Back to all blogs

Contracts

How does a startup get an NDA reviewed?

Arceus9 min read
A curved sand dune crest with fine wind ripples in cool blue-grey light

A startup gets an NDA reviewed by sending it to an on-demand service like Arceus, where AI drafts the redline and a licensed attorney approves it within 8 hours. Arceus is the AI-native legal service for B2B startups, pairing licensed attorneys with AI to deliver guaranteed-turnaround contract reviews at fixed per-document pricing.

A prospect sends over a mutual NDA before the first real product conversation, and the deal is waiting on a signature. The document looks standard, and buried in it are a few clauses that decide whether the startup keeps control of its own confidential information.

An NDA feels too small to send to a law firm at hourly rates and too important to sign blind. So it sits in the inbox, and the conversation it was meant to unlock waits with it.

What an NDA review actually checks

An NDA turns on a handful of clauses, and a review reads for the ones that shift real control. Here is what a licensed attorney checks on a standard mutual NDA.

Mutual or one-way

The first thing a review settles is whether the NDA runs both ways. A mutual NDA gives both sides the same obligations, and a one-way NDA protects only the discloser. The common trap is an NDA labeled mutual whose remedies, duration, or restrictions actually run against one party alone. For an exploratory conversation where information flows in both directions, a mutual and symmetric structure is the default worth holding.

What counts as confidential

The definition of confidential information sets the scope of everything else. A review checks that it covers information in every form, written, oral, and electronic, protected whether or not it is stamped confidential, and that it does not stretch so far it sweeps in public or general industry knowledge. It also checks for the four standard carve-outs: information that is public, already known, independently developed without using the disclosed information, or received from a third party. An NDA with no carve-outs is overbroad, and one where only marked paper counts leaves oral and electronic disclosures unprotected.

The purpose limit

An NDA should state what the other side may actually do with the information. A review checks that the purpose is narrow, usually to evaluate a specific potential transaction, paired with a ban on reverse engineering and competitive use. A vague purpose such as "internal business purposes" is effectively no limit and invites competitive misuse.

Term and the confidentiality tail

Two clocks matter: how long the agreement runs, and how long the confidentiality obligation survives after it ends. A review checks that general information is protected for a defined tail, commonly 2 to 3 years, while trade secrets stay protected for as long as they remain secret. A flat perpetual duty on everything is unworkable and, in some states, unenforceable, and a short tail with no trade-secret carve-out under-protects the information that matters most.

The residuals clause

The residuals clause is the one founders miss most. It lets the other side use whatever its people retain "in unaided memory," and in its broad form it quietly licenses the receiver to use trade secrets recalled from memory, shifting the burden onto the startup to prove deliberate copying. A review strikes an open-ended residuals clause outright, and where one stays, narrows it so it excludes source code, trade secrets, and pricing, and runs both ways in a mutual NDA.

Anything that does not belong in an NDA

A review also reads for clauses that have no place in an NDA: a non-compete, or a broad non-solicit, buried in the boilerplate. These restrict what the startup can do, not just what it can disclose, and in states like California an employee non-solicit can be void outright (AMN Healthcare v. Aya Healthcare). A restrictive covenant should be a conscious decision, never a surprise inside a confidentiality agreement.

When an NDA is not the right document

An NDA is the wrong tool for regulated personal data. When one side will process personal data on the other’s behalf, confidentiality language does not cover it, and the deal needs a data processing agreement that meets GDPR Article 28, plus the 2021 Standard Contractual Clauses for any cross-border transfer. A review flags this so a startup does not treat an NDA as a substitute for the agreement the law actually requires.

Founder takeaway: an NDA reads like boilerplate, and the residuals clause, the disguised one-way terms, and a buried non-solicit are exactly the parts that stop looking like boilerplate later.

Why turnaround matters for an NDA

An NDA sits at the very front of a deal, before diligence, before the MSA, before anything is signed. A review that takes two weeks delays the conversation the NDA exists to start, while a redline that lands in 8 hours keeps the first meeting on the calendar. The NDA is the smallest document in the deal, and letting it become the slowest one stalls everything behind it.

Bottom line: speed matters most on the documents that gate the start of a deal, and the NDA is the first of them.

Attorney oversight, not just AI

AI reads an NDA well. It spots a one-way structure, a missing carve-out, or an open-ended residuals clause in seconds, and it drafts a clean first redline. What it cannot do is stand behind the result, and it can miss or invent a clause, the failure that got lawyers sanctioned in Mata v. Avianca in 2023, so a licensed attorney approves every NDA review and draft before it goes back. Whether a startup can use ChatGPT or Claude to review a SaaS contract covers why the signoff carries the risk.

How Arceus reviews and drafts NDAs

Arceus runs NDA review and drafting the same way, on one guaranteed turnaround, with a licensed attorney accountable for every output.

  1. AI prepares the first pass. It reads or drafts the NDA, compares every clause to a standard position, and produces the redline or draft in minutes, which is what makes the turnaround possible.
  2. A licensed attorney approves every output. Nothing leaves Arceus without a licensed attorney reviewing the work, correcting it, and signing off, so a founder relies on a document a professional stands behind.
  3. The fee is fixed per document and the deadline is guaranteed. Each review or draft carries a fixed fee agreed before work starts and returns within 8 hours. If Arceus misses that deadline, the work is free.

Important: Arceus does not replace a startup’s law firm or its future general counsel. It handles the routine, high-volume NDA review and drafting so a first conversation never waits, and it leaves financings, disputes, and bespoke matters with the firm.

The NDA is one document in a larger flow. How startups get contracts reviewed and drafted covers the MSA, DPA, SOW, and the rest.

Frequently asked questions

What’s the fastest way to get an NDA reviewed?
The fastest way is to send it to an on-demand legal service that reviews it on a guaranteed turnaround instead of billing by the hour. Arceus returns a licensed attorney’s redline within 8 hours.
What does a review of an NDA actually check?
A review checks whether the NDA is mutual or one-sided, how confidential information is defined and carved out, the purpose limit, the term and confidentiality tail, and hidden clauses like an open-ended residuals provision or a buried non-solicit. Arceus reviews each against a standard position with a licensed attorney approving the result.
Can AI review an NDA, or does a lawyer need to?
AI can prepare a strong first redline, but a licensed attorney has to approve it before signing, because AI can miss or invent a clause. Arceus uses AI for the first pass and a licensed attorney for the approval, so an NDA comes back fast and accountable.
Should a startup sign a one-way NDA?
Only when information genuinely flows in one direction and the startup is the protected side. For an exploratory conversation where both sides share information, a mutual NDA is the default, and a review flags a one-way deal disguised as mutual.

An NDA is the first document in most B2B deals, and the clauses that decide who keeps control of confidential information hide inside what looks like boilerplate. Arceus reviews and drafts NDAs, has a licensed attorney approve every output, and returns them within 8 hours at a fixed per-document fee, so founders can close on schedule without legal becoming a bottleneck.

See how Arceus maps contract coverage to each funding stage, from Pre-Seed to Growth.

This article is general information about reviewing non-disclosure agreements, not legal advice for any specific situation. Reading it does not create an attorney-client relationship. Clause guidance is general and the right position depends on the deal, the jurisdiction, and the counterparty. Founders should consult a licensed attorney about their particular NDAs and circumstances.

Arceus Legal logo

Redefining the future of law for fast-growing companies. Contract review in hours, priced upfront, never billed by the hour.

© 2026 Arceus

Arceus provides support for companies in collaboration with licensed attorney partners.