Non-disclosure agreement (NDA) for a software development companies

To protect trade secrets companies use all possible tools to prevent outsiders from accessing them. For example, Tesla regularly sues employees for disclosure of confidential information. Over the past 4 years, the American manufacturer of electric vehicles has launched 4 public proceedings against its employees. The company has strong arguments to defend its position, thanks to the signing of the NDA. The signing of that document allows companies to protect themselves from the disclosure of strategically important information, remain competitive, and grow their business.

It is equally important to sign the NDA both for companies with large capitalization and for businesses that have just started. In this article, our IT lawyers describe how to draw up an agreement and avoid mistakes.

What is a Non Disclosure Agreement, and why is it needed?

A non-disclosure agreement is a document that protects a business against disclosure of confidential information by team members, contractors, and clients. Signing the NDA is a crucial part of employment. For example, an employee may accept a competitor's job offer, and without an NDA, there would be a risk of disclosing trade secrets. Tesla faced such a problem when a former employee handed over logistics documents to a new employer, Zoox, and breached their NDA. The litigation ended with a settlement agreement, where the parties agreed that Zoox would pay compensation to Tesla.

Cases on NDA violation rarely reach court, more often the document plays a preventive role and serves as a warning to the employee against disclosing trade secrets. These agreements help shape corporate culture and attitudes toward confidential information.

Is it better to add an NDA as a contract clause or sign a separate agreement?

The NDA may be a part of a contract or a separate agreement. We advise including a particular clause in the main contract that will protect your privacy and set out detailed aspects in a separate agreement.

Let's take a look at an example. A company signs a software development contract with IT specialists, who are independent contractors. The software development contract will contain clauses requiring independent contractors to observe the general confidentiality rules, while more specific details such as the list of confidential information, methods of transfer and storage, and tools for proving violations will be described in a separate NDA.

The practice of American courts clearly shows that, next to NDA restrictions, there are often other restrictions including non-competition agreements (NCA) and non-solicitation agreements (NSA). All of these can be united in a single document, or executed separately.

How to write an NDA and what to include in it?

Here is a list of clauses that should be in every agreement.

• A definition and list of confidential information.(The scope of confidential information)
• A list of information that is not considered confidential and disclosure or use of it will not harm the company.
• Scenarios of lawful information disclosure. For example, by parties’ permission or at the state authorities request.
• Methods of information transfer, such as e-mail, messengers, task-managers, repositories.
• Penalties for breach of agreement and duty to compensate damages.
• A list of types of evidence which can be used to prove violations.
• A jurisdiction to solve disputes.

Let's talk about each of the clauses in more detail.

The scope of confidential information

Confidential information is protected information that is not known to the general public. It includes personal data, trade secrets, know-how, customer databases and other data.

Stalirov&Co lawyers drafted the NDA for international software development company Artkai. To implement confidentiality protections, lawyers created the following list of information:

• Business owners’ plans, such as opening new companies and entering new markets
• Information about marketing and promotion of services, including the company's market policy
• Database of clients and their contacts, lists of contractors, suppliers, and partners with whom the company works
• Project budgets and employees salaries
• Correspondence and mailing
• Information about the developed IT products, software code, terms of reference and specifications
• Drawings, templates, plans, and formulas
• Methodology and techniques
• Presentations, diagrams, and illustrations

When determining the scope of confidential information in an agreement, we advise avoiding standard, general language. You can find sample contracts on the Internet, but it is worth remembering that every case is unique, so clauses need to be customized.

The list of confidential information in the document must relate to the business processes in the company and the team. But don't limit the list. To do this, add a disclaimer stating that the list of confidential information is non-exhaustive. Such a clause will be helpful if it turns out that not all confidential information is mentioned in the NDA.

Taking the NDA lightly leads to financial loss and disappointment, as happened in the series “The Billion Dollar Code” by Netflix, which is based on a real court case. It is a story about two geniuses, Carsten Schlüter and Juri Müller. The case shows how important it is to enter into an NDA and describe the scope of confidential information. Carsten and Juri developed Terra Vision, software for a virtual rendering of the world using satellite imagery and architectural data. To attract investment, the developers turned to Google. They disclosed features, algorithms, and business plans and showed a product prototype. But instead of financing, Google stole the idea and introduced a similar software to the world - Google Earth. Today this product is called Google Maps.

It would have been possible to avoid this situation if the developers had signed the NDA before sharing information with Google representatives. The list of confidential data should have included information about free navigation through the data warehouse, a quadtree as a map layout, a floating coordinate system, and an address in memory. But the developers didn’t sign the NDA, so they lost the rights to the technology and the opportunity to earn millions of dollars a year.

What information is not considered confidential?

The NDA should include a list of data that can be disclosed. These are:

• Well-known information (for example, industry-standard information).
• Information that is already known to the party before signing the agreement.
• Information that may be disclosed after the owner of the confidential information gives consent.

What kind of disclosure is considered legal?

Although the information is confidential, there are situations when it can be disclosed. For example:

• Disclosure of data that is not directly indicated and not listed in the agreement.
• To provide additional services and transfer information to accountants, auditors, lawyers and other consultants.
• With the written consent of the confidential information owners.
• At the government authorities' request. It is worth adding to the NDA about the disclosure procedure in case of a request from a government agency. In that instance a party to an agreement receives a request, it notifies the other party and does so before it sends a response.

When creating new products, a software development company creates a portfolio, because it is crucial to show potential clients your work experience. You can add the work results to the portfolio only with the permission of the client for whom the product was created. If you obtain written consent, the disclosure of information about the project will be legal.

Methods of information transfer

Every NDA must outline methods for transferring confidential information. The list of communication tools must be specific to your company’s processes. For example:

• email;
• messengers: Whatsapp, Telegram, Slack;
• cloud data storage;
• web services for hosting IT projects and their joint development;
• remote conferencing programs: Skype, ZOOM, Google meet;
• task managers: Trello, Asana, Jira;
• providing access to databases, repositories, and libraries.

Fines for a breach of agreement and obligation to compensate 

The fine must be commensurate with the damage and the amount of the fine must be justified. The Stalirov&Co team often encounters agreements that set unreasonable fines and sanctions. However, there must be a logical connection between the violation and the fine, so that in every case the amount of the fine is logically connected to the damage.

How can you prove violations and calculate damages?

As evidence of the amount of damage, we suggest using:

• Financial auditor's reports.
• Conclusions by experts which help to establish evidence of copyright infringement and intellectual property theft.
• Conclusions by independent IT specialists. For example, a game developer was hired by a competing company. An IT specialist concluded that a competitor's game uses a feature developed by your company when the developer was working on your project. Such a conclusion will help prove that the development was stolen.
• Witnesses testimonies on disclosure.
• Written evidence: non-disclosure agreement; digital platforms that generate and transmit confidential information, such as Jira, Asana, Confluence.
• Audio and video recordings that show unauthorized disclosure.
• Electronic evidence, for example business correspondence via email or messengers; voice messages; screenshots; publications in social networks; information from websites or mobile applications, cloud storage and others.

Oral arguments alone are not enough to prove disclosure of confidential information. It is crucial to substantiate that the agreement has been violated, through the collection of evidence, and that the amount you want to recover is commensurate with the damage.     

What is considered an NDA violation?

The document text should contain a list of actions considered a confidentiality violation, for example non-compliance with the company's rules on the storage and transfer of confidential information, transfer of information to competitors, posting data in open sources, poaching employees, or creating competing products.

As you can see in the cases of Sirona Dental Systems and Tesla, employees performed different actions, but both of them are considered a violation of the NDA.

In addition, the violation of confidentiality can lead to criminal proceedings, and these actions can be classified as fraud. For example, the Office of the United States Attorney charged Ishan Wahi, a former product manager at Coinbase, with revealing confidential information about new cryptocurrency asset listings.

Ishan Wahi was a member of a channel for Coinbase employees who participated in the asset listing process. Here, staff discussed the new listings of digital assets, including the timing and dates of the announcement. Due to the popularity of exchanges, cryptocurrencies often rise in value after Coinbase announces their listing. Traders call this the "Coinbase effect." Therefore, the exchange prohibits employees from distributing any non-public information. According to Nasdaq media, Ishan was transmitting to his brother and friend information regarding at least 25 cryptocurrencies that Coinbase planned to list. Based on this information, they purchased digital assets through anonymous crypto wallets. In total, their actions generated approximately $1.5 million in profits. Ishan Wahi attempted to flee the US but was arrested before he could board a flight to India. He faces up to 20 years in prison.

Where will the dispute be adjudicated and why do you need to determine jurisdiction before you draft an NDA?

The contract will determine where the parties file their lawsuit should a dispute arise. 

Each country has local laws that govern the signing of an NDA. So, depending on the law in your jurisdiction, certain clauses may not be included in your document. For example, if you choose the jurisdiction of Washington, then you should know that the Silenced No More Act has been in effect in this state since June 2022. The law allows employees to disclose any facts of discrimination and violation of rights. It includes speaking freely about illegal recruitment practices and work conditions violations.

Similar laws have been passed in California, Maine, Oregon, and Hawaii. In addition, this practice extends beyond the United States. In May 2022, the province of PEI in Canada passed a similar law.

In January 2022, a court in California made the first decision based on the Silenced No More act. The court ruled that Google’s NDA was too broad and violated labor laws. Namely, Google prohibited employees from discussing past experiences in interviews with potential employers.

The choice of jurisdiction depends on some factors, such as physical presence and business dealings of a company. Moreover, your lawyers must check if the law in the exact jurisdiction is suitable and  auspicious to your business. 

IT lawyers' recommendations

The provisions of the NDA, which we have described in this article, will reduce the risk of confidential information disclosure and help protect the business from financial losses and conflicts. Below you will find final tips to help make your NDA even more effective.

• Focus on the IT product, which your company works on, when defining the concept of confidential information in the NDA.
• Provide the right to publish project results in portfolios and remember that it is important to describe the information that is acceptable to use in press releases.
• Make sure the NDA with the team includes the requirement not to disclose clients' confidential information.
• Choose a jurisdiction where the law is suitable.