A prospect's legal team sends over their standard NDA the day before your first technical deep-dive, and you sign it in five minutes so the call doesn't slip. Most founders do this every time, and most enterprise NDAs are fine to sign as-is. The ones that aren't fine cost you far more than five minutes, usually months later, in a way that has nothing to do with the deal you signed it for.
Here's the checklist to run in the two minutes before you sign, and the one clause that causes almost all of the damage.
Point 1: is it mutual or one-way
A one-way NDA only protects the party who discloses information. If a prospect sends you a one-way NDA before a technical evaluation, they're asking you to protect their information while keeping zero obligation to protect yours, even though you're about to walk them through your architecture, your pricing logic, and possibly your source code. That's a reasonable structure for an investor pitch. It's the wrong structure for a sales evaluation where information flows both directions.
Ask for mutual. Most enterprise legal teams will swap the template without pushback, because mutual is genuinely the standard for B2B evaluations and they know it. If they push back, that's worth noting as a signal on its own.
Point 2: how is Confidential Information defined
Two versions of this clause exist, and they read almost identically to a non-lawyer. The narrow version defines Confidential Information as material marked confidential in writing, or identified as confidential within a set number of days of an oral disclosure. The broad version defines it as anything disclosed in connection with the discussion, full stop, no marking required.
The broad version is the one that creates problems. It means an offhand comment on a call, a Slack message, or a whiteboard sketch during a working session all count as confidential, whether or not either side meant it that way. Push for the marking requirement, or at minimum a written confirmation window, so both sides have a clear record of what's actually covered.
Point 3: the residuals clause, the one everyone misses
This is the clause that does the most damage and gets read the least carefully. A residuals clause says that either party may freely use information retained in the unaided memory of employees who were exposed to it, even after the NDA term ends. It sounds harmless. In practice, it means a prospect's engineering team can sit through your technical deep-dive, walk away, and build something that looks a lot like what they just saw, and your NDA gives them a defense for it: they didn't copy anything, they just remembered it.
Residuals clauses are common in NDAs drafted by larger tech companies, because they protect the party more likely to be accused of using someone else's ideas. If you're the smaller company sharing proprietary technical detail, this clause is written against you specifically, not against some abstract risk.
We'd like to remove the residuals clause in Section [X], or narrow it to exclude our proprietary technical architecture and source code specifically. We're comfortable with a standard mutual confidentiality structure, just not one that lets either side rebuild what they saw from memory.
That's the exact language to send back. It doesn't kill the deal. It names the specific carve-out you need and gives their legal team a narrow, easy edit to make instead of a fight.
Point 4: term length
Two to three years after disclosure is the common enterprise standard for general confidential information. Perpetual terms are reasonable, but only for a narrower category: genuine trade secrets, defined as information that derives value from not being generally known and that you actively take steps to protect. If a prospect's NDA applies a perpetual term to everything discussed rather than just trade secrets, that's worth narrowing down to the two-to-three-year window for the general category.
Point 5: bundled non-solicit and non-compete riders
Some enterprise NDA templates, especially from companies that also run corporate development and M&A scouting out of the same legal team, quietly bundle in a non-solicit clause covering employees, or language restricting who you can talk to in adjacent parts of their business for the term of the agreement. Read the last two pages, not just the confidentiality sections. This is where riders like that live, and they have nothing to do with protecting confidential information.
What we changed after getting burned once
We used to sign whatever NDA showed up in the inbox, on the logic that pushing back on paperwork before a first technical call would make us look difficult. One deal later, after a residuals clause we hadn't read closely enough turned an evaluation call into a much less comfortable conversation about what their team could and couldn't reuse, we built a standard mutual NDA of our own and sent it first, before the prospect's legal team could send theirs.
That single change did more than any individual redline. Sending your own paper first means your version, with the marking requirement and the narrowed residuals language already built in, becomes the starting point for negotiation instead of the thing you're fighting to get to. Most prospects' legal teams will run a quick comparison against their own template and sign if the substance is standard, which it is.
What to do this week
- Pull the last NDA you signed and check it against these five points: mutual structure, marking requirement, residuals clause, term length, and bundled riders.
- Draft one standard mutual NDA with the residuals carve-out already written in, so you're not drafting it under deadline pressure the next time a deal moves fast.
- Send your version first on the next enterprise evaluation, instead of waiting for theirs to land.
That's an afternoon of work that removes the one clause most founders never read closely enough to catch.
Frequently asked questions
What is a residuals clause in an NDA?
A residuals clause allows either party to use information retained in the unaided memory of employees exposed to it, even after the NDA ends, without that counting as a breach of confidentiality. It's common in templates drafted by larger companies and generally favors whichever side is more likely to build something similar to what they saw.
Should a sales evaluation NDA be mutual or one-way?
Mutual. Both sides typically share confidential information during a technical evaluation, and mutual NDAs are the accepted standard for B2B sales and partnership discussions. A one-way NDA in that context usually means only your information is protected.
How long should an NDA term last?
Two to three years after disclosure is the common range for general confidential information. Perpetual terms are reasonable only for narrowly defined trade secrets, not for everything discussed during a sales process.
Does an NDA need to require written confirmation of confidential information?
It's the safer structure. Without a marking or written-confirmation requirement, anything said out loud during a working session can later be argued as confidential, which is harder for either side to track and enforce cleanly.
Is it normal to send your own NDA instead of signing the prospect's?
Yes, and it's usually the faster path. Whoever proposes the first draft sets the anchor for negotiation. A standard, reasonable mutual NDA sent early is more likely to be signed without a redline round than one you're negotiating from a defensive position.
Most enterprise NDAs are boilerplate and fine to sign. The five points above take two minutes to check and catch the ones that aren't. If you're building out the rest of your enterprise contract playbook, that groundwork compounds every deal after the first. If you want a second pair of eyes on a specific NDA, that's the kind of contract review question we help early-stage SaaS founders work through.