One of the most common questions from business owners considering their first virtual assistant hire is: do virtual assistants sign NDAs? The short answer is yes — and if they're professional, they expect it.
A Non-Disclosure Agreement is a standard part of any professional working relationship where sensitive business information is shared. Virtual assistant relationships almost always involve sensitive information: access to email, client data, financial records, business plans, proprietary processes, and more. An NDA formalizes the expectation that this information stays confidential.
This guide explains what an NDA covers in a VA context, how to use one properly, and what else you should do to protect your business information.
What a VA-Specific NDA Covers
A Non-Disclosure Agreement is a legal contract between two parties that defines what information is confidential and what obligations the receiving party (your VA) has regarding that information.
In a virtual assistant context, a well-written NDA should cover:
Definition of confidential information: This should be broad enough to include all meaningful business information. Common categories include: client lists and client data, business plans and strategy, financial information, proprietary processes and workflows, vendor relationships, pricing structures, trade secrets, and any information the employer designates as confidential.
Non-disclosure obligations: The VA agrees not to disclose confidential information to third parties without your explicit written permission.
Non-use obligations: Equally important — the VA agrees not to use your confidential information for any purpose other than performing their duties for you.
Duration: NDAs typically remain in effect for the duration of the relationship plus a period afterward — commonly 1–3 years after the contract ends. Make sure your NDA specifies this.
Exceptions: Standard exceptions include information that is already publicly known, information the VA already knew independently, or information independently developed without reference to your confidential material.
Remedies for breach: What happens if the NDA is violated? This section should specify that breach gives you the right to seek injunctive relief and damages.
"An NDA doesn't prevent all misuse of your information. It establishes a legal framework that creates real consequences for misuse and signals that you take confidentiality seriously."
Should You Use a Separate NDA or Include It in the Service Agreement?
Both approaches work. The more common and practical approach for ongoing VA relationships is to incorporate NDA language into a broader service agreement or independent contractor agreement.
A comprehensive working agreement might include:
- Scope of services and responsibilities
- Payment terms and schedule
- NDA provisions
- Data handling requirements
- Intellectual property ownership (any work product created belongs to you)
- Termination conditions
- Post-termination obligations
Having everything in one document reduces friction and ensures all key terms are agreed to simultaneously. You can find templates through LegalZoom, DocuSign, or an attorney specializing in employment and contractor law. For roles involving sensitive data, investing in attorney-drafted or reviewed documents is worth the modest cost.
What Happens if a VA Refuses to Sign?
A professional VA with legitimate work experience will have no objection to signing a standard NDA. It's a routine part of professional working relationships. If a candidate refuses to sign, treat that as a significant red flag.
Possible reasons for refusal — none of them reassuring:
- They don't consider themselves bound by standard professional norms
- They've had disputes over NDAs in the past
- They're planning to work with your competitors and want to avoid constraints
- They simply don't take confidentiality seriously
If a VA raises questions about specific provisions — asking for clarification on definitions or duration, for example — that's reasonable and professional. Flat refusal is not.
Additional Protections Beyond the NDA
The NDA is your legal protection. But protecting your business information in practice requires operational measures as well.
Use a password manager for credential sharing. Never share passwords through email or chat. Tools like 1Password, LastPass, or Bitwarden allow you to share access to credentials without revealing the password itself — and revoke access instantly when needed.
Apply minimum necessary access. Give your VA access only to the systems they need for their specific role. An email management VA doesn't need access to your financial platform. A social media VA doesn't need your CRM admin credentials.
Enable two-factor authentication on all shared accounts. Even if credentials are compromised, 2FA significantly reduces unauthorized access risk.
Use a shared but restricted file structure. Create a dedicated folder structure for your VA with only the files they need — not the entirety of your business file storage.
Conduct a security audit at offboarding. When a VA relationship ends, immediately revoke all access, change shared passwords, and remove the VA from all platforms. Don't delay this.
For a comprehensive guide to data security in VA relationships, see how to protect your business data when working with a virtual assistant.
Industry-Specific Considerations
Some industries require additional contractual or compliance considerations beyond a standard NDA:
Healthcare: If your VA handles patient information, HIPAA's Business Associate Agreement (BAA) requirements may apply. You may need a HIPAA-compliant BAA in addition to or instead of a standard NDA.
Legal services: Attorney-client privilege considerations may apply to information shared with a VA. Consult with your state bar association on what's permissible.
Financial services: If you handle client financial data, relevant financial privacy regulations (Gramm-Leach-Bliley Act in the US, for example) may impose specific data handling requirements.
EU clients: If you have clients in the European Union, GDPR compliance may apply to how client data is handled, stored, and processed by a contractor.
Consult a compliance professional if you're in a regulated industry before sharing sensitive client information with a remote contractor.
When to Use a VA Agency vs. a Freelance Hire for Security Purposes
VA agencies like Stealth Agents typically have their own contractor agreements that include NDA provisions, data handling requirements, and professional standards as part of their service model. This doesn't remove your need for a client-facing agreement, but it adds a layer of contractual structure around the VA's professional conduct.
When you hire a freelance VA directly, you bear full responsibility for ensuring the legal documentation is in place. This isn't difficult, but it requires initiative.
For more on the overall hiring process and how to structure the engagement legally and practically, see how to hire a virtual assistant.
Protecting your business information is non-negotiable. An NDA is the starting point, not the finish line — but it's an important starting point that signals how you expect the relationship to operate. Stealth Agents works with professional virtual assistants who understand and respect standard confidentiality expectations. Visit their website to find a professional who takes your business information as seriously as you do.