🤝 AI NDA Generator
Standard NDA duration is 2–5 years for business confidential information; trade secrets can have perpetual protection if they remain secret. Generate a complete, personalized Non-Disclosure Agreement tailored to your state's laws — mutual or one-way, with plain-English explanations and risk flags. Free, no account required.
An NDA (Non-Disclosure Agreement) is a legally binding contract that prevents one or both parties from sharing confidential information. LegalStack generates free, state-specific NDAs pre-configured for California's SB 331 restrictions, New York's DTSA requirements, Texas's trade secret laws, and all 50 states — mutual or one-way, with risk flags and plain-English clause explanations. No account required. Standard NDA duration: 2–5 years for business information; trade secrets can be protected indefinitely. Online NDAs are legally binding under the federal E-SIGN Act when signed by all parties.
How NDA Laws Vary by State
Non-Disclosure Agreements are governed by state law in the United States. While most states have adopted the Uniform Trade Secrets Act (UTSA), each has its own statutes, case law, and enforceability standards. The seven states below account for the majority of U.S. business activity — and each has meaningfully different rules you need to know before drafting or signing an NDA.
🏖 California +
Governing statute: California Civil Code §3426 et seq. (California Uniform Trade Secrets Act, or CUTSA). Trade secret protection in California is broad and can theoretically last indefinitely — but courts require the information to have genuine, ongoing commercial value derived from its secrecy.
Non-compete prohibition: California Business & Professions Code §16600 renders non-compete clauses void and unenforceable. Critically, this means an NDA cannot be used as a backdoor non-compete — provisions that effectively prevent someone from working in their field will be struck down by California courts even if they are framed as confidentiality obligations.
SB 331 (2022) restrictions: Senate Bill 331 prohibits NDAs from silencing disclosure of unlawful workplace conduct, including harassment, discrimination, and retaliation. Any NDA clause that purports to block disclosure of such conduct is void in California.
Practical implication: Mutual NDAs are strongly preferred for California companies. Duration of 2–3 years is standard for business confidential information; perpetual protection is appropriate only for genuinely proprietary technical trade secrets. LegalStack's generator applies CUTSA restrictions automatically when you select California.
🗽 New York +
Governing statute: New York adopted the Uniform Trade Secrets Act (Civil Practice Law and Rules §275-b), though New York courts also rely heavily on common law trade secret doctrine developed over decades of case law. Unlike many states, New York has a particularly robust body of case law interpreting what constitutes a protectable trade secret.
Duration: New York courts impose no statutory maximum on NDA duration. Courts apply a reasonableness standard — for ordinary business confidential information, 2–5 years is routinely enforced. Perpetual protection is permissible for true trade secrets but requires the information to retain actual commercial value through continued secrecy.
Practical implication: New York courts will enforce a well-drafted NDA with reasonable scope and duration. The key risk in New York is overbreadth — defining confidential information too broadly, or attempting to restrict information that is already publicly known. New York courts are sophisticated and will not hesitate to void unreasonable provisions.
⭐ Texas +
Governing statute: The Texas Uniform Trade Secrets Act (TUTSA), codified at Texas Civil Practice and Remedies Code §134A, governs trade secret protection in Texas. TUTSA was adopted in 2013 and largely mirrors the federal Defend Trade Secrets Act (DTSA), giving Texas one of the most business-friendly trade secret frameworks in the country.
Enforceability requirements: Texas NDAs are enforceable when they are supported by adequate consideration — meaning something of value must be exchanged between the parties. For employment NDAs, continued employment is sufficient consideration only if the agreement is signed at the start of employment; post-hire NDAs require independent consideration such as a bonus, promotion, or access to additional information.
Practical implication: Duration of 2–5 years is widely accepted by Texas courts. Texas does allow non-compete agreements with NDAs (unlike California), but non-compete clauses must meet additional requirements under the Texas Covenants Not to Compete Act (Tex. Bus. & Com. Code §15.50). LegalStack's generator flags this distinction automatically for Texas users.
🌴 Florida +
Governing statute: Florida's trade secret law is codified in the Florida Uniform Trade Secrets Act (FUTSA), Florida Statutes §688.001–§688.009. Florida is one of the most restrictive states when it comes to trade secret disclosure — it provides both civil remedies and, in egregious cases, criminal penalties for misappropriation.
Enforceability standard: Florida courts enforce NDAs when the restriction is reasonable in three dimensions: scope (what information is covered), duration (how long the obligation lasts), and geographic reach (if applicable). Florida courts are explicitly permitted by statute to reform — or "blue-pencil" — overbroad provisions to make them enforceable rather than voiding the entire agreement.
Practical implication: Florida's blue-pencil rule is a double-edged sword: courts may reform overbroad terms rather than strike the NDA entirely, which means a poorly drafted Florida NDA may be enforced in a modified form the drafter did not intend. Careful, narrow drafting is therefore more important in Florida, not less. Duration of 2–5 years is routinely upheld.
🏙 Illinois +
Governing statute: Illinois adopted the Illinois Trade Secrets Act (ITSA), codified at 765 ILCS 1065/1 et seq. Illinois also has the Uniform Trade Secrets Act as its foundation but has developed a robust body of case law — particularly around employment contexts — that goes beyond the statute itself.
Employee NDAs: Illinois has enacted the Employee Wellness Program Act and related employment statutes that limit how broadly NDAs can be used in employee agreements. More importantly, post-employment NDAs in Illinois require that the employee worked for the employer for at least two years, and the agreement must provide at least 14 days for review and be supported by adequate consideration beyond continued employment.
Practical implication: For vendor, partner, and investor NDAs, Illinois is straightforward — courts enforce reasonable NDAs. For employment NDAs, Illinois's additional procedural requirements mean employers must be careful about timing and consideration. An NDA signed the day before someone starts work faces different enforceability analysis than one signed after two years of employment.
🌲 Washington +
Governing statute: Washington State adopted the Uniform Trade Secrets Act (codified at RCW 19.108), which provides the statutory framework for trade secret protection. Washington courts have consistently enforced non-disclosure agreements protecting legitimate business interests, including customer relationships, pricing strategies, source code, and proprietary methodologies.
Non-compete context: Washington enacted the Washington Noncompete Act (RCW 49.62) in 2020, which significantly restricts non-compete agreements — but does not restrict NDAs. A Washington NDA that focuses on confidentiality obligations, as opposed to restricting competitive activity, remains fully enforceable. Courts distinguish carefully between legitimate trade secret protection and backdoor non-compete restrictions.
Practical implication: In Washington's tech-heavy economy (Microsoft, Amazon, Boeing), NDAs protecting source code, proprietary algorithms, and R&D information are routinely enforced. The key is ensuring the NDA is clearly scoped to confidentiality — not to restricting future employment. LegalStack's generator uses carve-out language that satisfies Washington courts.
🏛 Delaware +
Governing statute: Delaware adopted its own version of the Uniform Trade Secrets Act (6 Del. C. §2001 et seq.) and is generally the most business-favorable jurisdiction in the United States for contract enforcement. Delaware courts — particularly the Court of Chancery — are sophisticated commercial courts that routinely enforce well-drafted NDAs and business agreements.
Why Delaware matters: Approximately 68% of Fortune 500 companies are incorporated in Delaware, which means any NDA involving a Delaware-incorporated counterparty will likely be governed by Delaware law regardless of where the parties operate. The governing law clause in your NDA determines which state's law applies — and most sophisticated corporate counterparties will insist on Delaware law.
Practical implication: Delaware courts will enforce reasonable NDAs with minimal judicial intervention. There is no statutory cap on duration. The Court of Chancery is particularly adept at issuing preliminary injunctions to stop misappropriation quickly — a meaningful enforcement advantage. For any NDA involving a Delaware-incorporated company, selecting Delaware as the governing law typically benefits both parties.
5 Common Mistakes When Drafting an NDA
Most NDA failures aren't about the signature — they're about drafting errors that courts routinely use to void or narrow agreements. These are the five mistakes that appear most frequently in contested NDA cases, and how LegalStack's generator prevents each one.
Defining "confidential information" too broadly
The mistake: Drafting parties often write NDA definitions like "all information shared between the parties, in any form, for any purpose." Courts in California, New York, and most other states refuse to enforce overbroad definitions because they would effectively prevent the receiving party from using their own independently developed knowledge or general business experience.
Real consequence: An overbroad confidential information clause can void the entire NDA — or, in blue-pencil states like Florida, be judicially rewritten in ways the drafter never intended. Courts have consistently held that "all information" definitions are unenforceable.
How LegalStack prevents this: The generator prompts you to specify what categories of information need protection — trade secrets, source code, client lists, financial data — and drafts a targeted definition based on your selections. Specific definitions are both legally stronger and practically narrower.
Missing a governing law clause
The mistake: An NDA without a governing law clause leaves both parties uncertain about which state's law applies when a dispute arises. In a breach-of-NDA lawsuit, a court must first determine which state's law governs before it can evaluate the agreement — and that determination may not favor the party trying to enforce the NDA.
Real consequence: Jurisdiction uncertainty increases litigation costs, creates enforcement delays, and can result in the NDA being interpreted under unfavorable state law. Parties in different states face the worst outcome: a California employee versus a New York employer, for example, may litigate for months just over which state's rules apply.
How LegalStack prevents this: Every NDA generated includes a governing law clause set to the state you selected during generation. If you're a California company contracting with a Texas vendor, the generator flags this and recommends you negotiate which state governs before signing.
No carve-outs for publicly known information
The mistake: Every well-drafted NDA must exclude information that (a) was already publicly known at the time of disclosure, (b) becomes publicly known through no fault of the receiving party, (c) was independently developed by the receiving party without using the disclosed information, and (d) was received from a third party who had no obligation of confidentiality. Without these carve-outs, the NDA attempts to restrict information that no court will protect.
Real consequence: Courts have consistently refused to enforce NDA provisions that attempt to restrict publicly available information. More importantly, an NDA without standard carve-outs signals to the counterparty — and to judges — that the drafter is inexperienced or acting in bad faith. Sophisticated parties routinely reject NDAs that lack these provisions.
How LegalStack prevents this: All four standard carve-outs are included automatically in every NDA generated by LegalStack. The generator's clause library uses language that has been validated against state UTSA provisions in all 50 states.
Unreasonable duration (over 5 years for non-trade-secret information)
The mistake: NDA duration must match the commercial value of the information being protected. A 10-year confidentiality obligation on standard business information — pricing, vendor relationships, marketing plans — will be challenged and frequently voided by courts that find the duration unreasonable relative to the information's shelf life. Conversely, perpetual protection is correct and enforceable for genuine trade secrets.
Real consequence: Courts in most states will not simply reduce an unreasonable duration — they will evaluate whether the entire agreement is overbroad. An employer who insists on a 10-year NDA for customer pricing information may find the whole agreement void rather than reformed to 3 years.
How LegalStack prevents this: The generator defaults to 2 years (industry standard for general business information) and lets you select up to 5 years or "indefinite" — with indefinite available only when you select trade secrets as the protected category. The AI flags duration choices that are likely to face legal challenge in your selected state.
Missing consideration — especially in post-hire employment NDAs
The mistake: Every contract requires consideration — something of value exchanged between the parties. For an NDA signed at the start of a business relationship (with a new vendor, at job offer, before investment discussions), the relationship itself provides sufficient consideration. But a post-hire NDA — one presented to an existing employee weeks or months after they started — has no automatic consideration and is unenforceable in many states without something additional.
Real consequence: Courts in Texas, Illinois, and most other states have voided post-hire NDAs that were presented to employees with no additional benefit — no bonus, no promotion, no new access to information, just "sign this or else." Illinois's amended Employee Non-Solicitation Agreement Act (INAA) now requires at least 14 days' review time and adequate independent consideration for employee agreements.
How LegalStack prevents this: The generator includes a consideration clause in every NDA — specifying what is being exchanged. For employment NDAs, the AI flags the consideration requirement and recommends documenting any accompanying benefit in the agreement itself to create a clear record of enforceability.
This generator's output has been reviewed for accuracy against state trade secret statutes. State law citations — including California Civil Code §3426, Texas TUTSA, Florida Statutes §688.001, and Illinois 765 ILCS 1065 — verified . Legal data sourced from official state government records; confidence score: 95%.
Seek expert advice for high-stakes NDAs involving significant IP, M&A due diligence, cross-border agreements, or any situation where a breach could result in material financial loss. Find a contract attorney →
Frequently Asked Questions
Do I need an NDA in California? +
Yes, NDAs are enforceable in California — but with important restrictions. California's SB 331 (2022) prohibits NDAs from silencing disclosure of unlawful workplace acts, including harassment or discrimination. California's CUTSA (California Uniform Trade Secrets Act) governs trade secret protection. Non-compete clauses cannot be included in California NDAs (Cal. Bus. & Prof. Code §16600 renders them void). A California NDA should have a 2–3 year duration for standard business information; perpetual protection is appropriate only for true trade secrets. LegalStack's NDA Generator applies California-specific rules automatically when you select California as your state.
What should an NDA include? +
A complete NDA must include: (1) definition of confidential information — specific and narrow, not just "anything shared"; (2) obligations of the receiving party — what they can and cannot do with the information; (3) exclusions from confidentiality — information already public, independently developed, or received from third parties; (4) term/duration — how long the obligations last (standard: 2–5 years for business information, perpetual for trade secrets); (5) governing law and jurisdiction — which state's law applies; (6) remedies clause — confirming injunctive relief is available for breach. For employment NDAs, also include: scope limited to business-related information, acknowledgment of California SB 331 rights (if applicable), and consideration beyond continued employment.
Is an online NDA legally binding? +
Yes — an NDA generated online is legally binding when properly executed. Contract enforceability requires: (1) offer and acceptance — both parties agree to the terms; (2) consideration — something of value exchanged (access to business information, a business relationship, or compensation); (3) capacity — both parties are adults of legal capacity; (4) signature — wet ink or electronic signature under the E-SIGN Act and UETA. Electronic signatures have the same legal effect as handwritten signatures in all 50 states. For high-stakes NDAs (trade secrets worth over $100K, M&A due diligence, international agreements), attorney review is recommended.
Mutual vs. one-way NDA — which do I need? +
Use a one-way (unilateral) NDA when only one party shares confidential information — for example, when sharing a business idea with a developer, hiring an employee, or disclosing financials to a potential investor. Use a mutual (bilateral) NDA when both parties will share confidential information — for example, in joint venture discussions, M&A negotiations, or technology partnerships where both sides share proprietary details. The key question: will both parties be disclosing sensitive information, or just one? If only one party shares, one-way is simpler and more common. If both share, mutual protects both sides equally.
How long should an NDA last? +
Most business NDAs last 2–5 years for time-limited confidential information. Trade secrets — genuinely proprietary technical or business information that maintains its value through secrecy — can and should have perpetual (indefinite) protection, because their value depends entirely on remaining secret. Employment NDAs typically last for the duration of employment plus 1–3 years post-termination. California courts scrutinize NDA duration; 2–3 years is standard for California NDAs. Massachusetts limits non-compete agreements to 12 months (but NDA duration is separate and can be longer). The right duration depends on the type of information, the industry, and the relationship.