(Internal) Mutual Non-Disclosure Agreements

A Mutual Non-Disclosure Agreement (MNDA) is a legally binding contract that establishes a confidential relationship. Each party agrees that it won’t share the other party’s information except as allowed under the MNDA.

Our current MNDA template can be found here.

What is the purpose of an NDA? To protect confidential/proprietary information from being disclosed or misused. NDAs allow a party to share information freely while knowing that the other party will not release or use that information for purposes beyond what is allowed in the NDA. For example, an NDA allowing the parties to evaluate a potential business relationship would NOT permit a party to reverse engineer the other party’s shared information in order to develop a competitive product.

MNDAs can be signed to cover pre-sales conversations at any time if requested by a prospect. An MNDA must be executed before sharing Gem’s SOCII report, Pentests or other confidential security information.

An NDA is NOT REQUIRED for existing customers as they have confidentiality provisions in their MSA that cover the same terms.

Sales should always present and push for Gem’s MNDA form.

MNDAs should be very low-to-no touch for legal. These should be standard confidentiality terms that are not negotiated or redlined by the customer. Please resist any requests to attach custom security and/or privacy documentation, in particular, because internal review for these kinds of bespoke terms will significantly extend your negotiation timeline.

Signatories

Any member of the legal team, David Dold, or any other director-level Gem employee can sign on Gem’s behalf.

What if a customer wants to use their NDA (Battle of the Forms)?

Response:

Gem’s NDA is tailored to the types of pre-sales conversations we will have with you about Gem’s Services. In these types of conversations, we ask that our customers use our NDA because Gem is the party that is most likely to share confidential information as your team assesses our services offering (e.g. our SOC2 audit reports and other security information, product information and plans). Our NDA is aligned to our particular offering, while remaining balanced in order to protect both parties’ confidential information.

Instructions : If the Customer insists on using their NDA, ascertain the reason why (e.g. severely delayed Customer legal review, regulatory requirements, etc.), request a copy of the customer’s NDA, save the NDA to the customer’s accounts folder in G-Drive, and post the link for legal review using the workflow in the #sales-success-legal Slack channel.

We will want to use exceptions sparingly as we have very limited internal legal review capacity. So if we make an exception and use the customer’s form, we will need to condition our review of their NDA on the hard requirements that (i) their NDA include language clarifying that the NDA has no application to the Customer’s use of Gem’s services; and (2) they must use our MSA for the subscription.

Additional language to include if we have determined an exception is appropriate:

Option (1) – if we want to say we will review theirs to see if it can work on an exception basis.

That said, if your team cannot work from our NDA, we are happy to do our best to be flexible and make an exception in the interest of moving forward as quickly as possible. As next steps, please share a copy of your NDA and Gem’s legal team will review to confirm if it is suitable for purposes of our pre-sales discussions generally and, if so, whether Gem will require any edits in order to be able to use your NDA vs Gem’s template.

Please note, however, that if we are able to work from your NDA here on an exception basis, should the parties decide to move forward and your company proceeds with a Gem purchase, which we very much hope that you will - we will need to work from Gem’s standard customer Order Form, MSA and other ancillary documentation as governing terms for the parties’ relationship and your use of Gem’s services. Our customer documentation is tailored to Gem’s services, and although we can certainly understand the desire to work from forms that you’ve vetted and with which you are familiar, those forms are not tailored to Gem’s business or services. As a multi-tenant service provider, Gem requires a certain amount of uniformity in our agreements and so asks all of our customers to work from our agreements. This approach benefits both parties as it cuts down negotiation times and enables our customers to get a better understanding of Gem’s services as well.

Option (2) - if we want to say we have reviewed the customer’s NDA and can make an exception:

We’ve reviewed the NDA and in the interest of moving forward quickly and enabling the parties to engage in productive discussions regarding our potential relationship, on an exception basis we can agree to work from your NDA for purposes of our pre-sales discussions.

Please note, however, that should the parties decide to move forward and your company proceeds with a Gem purchase, which we very much hope that you will - we will need to work from Gem’s standard customer Order Form, MSA and other ancillary documentation as governing terms for the parties’ relationship and your use of Gem’s services. Our customer documentation is tailored to Gem’s services, and although we can certainly understand the desire to work from forms that you’ve vetted and with which you are familiar, those forms are not tailored to Gem’s business or services. As a multi-tenant service provider, Gem requires a certain amount of uniformity in our agreements and so asks all of our customers to work from our agreements. This approach benefits both parties as it cuts down negotiation times and enables our customers to get a better understanding of Gem’s services as well.

How can I find out if we have an NDA in place with a certain customer or partner?

Customers : All fully executed customer NDAs can be found in the company-specific sub-folder under Customers.

Events : Events-related agreements should be stored in the applicable folder for the event.

Marketing : Please save in the Executed Contracts folder under Marketing + Legal.

Vendors : Please save signed NDAs in the Vendors folder.

Check the Signed NDA folder.

I’ve gotten an NDA signed, where do I store it?

Please use the following file naming convention: Company Name [Mutual/Unilateral, as applicable] NDA Effective Date as YYYY-MM-DD.

Example : Dropbox Mutual NDA 2023-03-10.

See “How can I find out if we have an NDA in place” Q above for proper storage locations depending on your team.

Does Legal need to review every NDA?

Nope. Not every NDA needs to come to Legal for review. Only pre-sales NDAs on customer paper (aka third-party paper) require legal review. Standard mutual NDAs on Gem’s paper with no changes can be approved by directors and VPs without getting Legal involved. If you’ve been asked to sign an NDA on third-party paper for purposes other than pre-sales discussions, please review the problematic terms below. Always feel free to use#ask-legal if you’re unsure of something.

There are some problematic terms that we will never accept in an NDA.

• Mutuality
• Generally, NDAs are mutual, which protects confidential information shared by either party.
• If you receive a unilateral NDA (something that would protect only the other side’s information, not ours), please ask for a mutual NDA or provide a copy of Gem’s mutual NDA.
• Define Confidential Information Broadly
• Each NDA will define confidential/proprietary information, so please review that definition.
• Some NDAs require that you mark every document “Confidential” and that you send an email after every conversation listing anything confidential that was discussed in order for information to be defined as confidential and, thus, protected by the NDA. That’s NOT enough – and it would create a lot of work for you and risk for Gem that something you disclose orally will not be protected as it should.
• The definition of confidential information should include coverage for information that a reasonable person would expect to be confidential, not just information marked or explicitly confirmed as confidential.
• The definition of confidential information should not include personally identifiable information (PII) or classified information. No PII should ever be disclosed under an NDA by either party and Gem does not ever need or want to receive classified information.
• If you’re not sure whether the definition of confidential information is broad enough, please send the NDA to Legal for review.
• No Indemnity or Representations and Warranties
• We do NOT offer indemnification under NDAs or make any representations or warranties regarding confidential information.
• If there is an indemnification clause in an NDA or if the NDA includes representations and warranties, please send it to Legal for revision.
• No Residuals
• We do NOT include residuals clauses in NDAs.
• But what are residuals clauses? They are clauses that allow someone who learns confidential information from us to use that information for that person’s (or that person’s company’s) benefit so long as the person can remember the confidential information unaided.
• What’s the big deal with residuals? Residuals clauses benefit the party receiving information and make it harder for the party sharing information to prove damages if the other party turns out to be a bad actor.
• Example of a residuals clause : “Furthermore, the residuals resulting from access to or work with such Confidential Information shall not be subject to the confidentiality obligations contained in this Agreement. The term “residuals” means information in non-tangible form, which may be retained in the unaided memories of persons who have had access to the Confidential Information, including ideas, concepts, know-how, or techniques contained herein. (A person’s memory is unaided if the person has not intentionally memorized the Confidential Information for the purpose of retaining and subsequently using or disclosing it.) Neither party shall have any obligation to limit or restrict the assignment of such persons or to pay royalties for any work resulting from the use of residuals.”
• If an NDA mentions residuals, please send it to Legal for review.
• No Intellectual Property Rights
• NDAs should not grant any rights to intellectual property. For example, the parties would not exchange any type of license in the information being shared.
• If an NDA seems to grant IP rights to the other party, please send it to Legal for review.
• No Privacy or Security Terms
• No personal information should be shared under an NDA, and NDAs should not include Gem privacy, data protection or security commitments. For example, there should not be any security exhibit or DPA attached.
• If an NDA seems to incorporate Gem privacy or security commitments, please send it to Legal for review.
• U.S. Choice of Law
• We prefer California law with a venue in San Francisco, but can accept Delaware or New York law without specifying a venue (e.g., push back if it specifies the courts of New Castle, DE)
• Do not accept other states or venues or non-U.S. law without approval from Legal.
• Do not accept arbitration without approval from Legal. Arbitration is non-standard for an NDA and we should try to avoid it.
• No Attorneys’ Fees
• If an NDA provides for payment of attorneys’ fees by the losing party in a dispute under the NDA, please send the NDA to Legal for review.
• Term
• NDAs generally have 3-year, 5-year, or indefinite terms.
• You should not enter into an NDA with less than a 3-year term without speaking with Legal.
• Trade Secrets
• If an NDA mentions trade secrets, then it is important to ensure that confidentiality obligations for trade secrets continue indefinitely.
• Example language providing ongoing trade secret protection: “However, if the Confidential Information constitutes a Trade Secret as defined herein, Receiving Party shall remain obligated to maintain the confidentiality of such Trade Secret for so long as such information remains a Trade Secret, including any protection offered by the operation of law, including but not limited to copyright and patent. All obligations under this Agreement shall survive the termination of the Parties’ business discussions or relationship and shall bind all Affiliates of both parties.”
• It is acceptable if an NDA is silent on trade secrets or if it specifically excludes trade secrets from coverage as long as the NDA is not for a joint venture discussion or another highly technical partnership in which the parties will be exchanging detailed technology specs.
• If in doubt, please send the NDA to Legal for review.
• No Non-Competes/Non-Solicits
• Generally when parties are entering into an NDA, their relationship is just starting. That is too early for them to agree to non-competes or non-solicits; those types of terms are better included in customer agreements, partner agreements, or other agreements establishing a formal relationship between the parties.
• If an NDA includes a non-compete or a non-solicit, please send the NDA to Legal for review.
• No Individual Employee Liability
• Sometimes NDAs state that the person executing the NDA is doing so in that person’s individual capacity rather than on behalf of Gem.
• Please do not sign NDAs in your personal capacity. Doing so could lead to liability for you rather than the Company.
• Gem should be the party to the NDA, not the person signing.

• Signatories
• What if a customer wants to use their NDA (Battle of the Forms)?
• There are some problematic terms that we will never accept in an NDA.