may consider including alternative methods of dispute resolution (ADR). ADR that allows settling legal disputes out of court is classified into three types:
ADR is a more efficient means of resolving disputes than litigation, a public proceeding, from a business perspective. ADR ensures the confidentiality of your sensitive information. All being said, ensure contractually that any third parties to be involved in the ADR procedure, as well as the procedure itself, is conducted in your location.
Source
It is necessary to ensure that the applicable law governing the contract is specified in the contract and the court, which shall have jurisdiction in case of any dispute. It is more convenient for the court to be within your location. However, you can also choose a neutral location.
Where ADR is the means of resolving disputes under the contract, the procedure and location should be specified in the contract.
By now, you’ve pretty much learned everything there is to know about an NDA for software development. Of course, you likely still have several questions running through your mind. To ensure we don’t leave any information behind, we’ll answer some of those questions below!
Having discussed the parties to an NDA and the importance of signing one, you’ll want to ensure that you sign the NDA with the right person or entity. Also, because there will most likely be a diverse group of people working on the project, you'll want to ensure everyone is on the same page.
Below is a rundown of who should sign a non-disclosure agreement, especially if they'll be exposed to private, confidential, or sensitive information:
Note that this list is not exhaustive. You’ll want to sign an NDA with any third party that will have access to your most sensitive information. The nature of each project will determine who will come in contact with your confidential information throughout the software development process.
A breach of an NDA is a breach of contract. While it’s not a crime, it is a civil wrong. The breaching party could be sued by the other party and face financial damages based on the provisions of the law governing the contract or be exposed to any other penalties stated in the original NDA.
The parties may also attempt to settle the issue amicably, for example, by resorting to an ADR (even if it is not stipulated in the NDA). This sometimes may not suffice and require the wronged party to pursue a claim in court.
There is no fixed time frame for an NDA. Every NDA is unique and will have its time frame or duration, depending on the nature of confidential information being disclosed under the agreement. Nevertheless, a time frame between 1-10 years is standard, with 2-3 years being the most common in software development.
If you’re the disclosing party, you’ll want a longer duration. On the other hand, the receiving party will want a shorter time frame. This is because the longer the period, the greater the risk of a breach by the receiving party. The time frame of each NDA will be negotiated between the parties.
The NDA might attempt to specify the cost of a breach to the party in breach. In other words, it would then state the amount of money the party in breach will be liable to pay to the other party. This sum of money is known as damages and should be realistic; otherwise, it’ll be difficult to enforce. An NDA may also specify the cost of different breach levels, such as an attempted breach or a continuing breach.
As stated above, the NDA should clearly define the scope of confidential information. For example, it may define confidential information as “any and all information having to do with Project X, including technology, software processes, internal project structure, and team composition.”
A clear definition helps to identify when there has been a breach and avoid ambiguity. Therefore, you should avoid an NDA that includes a broad or vague definition such as “any and all potentially sensitive data”.
Now that you know why you need to sign an NDA and when to sign one, you should pay close attention to the critical components of a software development NDA whenever the need to sign one arises. It may also be important to negotiate some of the terms of the NDA and ask essential questions before putting pen to paper. Also, ensure that the means of resolving disputes is clearly stated and the cost of a breach is calculated to reflect the cost to your organization. Finally, ensure the parties and terms are clearly stated.
Softkraft understands the intricacies of an NDA and the obligation to protect your confidential information. Therefore, you can rest assured that we will treat your information with the highest level of professionalism throughout the software development process.
Author Tomasz Bąk Product Manager