Bobadilla v. The NDA
On secrets, implied protection, and the document everyone signs but nobody reads.
Telling someone your secrets because you assume they won't tell anybody is not the same as asking them not to.
We all know this. We learned it in middle school, usually the hard way, usually involving a best friend and someone we liked and a very uncomfortable Monday morning. If you don't say it out loud, it isn't a secret. It's just information you shared with someone who had no obligation to protect it.
An NDA is how you say it out loud. It's the legal version of "please don't tell anybody." But only if it actually says what you think it says. And most of them don't.
What Founders Think the NDA Does
The most common assumption I see is that once an NDA is signed, every conversation is a secret forever. Every idea, every sample, every meeting, every email, every off-hand comment over coffee about the thing you've been working on for three years. All of it, covered, protected, legally binding, done.
That's not what an NDA does.
An NDA creates a specific, bounded obligation between specific parties for a specific period of time covering specific information. Every one of those words is doing work. And if you haven't read the document closely enough to know what each of them means in your specific agreement, you don't actually know what's protected.
The Scope Problem
The definition of confidential information is the most important clause in any NDA. It's also the clause that gets the least attention at signing because everyone is focused on the relationship and the opportunity and the excitement of a new deal.
A bad definition is full of legalese and marking requirements. It says things like "information must be designated as confidential in writing at the time of disclosure or confirmed in writing within thirty days of an oral disclosure." That sounds thorough. In practice it means that the company that isn't great at administrative follow-up, the one that forgets to send the confirming email after the phone call, has effectively unenforceable protection on everything discussed verbally. Which is most things.
A good definition is plain, practical, and doesn't require the disclosing party to jump through hoops they'll never consistently clear. If your NDA requires you to stamp every document and follow up every conversation in writing to preserve protection, ask yourself honestly whether your team is actually doing that. If they're not, the definition isn't protecting you regardless of what it says.
The Sample Problem
Here's something most founders don't know. Physical objects aren't information.
Your product samples may not be covered by your NDA at all, regardless of when it was signed, regardless of how carefully the confidential information definition was drafted. If the agreement doesn't explicitly address physical samples and the knowledge derived from evaluating them, you may have handed your counterparty something they can do whatever they want with.
And here's where it gets expensive.
Your counterparty is almost certainly evaluating multiple manufacturers at the same time. That's not bad faith, that's procurement. They take your sample. They take your competitor's sample. They take three other samples. They evaluate all of them, identify the best qualities of each, and use everything they learned to build a specification for whoever ultimately wins the business.
You did the R&D. You absorbed the development cost. You handed them a physical object that taught them exactly what good looks like in your category. And if the NDA doesn't restrict what they can do with that sample and the knowledge they derived from evaluating it, you've just done free R&D for a deal you may never close.
The protection you thought you had at signing didn't cover the most valuable thing you shared.
The Affiliate Problem
You think you know who you're dealing with. You probably know the company name, the contact, maybe the parent company if it's obvious. What you probably haven't thought carefully about is the full ownership structure, the shared control arrangements, and exactly which entities fall within the receiving party definition in your agreement.
NDAs typically allow the receiving party to share confidential information with their affiliates and representatives. That sounds reasonable. Affiliates need to be involved in evaluation. Representatives need to do their jobs.
But did you check who the affiliates actually are? Did you verify the ownership structure? Do you know whether a private equity firm with a portfolio of your competitors has a controlling interest in the company you just signed with?
If the answer is no, and it usually is, you may have shared your confidential information with a much larger group of people than you intended. All of it permitted by the agreement you signed.
What You Can't Fix After the Fact
An NDA can't protect information you shared before it was signed. It can't prevent someone from using general knowledge and skills they developed during a relationship with you. It can't make up for a conversation you should never have had. And it can't retroactively cover physical samples that weren't addressed in the original agreement.
The time to read the NDA is before you sign it. The time to negotiate the scope is before you share anything. The time to ask about affiliates is before you assume you know who you're dealing with.
After the fact, the document says what it says.
The One Practical Step
You don't have to overhaul your entire NDA approach this week. But you should do one thing.
Find every NDA you've signed or received. Put them in one place. Check the expiration dates. That's it. Just start there.
You'll probably find some that have already expired and nobody noticed. You'll probably find some covering relationships that are still active. You'll probably find at least one that says something you didn't expect.
That's the beginning of actually knowing what's protected and what isn't. Which is the whole job.
The document isn't the protection. Understanding it is.
- m
Morgan Bobadilla, Esq. is the founder of Understory Advising PLLC. She spent over a decade as an in-house General Counsel and Director across aerospace, defense, manufacturing, banking, and staffing, building deep expertise in commercial contracts, regulatory compliance, export controls, employment law, and enterprise risk. She now brings that experience directly to founder-led businesses through retainer and flat-fee engagements.
