NDA Red Flags: 5 Clauses to Catch in Deal Diligence
Deal-diligence NDAs can hide broad definitions, no expiration date, missing exclusions, non-compete language, and one-sided duties. Check these 5 first.
NDAs are supposed to be narrow. You agree not to misuse confidential information. The other side gets comfort that diligence, partnership, or vendor discussions can move forward.
The problem is that many NDAs do more than protect secrets. They define confidential information too broadly, last too long, miss basic exclusions, or hide work restrictions inside confidentiality language.
Here are the five NDA red flags to check before an acquisition conversation, franchise diligence call, vendor discussion, or strategic partnership review.
Quick Answer: NDA Red Flags
The biggest NDA red flags are an overly broad definition of confidential information, no expiration date, missing exclusions, hidden non-compete or non-solicitation language, and one-sided confidentiality duties. If the NDA fails one of these checks, treat it as a negotiation issue before you share deal information.
Quick NDA Red Flags Checklist
Before signing an NDA, check these five clauses first:
| NDA red flag | What to verify before signing |
|---|---|
| Overly broad confidential information | The definition should not cover public information, old knowledge, or everything ever discussed |
| No expiration date | General business information should usually have a defined term, while true trade secrets can last longer |
| Missing exclusions | The NDA should exclude public information, prior knowledge, independent development, and lawful third-party disclosures |
| Hidden non-compete or non-solicitation | Work restrictions should be clearly labeled and negotiated separately from confidentiality |
| One-sided obligations | If both parties share sensitive information, both parties should have confidentiality duties |
If the NDA fails one of these checks, do not treat it as harmless boilerplate. Redline the clause, ask why it is needed, and bring the issue to counsel before relying on the agreement.
1. Overly Broad Definition of "Confidential Information"
This is the single most common red flag and the one that causes the most damage. It usually looks something like this:
"Confidential Information shall mean any and all information, in any form or medium, whether written, oral, electronic, or otherwise, disclosed by the Disclosing Party to the Receiving Party, including but not limited to business plans, financial data, customer lists, marketing strategies, technical specifications, trade secrets, and any other proprietary information of any kind."
Read that "any and all information" opener. Then read "including but not limited to." Then read "any other proprietary information of any kind." This definition covers literally everything the other party has ever communicated to you. The weather at their office. The name of their receptionist. The font on their business card. All of it is now "confidential."
Why this is dangerous: When everything is confidential, you can't prove that anything isn't. If you use a common industry practice that the other party also happens to use, they can claim you learned it from them. If you pitch an idea to another client that remotely resembles something discussed in a meeting, you're exposed. The broader the definition, the larger the target on your back.
What this actually costs: A marketing consultant signed an NDA with a broad confidential information definition before a strategy engagement with a regional bank. Six months later, she pitched a similar social media approach to a credit union -- using strategies she'd been recommending for years before meeting the bank. The bank's legal team sent a cease-and-desist claiming she'd used their "confidential marketing strategy." Defending herself cost $8,500 in legal fees, even though the case had no merit. The NDA's language was broad enough that her attorney couldn't get it dismissed quickly.
What to demand instead: The definition should be specific and bounded. Confidential information should be limited to information that is clearly marked as confidential in writing, or if disclosed orally, identified as confidential within a reasonable window (10-14 days is standard). Push for language like: "Confidential Information means information specifically designated as confidential by the Disclosing Party in writing at the time of disclosure." If they won't narrow the definition, make sure the exclusions clause (Red Flag #3) is airtight.
2. Perpetual or No-Expiration Confidentiality
Most people skim right past the term length. It's usually a single sentence near the end, and it often says something like this:
"The obligations of confidentiality set forth herein shall survive the termination or expiration of this Agreement and shall remain in full force and effect in perpetuity."
In perpetuity. Forever. You are agreeing to keep this information confidential until you die, and depending on the jurisdiction, your estate might be bound after that.
Why this is dangerous: Information has a shelf life. A company's Q3 2026 revenue projections are sensitive today but meaningless by 2028. A product roadmap is confidential before launch and public knowledge after it. A perpetual NDA doesn't distinguish between information that's genuinely sensitive long-term (like a proprietary algorithm or trade secret) and information that becomes stale or public within months. You're carrying the legal obligation of secrecy on information that the disclosing party has probably already forgotten about.
What this actually costs: A buyer signed a perpetual NDA during a stalled acquisition process. Years later, the buyer looked at another company in the same niche. The first seller claimed the buyer still owed confidentiality duties over broad operating information from the old process. The dispute was expensive because the NDA never separated durable trade secrets from stale business information.
What to demand instead: A specific expiration window tied to the type of information. For general business information, 2-3 years from disclosure is standard. For genuine trade secrets (formulas, proprietary algorithms, source code), 5 years is reasonable, and perpetual terms can be justified. The key is that the NDA should distinguish between categories: "Confidential Information other than trade secrets shall be subject to the obligations of this Agreement for a period of three (3) years from the date of disclosure. Trade secrets shall be protected for so long as they qualify as trade secrets under applicable law." That's fair. "Forever on everything" is not.
3. No Exclusions Clause
A well-drafted NDA always includes a section listing what doesn't count as confidential information. These are called exclusions or carve-outs, and they exist to prevent absurd outcomes. Standard exclusions cover:
- Information that was already publicly available at the time of disclosure
- Information that becomes publicly available through no fault of yours
- Information you already knew before signing the NDA
- Information you independently developed without using the other party's data
- Information you received from a third party who had the right to share it
When an NDA has no exclusions clause at all, every single one of those situations becomes a potential lawsuit.
"The Receiving Party acknowledges that all information disclosed by the Disclosing Party constitutes Confidential Information and agrees to maintain its confidentiality without exception."
Why this is dangerous: Without exclusions, the disclosing party can claim confidentiality over information you learned in college, read in a trade publication, or developed through your own independent work. It eliminates your ability to defend yourself with the most basic factual argument: "I already knew that."
What this actually costs: A data analyst signed an NDA with a healthcare company that had no exclusions. During the engagement, the company shared their patient intake workflow, which used a standard industry framework the analyst had implemented at three previous clients. When she later recommended the same framework to another healthcare client, the first company threatened legal action. She had to hire an attorney to document that the framework was industry-standard and predated her engagement. Cost: $3,800 in legal fees for a dispute that would have been impossible if the NDA had included a basic exclusions clause.
What to demand instead: Insist on all five standard exclusions listed above. This is non-negotiable. Any attorney drafting a fair NDA would include them. If the other party pushes back on including exclusions, they may be using a weak template or trying to preserve unnecessary leverage. Either way, do not sign an NDA without exclusions. Add them in a redline and send it back. For acquisition conversations, start with a purpose-built acquisition NDA.
Found an NDA you need to review? Upload it to Inkvex and get every red flag identified in under 3 minutes before you send questions to counsel.
4. Hidden Non-Compete or non-solicitation clause
This is the sneakiest red flag on the list because it doesn't announce itself. There's no heading that says "Non-Compete." Instead, the restriction is woven into the confidentiality obligations or the definition of prohibited conduct. It looks like this:
"The Receiving Party agrees that during the term of this Agreement and for a period of twenty-four (24) months following its termination, the Receiving Party shall not directly or indirectly engage in any business that competes with the Disclosing Party, solicit any of the Disclosing Party's clients, customers, or employees, or provide services to any entity that is a competitor of the Disclosing Party."
That's not an NDA. That's a non-compete and non-solicitation agreement hiding inside an NDA's trench coat. The document is labeled "Non-Disclosure Agreement," so you read it expecting confidentiality terms. Instead, you're signing away your right to work with competitors, approach any of their clients, or hire from their talent pool -- for two years after the relationship ends.
Why this is dangerous: Non-competes and non-solicitations have their own legal standards, enforceability rules, and negotiation norms. When they're embedded in an NDA, they bypass all of that. You don't scrutinize them the same way because you're not expecting them. You might not even notice the clause until a former client's attorney sends you a letter 14 months later telling you to stop working with your current client because they're a "competitor."
What this actually costs: A buyer signed what looked like a standard NDA before reviewing a target. Buried in paragraph 7 was a non-solicitation clause covering employees, customers, vendors, and referral sources for 24 months. That clause changed the buyer's ability to evaluate adjacent targets and created avoidable legal exposure during the search.
What to demand instead: Read every paragraph of the NDA, not just the ones with obvious headings. If you find non-compete or non-solicitation language, call it out explicitly and negotiate it separately. A fair non-solicitation limits the restriction to specific individuals you directly worked with (not entire client rosters or industries). A reasonable duration is 6-12 months, not 24. And if the other party wants a non-compete, that should be a separate, clearly labeled agreement with compensation for the restriction -- not a clause smuggled into a confidentiality agreement.
5. One-Sided Obligations
Mutual NDAs protect both parties. One-sided NDAs protect only the disclosing party. You'd be surprised how many "mutual" NDAs are actually one-sided once you read the operative language.
"The Receiving Party shall hold in strict confidence all Confidential Information of the Disclosing Party and shall not disclose such information to any third party without the prior written consent of the Disclosing Party. The Disclosing Party shall have no obligations of confidentiality with respect to any information received from the Receiving Party."
That second sentence is the gut punch. It says your information -- your proprietary methods, your client data, your pricing, your trade secrets that you might share during the engagement -- gets zero protection. They can share your proposal with their other vendors to get competitive bids. They can discuss your rates with your competitors. They can take your process documentation and hand it to the person they hire to replace you.
Why this is dangerous: In most business relationships, both parties share sensitive information. You share your methodologies, pricing structures, and sometimes proprietary tools or frameworks. If the NDA only runs one direction, you're exposed every time you share something valuable. And because you signed an NDA, you might assume your information is protected when it's not -- creating a false sense of security that's worse than having no NDA at all.
What this actually costs: A consulting firm signed a one-sided NDA with a Fortune 500 prospect during a sales process. During the pitch, they shared their proprietary assessment framework -- a methodology they'd spent three years developing. The prospect passed on the engagement but shared the framework with their internal team, who implemented a version of it. The consulting firm had no legal recourse because the NDA explicitly excluded any obligation to protect the receiving party's information. They estimated the stolen methodology cost them $50,000+ in competitive advantage.
What to demand instead: Make the NDA mutual. Both parties should have identical obligations. If you're sharing any proprietary information -- processes, tools, pricing, methodologies -- during the engagement, your data deserves the same protection as theirs. The fix is simple: replace "Receiving Party" and "Disclosing Party" with "each Party" and apply the same obligations symmetrically. If the other side refuses to make the NDA mutual, ask yourself why they need to be able to share your information freely. The answer is rarely good.
The Pattern Behind the Red Flags
These five red flags share a common thread: they all shift risk onto you while giving the other party maximum flexibility. An overly broad definition means they can claim anything is confidential. A perpetual term means you carry that risk forever. No exclusions means you can't defend yourself. A hidden non-compete means you can't work. One-sided obligations mean they have no skin in the game.
Individually, each flag is a negotiation point. Together, they create a contract that's less about protecting secrets and more about controlling the buyer or counterparty. The worst NDAs contain all five, especially when a larger party sends its own form and expects no redlines.
The thirty-minute fix: Before you sign any NDA, check for all five red flags. Read the definition of confidential information. Look for the term length. Find the exclusions clause (or note that it's missing). Search every paragraph for work restrictions. And verify that the obligations are mutual. If you can clear all five, the NDA is probably fine. If you can't, you know exactly what to negotiate.
For a complete guide to reading NDAs clause by clause, including what's standard and what's negotiable, check out our detailed NDA reading guide.
Frequently Asked Questions
What are the biggest red flags in an NDA?
The five most dangerous NDA red flags are: an overly broad definition of confidential information (covering everything including publicly available information), a perpetual term with no expiration, missing exclusions that leave you unable to defend legitimate disclosures, a hidden non-compete or non-solicitation clause buried inside the confidentiality section, and one-sided obligations that only protect the disclosing party while leaving your information completely exposed.
What is a reasonable NDA duration?
Most commercial NDAs run 1 to 3 years, with trade secrets sometimes protected longer. A 5-year term is aggressive but not uncommon for high-sensitivity deals. "Perpetual" or "unlimited" duration is a clear red flag, it means you carry the obligation forever, even after the information becomes public knowledge. A reasonable NDA matches the duration to how long the information actually needs to stay secret.
Can an NDA include a non-compete clause?
Legally, yes, but it should be a separate, clearly labeled agreement. Hiding non-compete or non-solicitation restrictions inside a confidentiality agreement is a known tactic to get you to sign restrictions you'd reject in a standalone document. Always read every paragraph of an NDA, not just the sections with obvious headings like "Confidentiality" or "Term."
What should I check before signing an NDA?
Check the definition of confidential information, the term length, exclusions, return or destruction obligations, remedies, venue, and any language that restricts future work or client contact. If the NDA is for a high-stakes deal, use the checklist as a first pass and have counsel review the final language.
What is the difference between a mutual NDA and a one-sided NDA?
A mutual NDA imposes identical obligations on both parties, your information and their information receive the same protection. A one-sided NDA only protects the disclosing party. If you share proprietary processes, pricing, or methodologies during an engagement, a one-sided NDA leaves your information completely unprotected. Always push for mutual obligations in any substantive business relationship.
What exclusions should every NDA include?
Standard exclusions cover: information already publicly known at the time of signing, information you already had before the NDA, information disclosed to you independently by a third party with no confidentiality obligation, and information you developed independently without using the other party's disclosures. Without these exclusions, you could technically be in breach for discussing something that is public knowledge. Missing exclusions are a negotiation point, add them.
Every one of these red flags is something Inkvex catches automatically. Upload your NDA, and in under 3 minutes you'll see exactly which clauses are standard, which are aggressive, and which are the kind that cost buyers thousands of dollars. See a real NDA scored 9/10 in our demo to see what the analysis looks like before you upload your own.
Try Inkvex on your next contract
Inkvex reviews contracts for SMB acquirers, franchise buyers, and commercial tenants. Risk score 1 to 10, every red flag with the exact clause quoted, clear explanations, and jurisdiction citations. First analysis free.
Try free or view pricing.
Inkvex provides legal information, not legal advice.
Where this page fits
Use the primary hub for the main workflow, then check the supporting pages that belong to the same diligence lane.
Read the clause guides behind this article
The article explains the situation. These clause guides break down the exact provisions that usually create the leverage, risk, or negotiation pressure inside the contract.
Read the guide, then move into the real workflow, pricing, audience page, and glossary that support the next decision.
This article is for informational purposes only and does not constitute legal advice. For high-stakes agreements, consult a qualified attorney.
Got a contract to review?
Upload it and get full AI contract review in under 3 minutes. Free.
Analyze My Contract