Developers April 7, 2020

Developers and NDAs?


I was hoping to get opinions from both sides of an arrangement.

A company is contracting with a developer to build a web-based database of their customers and all information related to their customers.

The goal is to use metrics valuable to the company to cross-sell other services.

The company feels they are sharing too much of their "secret sauce" with a 3rd party and would feel more comfortable having an NDA in place.

The developer is uncomfortable signing an NDA claiming his work will be only on building the infrastructure and not related to the approach to the information developer will help surface.

Developers, how do you handle this type of request? How do you pacify the company's concern so they can open up more about the goals of their project and better educate you on how to deliver the right product.

For anyone here that's contracted an external developer, how do you address it? What can you do to ensure you're protecting the specific details of your company?

  1. 2

    I can speak to the Australian legal position: NDAs are widely misunderstood and misused, and oftentimes redundant considering the non-contractual (ie equitable) obligations of confidence that are imposed on parties who knowingly receive information that is inherently confidential.

    That said, there may be good reasons for a startup to request a dev to sign an NDA (or Confidentiality Agreement in my terminology):

    1. Maintaining confidentiality may be a critical concern for startups who are looking to file a patent for their innovative new product (as was the case for me).

    2. Dealing with remote devs in faraway countries can be a daunting prospect to many startups. Having a Confidentiality Agreement in place offers some peace of mind.

    3. A Confidentiality Agreement can improve perceptions on both sides as to bona fides and professionalism.

    On the flip side, it's also critical that any Confidentiality Agreement be appropriately drafted. It should be clear, succinct and specific, and directed only to protecting the startup's legitimate interest in wanting their trade secrets kept just that - secret.

    For anyone who's interested, here's the Confidential Agreement I've used with my devs without any issues:

    1. 2

      Hi Len, nice to see a fellow aussie on here! Great informative post and thanks for the link to the doc.

      Can you expand on "obligations of confidence that are imposed on parties who knowingly receive information that is inherently confidential."

      Is this something that is expected of every contractor/employee regardless of agreement?

      Is there a specific legal term for this I can google to find more information?

      1. 2

        G'day Lukeda!

        It's tricky to expand without sounding like I'm giving legal advice, which I can't do sorry (the constraints of my day job as an IP lawyer 😩)

        But there's plenty of online resources if you're interested in the topic.

        Wikipedia can set the scene for you:

        If you really want to get your hands dirty, here's a case I ran on the topic some years ago:

  2. 2

    Hey Tony, I'm just starting to build a startup on fit-for-purpose Agreements for people, and have studied not just the text in the legal document itself, but the psyche behind signing or not signing it.

    Reasons can vary, but based on my experience and findings - most problems arise from people being asked to sign very complex agreements that are not easy to understand, and are uneasy about hidden liabilities. Most people walk away, if they are not - like @kylegawley said - desperate for the work.

    The key is to have a simple NDA that is fit for purpose.

    In your case, a potential solution is to define what constitutes "Confidential Information". Since the company doesn't want the 'secret sauce' to be shared, and developer confidently claims that the 'secret sauce' is not accessed anyway - make sure their definition of specifically what the 'secret sauce' is inside the NDA under "Confidential Information". Once aligned, and both are sure that it is not shared / accessed, the rest of the NDA terms should be gravy (pun intended).

    I have a friendly NDA template here if it helps your purpose:

  3. 1

    As a developer, I'd be happy to sign that I'm not giving away your information in the database.
    But, I won't sign for your magical idea that'll rule the world, and I won't sign to shut up about what technologies etc.

    Developers talk to each other about tech stuff, that's how the industry pushes forwards.

    Recap. I won't give away the coca cola recipe, but I'll tell everyone that you put cool drink in a bottle :D

  4. 1

    In most cases, NDAs are just pointless cargo cult practised to soothe managers' minds. They mostly consist of boilerplate legalese that's either unenforceable or so generic and vague that it's already covered by applicable privacy laws anyway.

    Then there's the perennial aspect of "Ideas don't matter. Execution does.". Even if a nefarious developer were to run away with the company's "secret sauce", what would they actually do with that?

    The generic type of NDA prevalent in US common law settings only covers information gained in the context of working on a specific project, provided that information is not otherwise or previously publicly available. For developers, this at least usually shouldn't cause any problems.

  5. 1

    I'm a freelance developer. YMMV, but for me:

    I don't sign NDAs from companies that are afraid that I'm going to steal their idea. If you come to me and say "hey, I have this world-changing idea, but before telling you about it can you please sign this"... I'm not interested in your project.

    That said, I'm 100% happy to sign an NDA requiring me not to share, for example, a copy of your database.

  6. 1

    SAAS NDAs are notoriously vague. They supposed to be protecting your trade secrets in terms of very well articulated technology design but too many non-tech people use it to protect their "ideas". It is nothing more than exploitation.

  7. 1

    Context is everything. When asked to sign an NDA, as pointed out by others, I ensure it is specific to project/work. If the NDA is vague or generalized, then I simply provide some constructive suggestions for changes and that is normally sufficient to sign a suitable NDA.

    I've only encountered one company/person (out of around 30) who I did not work with due to him refusing to change the NDA.

  8. 1

    Data is the new gold and anyone in a position to build a relational database, web-based or otherwise, typically has access to proprietary information that many people/departments in a company don't even have access to. Unless the company is going to migrate the data themselves, or contract a different developer to do it, he will have access to information that should be protected by an NDA. I know it isn't popular, but I can't really see how it would hamstring the developer to sign a basic NDA.

  9. 1

    Maybe I am missing the point, but why is it bad for the developer to sign the NDA? Does it limit the developer in any way? Because if it doesn't, it may seem useless but I don't see the problem. I'd sign it without any problem.

    This is assuming it doesn't contain any non compete nonsense or whatever.

    1. 1

      This comment was deleted 15 days ago.

      1. 1

        That is fair, but that is something we don't know anything about. Signing a NDA for me --as a developer-- is no problem and does imply the other party is serious in their plans. They should allow me to read it closely and make sure it isn't limiting me of course, if it does I'll tell them to change it or find someone else.

  10. 1

    The developer should politely explain why he doesn't want to sign an NDA, and explore alternatives. However, there is a risk that if the developer won't sign the NDA, he will lose the job. So if he's in desperate need of work, it may be better to just sign the NDA.

    Unfortunately a lot of companies have fear around protecting their IP and believe that an NDA is the way to do this.


    1. 1

      This comment was deleted 5 months ago.

  11. 1

    This comment was deleted 15 days ago.