I'd put together my own basic mutual NDA to offer to people who ask me to sign one. I used to get anywhere from 10-20 people per year wanting me to sign their NDA to talk about an idea. Initially I did, then went to refusing outright, then went to offering a pushback "mutual" version (which it looks like waypoint is). I was surprised how many people balked at a two-way version. That told me instantly that they didn't plan to place any value on what I was brining to the problem, somehow needed whatever insight I might have, but didn't even want to go through the motions of pretending to be interested in my position.
The number of people approaching me and requiring an NDA up front is down a lot in the last... 5 years? Probably less than 3/year altogether, but I'm also randomly approached less too, so I don't know if it's proportional or more people have realized an NDA generally isn't required in most cases at 'idea' stage talk.
I've had more than my share of pitches where people would want me to sign an NDA. Pitch a business that they haven't done any work on, and that requires all the risk upfront to be software development (i.e. my potential contribution), and then not want to go 50/50 in the business.
I've bothered to follow up on some of these businesses, and I've yet to miss anything substantial.
But in the absence of any other data, NDA becomes a very good indication of whether I should continue the conversation.
Can someone run off with an idea and make a billion dollars? Maybe. But I would suggest that an NDA gives very little protection. If the person is going to do that and actually manages to make a billion dollars from it, then all you have is a piece of paper saying the person won't discuss the idea without specifying the idea.
Unless you then have a paper trail of discussing the idea, how can you argue that that was your idea? Most subsequent discussions in my experience have been verbal.
Worse still they have a billion dollars to fight the matter in court.
I still remember a chat I had with a guy around 2012 or so. His idea was basically about.me, but only for realtors, and worse. Even as "I have a million dollar app idea!!1" ideas go, it was pretty terrible. He wanted me to write the entire thing "in a week or two, right?" and got pretty offended when I laughed at his proposed 80/20 split. He also stormed out of the coffee shop we were in when I laughed again when I refused to sign the ex post facto NDA he pulled out.
I still think about him sometimes and wonder who he's bothering now.
I think some people have a hard time understanding that you, me and others who do this for a living have literally hundreds of ideas - we can see a basic marketplace idea and spin up a dozen variations based on demographics, industry, etc. Without a solid plan of execution/sales, demonstrated industry contacts and ideally some measure of success in this same industry, me executing your idea is statistically a big waste of my time (and may unintentionally end up tying me to you in ways I don't want to be tied). Lots of downside, very little upside.
Now, if you have a huge name and track record... I can get it. Years ago talked with someone who'd done some deals with the 'guerilla marketing' guy (Levinson IIRC). After a while, he was more or less just licensing his name/brand for a cut, but it was worth it because there was already a track record and built-in audience - anything with his name/brand would be guaranteed some degree of sales on day one.
Most people who've approached me with ideas like that haven't had that success. Even in one case where I was working with a guy who had executed multiple businesses and had good success (one 8 figure exit) - we just couldn't work together - our expectations of each other never synced up.
Same thing has happened to me more times than I can easily remember! My take on this has evolved to be "If I can steal your idea/product/scheme as a result of a 60 minute conversation about it then you most likely have a terrible idea". Once a month some idiot comes to tell me about their Great Idea For An App (that I can build for them in exchange for EQUITY!!) and I honestly don't even listen to them anymore.
I'm not a lawyer - I took something from https://www.docracy.com and made a couple small mods. FWIW, I'd put this up as an MVP at https://mutualndas.com but... didn't want to shill here in the main post. I may update/revisit this in the future, but it was sort of a 'scratch my own itch' issue, and I've used it a few times in the last year.
My lawyers narrowly tailor the NDA to relevant topics. So pretty much no copy and pasting will work. Usually that is only a modification of the first or second paragraph from familiar NDAs but the stuff on the internet is overly broad.
You don't need a lawyer in order to adopt this concept. But if you are just dealing with one of clients and want them to sign an NDA, or you are asked to sign theirs, consider narrowing it down instead of having it cover everything under the sun.
I don't know what you mean by "narrowly taylor", but if you mean "fill in the purpose for which information's being shared", read Waypoint. The first page has a blank for that. Along with governing law, forum for disputes, and term.
Waypoint implements the most common, two-way, commercial form of confidentiality agreement. There are more specialized forms, like pre-acquisition, that aren't covered.
I like the idea of this inasmuch as I like the idea of standardization in general, particularly in areas where I don't have much primary domain knowledge.
However, I sign maybe a half dozen NDAs a year with various consulting clients and they generally range from ~1-5 pages. It's not such a laborious process that I'd ever considered it an issue.
Is anyone here signing NDAs at such volume that this would save them a considerable amount of time? (Not rhetorical, genuinely curious)
I don't have personal experience, but I wouldn't be surprised if employees in larger companies need to have a lawyer read any contract before signing it, which may be an expensive and/or slow process.
It surprises me that standard form contracts are not more common in other industries, as they are very common in construction, in the UK at least. You literally buy a copy of the contract, fill in the blanks and there are endless textbooks explaining in painful detail how they work and a lot of caselaw going back >75 years for how the terms are interpreted.
My impression is that construction in 2020 isn't so fundamentally different from construction in 1920 that it would need much unique language per project. The big changes seem to be in quality of material and what gets run through and around the material. Meanwhile, we barely had computers 75 years ago and the whole thing flips on its head every 5-10 years.
Construction is pretty different now. Supply chains are much more complicated and can be multi national even for a domestic house whereas in 1920, you would probably be able to source all the materials for a house from within 20 miles. Legislation, liability and insurance are more complicated. The standard contracts are typically updated every 5 years or so to take account of this. As a result the JCT standard building contract is 120 pages long now compared to about 10 pages in the 1960's.
but the end product is basically the same whereas in computers the end product is quite different. There was no software as a service (at least not like there is now) 10-15 years ago.
The standard contracts don't specify what you will provide, they specify how much it will cost and when it will be provided. Exactly what will be provided is different each time and is generally covered by a written specification and a set of drawings, which are referred to in the contract and are part of the agreement, but they don't form part of the standard text. The building contract itself is an agreement for managing the process for things like changes to specification, the finish date and the process for paying for completed work, rejecting poor quality work or for defining poorly specified work after the contract is in progress. It sets out who has to pay the costs of changes depending on who has caused the changes and pre agrees some of the contractor's management costs.
I imagine all these things are common to software projects?
The basic project management procedures specified in the contract could probably be adapted to procure a software project. But the reason you couldn't just use a building contract for software project is because it also deals with various ancillary things like how the copyright in the design is licensed to the contractor, who is responsible for complying with Site Health and Safety legislation, various construction industry specific dispute resolution procedures required by law to be agreed in the contract, consumer rights law, housing grants and regeneration act, contracts (rights of third parties) act. GDPR, blah blah blah. The legislation is the stuff that is constantly changing.
This exists in Chicago, San Francisco and probably a host of other markets , for apartment leasing. It's actually really helpful for both the tenant and the landlord. Goes a long way to reducing uncertainty, addressing the maze of regulations, and closing loopholes.
Seems like this is analogous to YC's SAFE. I hope this takes off -- this would have already saved thousands of dollars of lawyer time for us, a small startup that is less than a year old.
Waypoint is already in regular use. The list of companies on the website is by no means complete, though we’d love to add yours. Most companies using the form just use it and never get in touch.
For what it’s worth, I’m a lawyer who advises startups, and I don’t like billing for time spent reviewing NDAs any more than clients like paying for it.
> The Waypoint NDA differs from other NDAs only in how it protects everyone from having to read it over and over again.
that's a full stop, right there. If you take NDAs and contracts seriously you need to read and comprehend the whole thing, no matter how boilerplate it appears from skimming the first few paragraphs.
You should absolutely read the Waypoint NDA. There is no substitute for reading legal terms.
But once you have read Waypoint, there is no reason to read the same terms, or functionally the same terms, every time you want to do the same deal. That is the waste Waypoint avoids.
The literal very next sentence after the one you've quoted addresses that:
> Every copy of The Waypoint NDA comes with a certificate from the side proposing it, guaranteeing that the terms are exactly the same as those published on this site.
I see nothing on the webpage about public or private PKI signing of a certificate. This certificate is what, an image or a scanned raster pdf file of ink signatures or something, promising they haven't modified the document?
I don't see how that is any sort of improvement over the standard 2-3 page sized NDAs I use already on a regular basis.
PKI signatures aren't (legally) necessary, just a binding statement that what they are presenting to you is a certain version of the contract and hasn't been modified. Lying and modifying it would then be a serious misrepresentation that I don't think they could get away with.
I think the idea is similar to OSI certified licenses. You only have to read (for example) the LGPLv3 license a single time regardless of how many of your dependencies use it.
It doesn’t matter. If they affirm that “this is not modified” and it is modified, the court will tell them to get fucked and will likely cancel out terms to be maximally disadvantageous to the bad actor.
It doesn’t have to be a physical certificate it can just be a sentence that states “waypoint NDA version X” in any medium.
It works in the same way as licenses work you don’t actually have to attach a full copy of a GPL license for example or even your own license terms you need to just specify what license are you using and where it can be obtained.
You'd be surprised how many people don't. I've had arguments about things that we were supposedly contractually obligated to perform. I ask, "where does it say this in the contract? It's not there." I'm told I must be wrong. (I'm not.) Mad page flipping through the PDF follows. Ultimately, I am proven correct. We are, indeed, not obligated to do a thing...
I'm not a lawyer. If someone wants me to sign an NDA, I have to read it, sure, but I also have to hope that they haven't snuck something in that I won't understand but will screw me over later. The Waypoint NDA prevents me from having to hire a lawyer to make sure their NDA isn't hiding something; all I have to do is a word for word diff.
I rarely get asked to sign NDAs for doing dev work anymore, but it happens occasionally. I'll often find they're less an NDA and more a non-compete that's been sent as an 'NDA'. They're usually vastly broad "you won't work on anything like whatever project we're working on for 2 years" - or similar, which is ridiculous because a lot of my work is much the same or for companies who are (broadly) competing.
Unless the NDA is authored by yourself and you are sure that it has not be tailored, it is in your own interest to read the piece of paper before signing. This is regardless if it is this Waypoint NDA or not.
But if they did so then they would be in violation of the Waypoint license and then the court wouldn't uphold the contract because it violated the law. It would also indicate bad faith so the judge would make them pay costs and more.
IIUC, you're supposed to share the certificate proving it's a version of the waypoint nda, and the text is only on the website, so no one else can change it.
> Anyone have any war stories where implementing an NDA saved them time/money/hassle/everything
I have a very compelling story where information obtained under NDA saved me years of work and millions of dollars. Unfortunately, I cannot share the details.
Certain APIs of the IBM mainframe operating system z/OS (formerly known as MVS), IBM makes you sign an NDA before it gives you the documentation to them.
For example, IBM mainframes have specialised processors called zAAPs. Physically these are just ordinary CPUs, but they've been configured in the firmware to only be allowed to run certain types of code. The reason for this, is IBM licenses the OS on a per-CPU basis, and using zAAPs instead of normal processors to run work results in lower per-CPU licensing costs. Anyway, there is an undocumented API that programs can call to offload work on to zAAPs. And IBM makes vendors sign an NDA before sharing this documentation. (If they didn't, anyone could just run arbitrary code on a zAAP, defeating the purpose of the whole thing.)
z/OS also has an API called FAMS (File Attributes Management Service aka IGWFAMS). You need it to perform certain operations on files (or datasets to use the mainframe terminology.) The IBM manual which documents the FAMS API (called the "DFSMS Advanced Customization Guide") is made available to ISVs under NDA only. (As to why this is under NDA, there has never been a public explanation.)
I myself have never used either of the above APIs, nor have I signed any NDA for them, nor do I know the technical details the NDAs protect. I just know they exist. And I know that quite a few IBM mainframe ISV products depend on one or the other to work.
They tell me it's probably not the kind of company I want to work for.
I have nothing against NDA's themselves, just companies that use them widely tend to be paperwork-heavy, inflexible, slow, and all the things I don't like in an employer. The NDA is just an indicator.
* You can smoke out people trying to brain!@#% you by saying use my NDA and making sure an officer of the company you are talking to signs it (lower-level employees may not be able to sign a binding agreement on behalf of the company).
* I've had many a partner call me and ask if they can share something from an NDA covered meeting with a third party. It's helped surface opportunities AND threats.
* I've had investors point out the NDA was a go-no-go check. No NDA, no further discussion.
That is useful. Thanks. Not sure it's enough to get me to use them, but at least I can move from my stance of "anyone insisting on an NDA is an idiot" ;)
In EU I have read that the part "No Reverse Engineering" is null/void and the rest of the contract is still valid. There is several null-ification of part of contracts in EU-legislations.
I don't think there's specific legislation for it, but at least for every contract I've seen (from business acquisition to real estate purchase to NDA to you-name-it) there is a contract severability clause which basically says the same thing.
The number of people approaching me and requiring an NDA up front is down a lot in the last... 5 years? Probably less than 3/year altogether, but I'm also randomly approached less too, so I don't know if it's proportional or more people have realized an NDA generally isn't required in most cases at 'idea' stage talk.