How to Create a Virtual Assistant Non-Disclosure Agreement
Creating a virtual assistant NDA doesn't require a law degree, but it does require understanding what you're protecting and what you need the agreement to do. A well-constructed NDA takes 30–60 minutes to draft and provides real legal protection for your business information.
This step-by-step guide walks you through the process from start to signed.
See also: NDA for virtual assistants: what to include, VA code of conduct template, data security best practices for VAs.
Before You Draft: Know What You're Protecting
The first step isn't writing - it's making a list. Go through your business and identify every category of information your VA will access or create:
Common categories for VA NDAs:
- Customer and client lists, contact data, and account details
- Business financial information (revenue, margins, pricing, costs)
- Proprietary processes, SOPs, and operational workflows
- Product roadmaps, unreleased features, or strategic plans
- Vendor relationships, supplier contacts, and pricing agreements
- Intellectual property - content, designs, code, formulas
- Login credentials and account access information
- Employee or contractor compensation and performance data
- Marketing strategies, campaign results, and audience data
This list becomes the foundation of your "Definition of Confidential Information" clause - the most important part of any NDA.
Step 1: Draft the Definition of Confidential Information
This clause defines what's protected. Too narrow and your business information slips through the cracks. Too vague and a court may find it unenforceable.
Effective approach - use a broad category list plus a catch-all:
"Confidential Information includes, but is not limited to: customer lists and contact data, financial data and pricing, business strategies and plans, proprietary processes and workflows, product information, technical data, vendor relationships, personnel information, login credentials, and any other information that is identified as confidential at the time of disclosure or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure."
The "reasonable person" catch-all is critical - it captures information you forgot to list specifically.
Include an exclusions clause to prevent the NDA from being voided as overbroad:
- Information already publicly known
- Information the VA independently knew before your engagement
- Information independently developed by the VA without using your confidential information
- Information required to be disclosed by law or court order
Step 2: Define the VA's Obligations
State clearly what the VA must and must not do:
Must:
- Use Confidential Information only for performing their agreed services
- Take reasonable measures to protect Confidential Information (at least the same care as their own confidential information, but no less than reasonable care)
- Notify you promptly if they discover or suspect unauthorized disclosure
Must not:
- Disclose Confidential Information to any third party without your written permission
- Use Confidential Information for their own benefit or for any other client
- Copy or store Confidential Information outside of systems you approve
- Discuss your business in any public forum, including social media
Step 3: Set the Confidentiality Term
Specify how long the obligations last:
- During the engagement: The VA cannot disclose anything while working for you.
- After the engagement ends: Include a post-termination period - typically 2–5 years for business information.
- Trade secrets: Add "the VA's obligation to protect trade secrets (as defined by applicable law) continues indefinitely."
Most courts will enforce a 3-year post-termination period for standard business confidential information. For trade secrets (genuinely proprietary formulas, code, or processes), indefinite protection is legally sound.
Step 4: Address Intellectual Property Ownership
Include a clear work-for-hire clause:
"All work product, content, code, designs, materials, and deliverables created by VA in connection with services under this Agreement are works made for hire and are the exclusive property of Client. To the extent any such work product does not qualify as a work made for hire under applicable law, VA hereby assigns all rights, title, and interest in such work product to Client."
This prevents any ambiguity about who owns content, graphics, code, or processes the VA creates for you.
Step 5: Include Return/Destruction of Information
Upon termination, require the VA to:
- Return all physical materials containing Confidential Information
- Permanently delete all digital copies from their devices and accounts
- Provide written certification that deletion is complete
- Cooperate with any reasonable steps to confirm compliance
This is especially important for VAs who had access to client data, financial records, or proprietary systems.
Step 6: State Remedies for Breach
Include these standard remedy provisions:
-
Injunctive relief: "VA acknowledges that breach of this Agreement would cause irreparable harm not adequately compensated by monetary damages, and that Client shall be entitled to seek injunctive relief without the requirement of posting bond."
-
Attorney's fees: "In any action to enforce this Agreement, the prevailing party shall be entitled to recover reasonable attorney's fees and costs."
-
Right to audit: "Client may conduct reasonable audits to verify VA's compliance with this Agreement."
Step 7: Add Governing Law and Jurisdiction
Specify which state's law governs the agreement and where disputes will be resolved. Use your home state for both.
"This Agreement shall be governed by the laws of the State of [Your State], without regard to its conflict of law provisions. Any disputes shall be resolved exclusively in the courts of [Your County], [Your State]."
Using a Template vs. Hiring an Attorney
Template is appropriate for:
- General VA relationships with standard confidential information
- Businesses in straightforward industries (e-commerce, marketing, admin support)
- Relationships with well-established freelancers or agencies
Attorney review recommended for:
- VAs handling healthcare data (HIPAA-specific language needed)
- VAs with access to highly proprietary technical systems or code
- International VAs where cross-border enforcement may be relevant
- Businesses in heavily regulated industries
One-time attorney review of a template NDA ($200–$500) is worth it if your VA will touch genuinely sensitive or high-value intellectual property.
Execution: Making It Legally Valid
- Use an e-signature platform (DocuSign, PandaDoc, HelloSign) for clean timestamped records
- Get it signed before sharing any confidential information
- Both parties keep a signed copy
- Store executed NDAs in a secure, organized location for 7 years
Frequently Asked Questions
Can I use a free NDA template from the internet?
Free templates are a starting point, not a finished product. They may be missing state-specific language, omit critical clauses (like IP assignment or injunctive relief), or contain provisions that are unenforceable in your jurisdiction. Use them as a framework but verify against your state's requirements.
Does the NDA need to be notarized?
Generally no - notarization is not required for NDA enforceability in most US jurisdictions. E-signatures create legally binding records without notarization.
What if the VA is in another country?
Cross-border NDA enforcement is complex. Include a choice-of-law clause specifying US law, consider requiring disputes to be resolved in US courts, and understand that practical enforcement may be limited in some jurisdictions. For high-stakes confidential information, prefer VA relationships in jurisdictions with strong IP enforcement systems.
Should I have a separate NDA for every VA or include it in the service agreement?
Either approach works. Many businesses include confidentiality provisions as a section of their main service agreement rather than a standalone NDA. Standalone NDAs are easier to update independently if your confidentiality requirements change.
Ready to Hire with Proper Legal Protection?
Virtual Assistant VA connects you with pre-screened virtual assistants. We can advise on standard documentation practices and ensure your onboarding protects your business from day one.