NDA for Virtual Assistants: What to Include and Why It Matters
Before your virtual assistant gains access to client lists, pricing strategies, proprietary processes, or sensitive business data, a Non-Disclosure Agreement (NDA) should be signed. An NDA - also called a confidentiality agreement - establishes legal boundaries around what information the VA can and cannot share, and creates a basis for legal recourse if those boundaries are crossed.
This guide covers what a VA NDA should include, what it can realistically protect, and how to use it effectively without creating unnecessary friction in your VA relationship.
See also: how to create a VA NDA agreement, data security best practices for VAs, VA code of conduct template.
Why You Need an NDA Before Sharing Sensitive Information
Virtual assistants often have access to information that would damage your business if disclosed:
- Customer lists and contact databases
- Pricing models, margins, and supplier agreements
- Proprietary workflows, templates, or SOPs
- Unreleased product plans or marketing campaigns
- Client financial information or business strategy
- Employee or contractor compensation data
- Login credentials and system access
Without an NDA, your VA has no legal obligation to keep any of this confidential. An NDA creates that obligation and gives you enforceable recourse if they violate it.
One-Way vs. Mutual NDAs
One-way (unilateral) NDA: Only the receiving party (your VA) is bound by confidentiality obligations. You share confidential information; they agree not to disclose it. This is the most common structure for VA relationships.
Mutual NDA: Both parties agree to keep each other's confidential information private. This makes sense if you're also learning proprietary methods from the VA (uncommon, but relevant for specialized consultants).
For most VA relationships, a one-way NDA in your favor is appropriate.
Essential Clauses in a VA NDA
1. Definition of Confidential Information
This is the most important clause - an NDA only protects information that clearly falls within its definition. Be specific and broad simultaneously:
Include: business plans, financial data, customer lists, pricing, vendor relationships, proprietary processes, software and login credentials, personnel information, marketing strategies, intellectual property, and "any information marked as confidential or reasonably understood to be confidential given the nature of the disclosure."
The "reasonably understood" language matters - it covers information that obviously should be confidential even if you forgot to stamp it.
2. Obligations of the Receiving Party
Specify what the VA must and must not do with confidential information:
- Use confidential information only for purposes of performing their contracted services for you
- Not disclose confidential information to any third party without written permission
- Take reasonable measures to protect confidential information from unauthorized disclosure (at least the same care they use for their own confidential information)
- Promptly notify you if they become aware of any unauthorized disclosure
3. Exclusions from Confidentiality
An NDA cannot protect information that is:
- Already publicly known through no fault of the VA
- Already known to the VA before your disclosure
- Independently developed by the VA without use of your confidential information
- Required to be disclosed by law or court order (the VA must notify you first, if possible)
These exclusions are standard and courts expect to see them. Removing them makes the NDA more likely to be deemed unenforceable.
4. Term and Duration
Specify how long confidentiality obligations last:
- During the contract: The VA cannot disclose confidential information while working for you.
- After the contract ends: This is where businesses often under-protect themselves. Include a post-termination confidentiality period - typically 2–5 years for business information, or "indefinitely" for trade secrets (trade secrets receive protection as long as they remain secret, regardless of NDA term).
For VA relationships, a 3-year post-termination confidentiality period on business confidential information, with indefinite protection for trade secrets, is a reasonable baseline.
5. Return or Destruction of Confidential Information
Require your VA to return or certify destruction of all confidential information upon contract termination:
- Written confirmation that all copies (digital and physical) have been deleted or destroyed
- Revocation of all access credentials on the final day
- Return of any physical materials containing confidential information
6. No License or Ownership Transfer
Explicitly state that sharing confidential information with the VA does not grant them any license or ownership rights in the information. This prevents any claim that access implies permission to use the information independently.
7. Remedies and Jurisdiction
State that breach of the NDA would cause irreparable harm justifying injunctive relief (a court order to stop disclosure) in addition to monetary damages. This is important because proving monetary damages from a confidentiality breach is often difficult - injunctive relief may be the most practical remedy.
Specify the governing law (the state/country whose laws apply) and jurisdiction where disputes will be resolved. Use your home jurisdiction.
8. Independent Contractor Acknowledgment
Confirm that the VA is an independent contractor, not an employee. This clarifies the relationship and ensures the NDA is interpreted in the contractor context, not under employment law (which has different implied confidentiality rules).
What an NDA Cannot Protect
NDAs have real limitations - understanding them helps you set realistic expectations:
- NDAs cannot prevent disclosure to law enforcement or courts. Your VA cannot be legally required to violate an NDA when served with a valid subpoena.
- NDAs are difficult to enforce across international borders. A US-law NDA signed by a VA in the Philippines is difficult (though not impossible) to enforce. For high-stakes confidential information, prefer VAs in jurisdictions with compatible legal systems.
- NDAs cannot substitute for access controls. An NDA is a legal backstop, not a security measure. The most effective protection is limiting access to only the information the VA actually needs.
- NDAs don't prevent all disclosure - they create consequences for it. Your VA could still choose to violate the NDA; you'd then need to pursue legal action, which costs time and money.
Making Your VA NDA Enforceable
- Get it signed before sharing any confidential information - not after.
- Use "wet" signatures or e-signature platforms (DocuSign, HelloSign, PandaDoc) that create timestamped records.
- Ensure mutual consideration - the VA must receive something in exchange for signing (the opportunity to work for you is sufficient consideration in most jurisdictions).
- Keep a signed copy and provide one to the VA.
- Have an attorney review your NDA template - a poorly drafted NDA may be unenforceable. One-time legal review cost is minimal compared to litigation risk.
Frequently Asked Questions
Can I use a free NDA template from the internet?
You can use a template as a starting point, but have an attorney review it for your jurisdiction and specific situation. Free templates vary widely in quality and may be missing clauses essential for enforceability in your state.
Does a VA agency's NDA protect me?
Agencies typically have their VAs sign confidentiality agreements, but those protect the agency's interests, not necessarily yours. You should still have your own NDA signed by the VA (or by the agency on behalf of the VA) that covers your specific confidential information.
What if my VA refuses to sign an NDA?
This is a red flag. Any legitimate professional VA should be willing to sign a reasonable NDA. If a VA refuses without explanation, reconsider the hiring decision. If they have specific objections to particular clauses, those are worth discussing - legitimate concerns are typically about scope or duration.
Should my NDA include a non-compete clause?
Non-compete clauses in contractor NDAs are controversial and often unenforceable, particularly for independent contractors and across state lines. A more practical approach is a non-solicitation clause - prohibiting the VA from soliciting your clients or employees for a defined period - which is generally more enforceable than a broad non-compete.
Ready to Hire with Proper Documentation?
Virtual Assistant VA connects you with pre-screened virtual assistants. We can advise on standard onboarding documentation practices to protect your business from day one.