We've never seen an NDA actually enforced in the indie/startup scene.
Not once.
Not in $2K Notion templates, not in $50K SaaS flips, not even in six-figure newsletter acquisitions.
But does that mean you shouldn’t bother?
Absolutely not.
Because here’s the thing: the whole point of an NDA isn’t enforcement – it’s deterrence. It’s the digital equivalent of a “Beware of Dog” sign. You might not have a Rottweiler, but you don’t want someone hopping your fence to find out.
And sometimes, having one isn’t just smart – it’s legally necessary. Think GDPR, data handling, EU users. You’re not just protecting yourself from scammers. You’re protecting yourself from regulators with terrifying acronyms.
What the Hell Is an NDA, Really?
It’s a promise with legal teeth.
A Non-Disclosure Agreement says, “Hey, I’m going to let you peek under the hood of my business, but if you run off and tell anyone, I will make your life legally miserable.”
In Indie deals, that usually covers:
- Source code
- Internal metrics (MRR, churn, CAC)
- Customer lists
- Roadmaps and unreleased features
You don’t need a law degree. But you do need to not be naive.
Why Bother If Nobody Enforces These Things?
Two words: Signal & safety.
Signal: You’re not a tourist. You take deals seriously. This makes sellers open up faster.
Safety: 99% of the time, NDAs are never needed. It’s that 1% when your shiny new asset gets cloned by someone with access.
Also, GDPR. If you're handling personal data from EU users and that information is shared without consent?
Congratulations, you now owe 4% of your annual revenue.
The Indie Checklist: What Your NDA Should Cover
This isn’t big law. Keep it tight but straightforward.
- What's “confidential”: Spell it out. “Source code, user data, product roadmaps, metrics.” Be boringly specific.
- Who’s bound: Buyer, seller, maybe advisors or devs. If they're in the room, they're in the doc.
- How long it lasts: 1–3 years. Indefinite = lazy lawyering.
- What happens if someone leaks: At least scare them with a clause that says “we can sue your ass.”
One-Way or Two-Way? (Pick One, Not Both)
- Unilateral NDA: Seller shows you stuff. You shut up. Most common.
- Mutual NDA: You both share secrets. Use this if you’re pitching IP, valuation frameworks, or custom tools.
Pick what fits. Don’t just Google “NDA template” and cross fingers.
When Do You Actually Use an NDA?
Here’s where it matters:
- Before seeing the Stripe account
- Before access to the codebase
- Before downloading the customer list CSV
- Before revealing growth hacks or pricing experiments
Basically, if you're poking around someone else's digital underwear drawer – you need permission and discretion.
The Horror Story: How “No NDA” Nuked a $25K Deal
Let's talk about Emma, a solo founder in Brighton, built a Chrome extension that auto-optimises LinkedIn posts for reach – using a quirky combo of sentiment analysis and trending topic injection. A neat little AI gimmick. It was pulling in ~$2K MRR, growing slowly but steadily.
She listed it for sale in a Slack group. A potential buyer, Alex, reached out. Seemed sharp. Asked good questions. Emma, flattered by the interest and not wanting to “kill the momentum,” shared access to the codebase, Notion docs, Figma mockups, and analytics – all without an NDA.
Alex went quiet after two weeks.
Then, boom: a similar project hit Product Hunt – a near-clone of Emma’s tool, same core logic, slightly different UI, same value props, same tech stack. Even some UI animations were identical.
Emma? Screwed. No NDA. No agreement. No proof the ideas were protected.
She couldn’t claim copyright (ideas aren't protected, only expression). She hadn’t registered a patent (and probably couldn’t – the IP was too generic). And since there was no NDA, she couldn’t sue for breach of confidence or contract. Just a public rant thread on Twitter that fizzled in 48 hours.
What If It Does Get Breached?
Let’s be honest: you’ll probably just get peeved and post on Twitter.
But if you’re serious:
- Gather receipts: Screenshots, emails, access logs. Build your timeline.
- Talk to a lawyer: Especially if you're in the EU or handling PII (personal identifiable info).
- Use fear, not fury: A well-worded legal threat solves more than a rage thread.
Want more detail? Ironclad has a solid breakdown of NDA enforcement.
When You Don’t Need One
Here's the spicy bit no lawyer wants to say:
- Initial cold convos: You don’t NDA someone on first contact. Chill.
- Publicly available info: If it’s on their landing page or in a blog post, it’s not confidential.
- If the seller refuses: Some indie sellers hate legal paperwork. If you're only asking for high-level info, maybe skip the drama.
Remember: NDA ≠ deal-breaker. It’s a tool, not a religion.
Final Take
An NDA is like a prenup for your digital fling. You hope you never use it. But if things go sideways, you’ll wish you had one.
And even if no one enforces it? That little signature changes the tone of the whole deal. It means you’re not playing games.
So yeah – get the NDA. Keep it light, keep it clear, and don’t be the cautionary tale.
Got Burned?
Ever had a deal go south because someone leaked your metrics? Or got cloned because you shared the code too soon? Hit reply and spill the tea. We won’t name names.
Free Download!
Here’s a super simple starting point – a dual-use NDA template for Europe and the US. Use it in your AI prompts or share it with your lawyer for review. It’s concise, practical for tiny acquisitions, and flexible enough to hold up legally in both regions.
Simple NDA Template – EU & US Ready