Skip to main content
All articles
Legal
7 min read

What Your NDA Reveals Before Anyone Signs It

NDAs are shared before trust is established. Their metadata can reveal previous clients, negotiation history, and drafting timeline. Here's what to clean.

The first document, the most dangerous metadata

A non-disclosure agreement is often the very first document exchanged between parties. It arrives before trust exists, before a relationship is established, and before both sides have agreed on what information is sensitive. The NDA itself is supposed to define those boundaries.

But the NDA is also a document — a file with metadata. And because NDAs are almost always adapted from templates or prior agreements, they carry an unusually rich payload of hidden data from previous contexts.

The recipient of your NDA has every incentive to examine it closely. They are evaluating you as a potential partner, vendor, client, or counterparty. They are forming impressions. And if they check the document properties — which takes three clicks in any operating system — they will find information you did not intend to share.

What NDA metadata typically reveals

Previous client names

The most common and most damaging metadata leak in NDAs comes from template reuse. An NDA template originally created for a deal with Acme Corporation may retain "Acme Corporation" in the Title field, the template file path, or the document's custom properties — even after the visible text has been fully replaced with new party names.

Law firms that maintain NDA template libraries face this risk at scale. A firm that created an NDA template for Client A and then adapts it for Client B may inadvertently reveal Client A's identity. Depending on the nature of Client A's engagement, this could violate the firm's duty of confidentiality.

Author identity

The Author field shows who created the document. For a law firm, this identifies the specific associate or partner who drafted the NDA. For an in-house legal department, this identifies the employee. For a startup founder using a template from a legal platform, the Author field may show the platform's default user or the founder's personal name rather than the company name.

This matters because the author identity reveals the level of legal resources the sending party is deploying. An NDA authored by a junior associate at a large firm sends a different signal than one authored by the company's CEO using a downloaded template.

Drafting timeline

The creation date reveals when the NDA was first drafted. The modification date reveals when it was last edited. The gap between these dates tells a story.

An NDA created six months ago and sent today suggests the sending party has been planning this engagement for longer than they may have disclosed. An NDA created and sent the same day suggests urgency or a template-heavy approach with minimal customization. An NDA modified thirty times before being sent suggests extensive internal negotiation about terms — which tells the recipient that certain clauses were contentious even within the sending organization.

Editing time and revision count

Word documents record total editing time in minutes and the number of revisions. An NDA with 4 minutes of editing time and 2 revisions was generated from a template with minimal changes — the receiving party may conclude they have room to negotiate aggressive modifications. An NDA with 180 minutes of editing time and 47 revisions was carefully crafted — the receiving party may conclude the terms are non-negotiable.

Deleted clauses in tracked changes

If the NDA was drafted collaboratively using tracked changes, the revision data may persist in the document's XML even after changes are accepted. Deleted clauses — a non-compete provision that was removed, an exclusivity requirement that was dropped, a damages cap that was lowered — tell the recipient what the sending party initially wanted but was willing to give up.

This is particularly damaging because it reveals the sending party's negotiation ceiling. If the original draft included a $5 million liability cap that was revised down to $1 million before sending, the recipient knows the sending party values the potential exposure at $5 million.

Template path

The file path where the document was saved is sometimes embedded in metadata. A path like \\server\Legal\Templates\NDAs\Biotech\Mutual NDA Template.docx reveals the sender's industry focus, the type of NDA (mutual vs. unilateral), and the internal organization of their legal department.

Why NDAs are uniquely vulnerable

No existing trust

When you share a contract with an existing client, there is an established relationship and some level of mutual good faith. When you share an NDA with a new potential counterparty, none of that exists. The NDA is the mechanism for creating trust. Metadata in the NDA can undermine that mechanism before it takes effect.

High template reuse rate

NDAs are among the most heavily templated legal documents. Very few NDAs are drafted from scratch. This means the template cascade problem — where metadata from the original template propagates to every derived document — is especially acute for NDAs.

Received by sophisticated parties

NDAs are exchanged between organizations that have legal teams, IT departments, and sometimes dedicated intelligence functions. The probability that the recipient will examine the NDA's metadata is higher than for most other document types.

What to clean before sending an NDA

  1. Author and Last Modified By — Clear or set to the organization's name rather than an individual
  2. Company field — Verify it shows your current organization, not a previous employer or client
  3. Title and Subject — Remove any references to previous parties or deal names
  4. Template path — Remove all file system path information
  5. Tracked changes — Accept all changes AND purge revision data from the XML (accepting in the UI is not sufficient)
  6. Comments — Remove all comments, including resolved comments
  7. Custom properties — Remove any custom document properties that may contain deal codes or matter numbers
  8. Creation date — Consider whether the creation date reveals uncomfortable timeline information
  9. Revision count and editing time — These fields reveal how much work went into the document

The process

The safest approach for NDAs is to treat every outgoing NDA as a potentially adversarial communication — because it is. The recipient is not yet bound by confidentiality, has no obligation to ignore metadata, and has every reason to extract intelligence from the file.

Scan the NDA for all metadata fields before sending. Remove everything that is not part of the intended communication. Verify the removal by re-scanning the cleaned file. This takes seconds with the right tool and eliminates a category of risk that no amount of careful drafting can address.

Purgit scans NDAs, contracts, and legal documents for hidden metadata — previous client names, tracked changes, drafting timeline, author identity. Clean your documents before the other side reads them.

[Scan a File Free]

Scan before you share.

Try Purgit free — no account required.

Scan a File Free