Software development is built on confidential information: proprietary source code, system architecture, API designs, roadmaps, and business logic that the wrong person could copy or exploit. Whether you are a client hiring a development agency, a freelancer working on a client's codebase, or two SaaS companies integrating their platforms, an NDA is the first line of protection. This guide explains what a UK NDA can protect in a tech context, how IP ownership works, and which template fits which software scenario.
NDASafe is a document preparation service, not a law firm. Our templates are legally reviewed against applicable UK law at the point of release, but every situation is different. Where significant value, unusual risk or a cross-border element is involved, take independent legal advice before you sign.
What an NDA can protect in a software context
In a software engagement, confidential information typically includes:
- Source code and repositories — proprietary code, algorithms and internal libraries.
- Architecture and design documents — system diagrams, database schemas, API specifications and technical white papers.
- Roadmap and product plans — upcoming features, release schedules and strategic direction.
- Business logic and workflows — the specific processes your software encodes that give you competitive advantage.
- Security credentials and infrastructure detail — environment configurations, cloud architecture and integration secrets discussed during development.
- Customer and usage data — information about how clients use your software, often visible during a development or integration engagement.
A well-drafted NDA names these categories explicitly. A vague definition that just says 'all business information' is harder to enforce than one that names source code, repository access, API documentation and system architecture specifically.
IP ownership: who owns code written under contract?
This is the most misunderstood point in tech NDAs. An NDA protects confidential information while it is being shared — it does not decide who owns the IP at the end.
Under UK law, the default rules are:
| Who writes the code | Who owns the IP by default |
|---|---|
| An employee, in the course of employment | The employer — automatically, under s.11 CDPA 1988 |
| A freelancer or contractor | The freelancer — it does not transfer without a written assignment |
| A development agency | The agency — unless the contract expressly says otherwise |
For clients commissioning software from a freelancer or agency, an NDA alone is not enough. You also need a written assignment of the IP in the deliverables, or a sufficiently broad licence. Without it, the developer retains the copyright and you have only an implied licence — the scope of which is a matter for a court to determine if you disagree.
The NDASafe Freelancer NDA includes an IP assignment clause that transfers ownership of project deliverables to the client while preserving the developer's background IP — the pre-existing tools, libraries and frameworks they bring to the work. That distinction matters: you do not want to accidentally claim ownership of open-source libraries or a developer's reusable utility functions.
If you commission software without an IP assignment clause, the freelancer or agency owns the code they write — even if it is fully paid for and built to your specification. An NDA does not fill this gap. Use a Freelancer NDA or services agreement that includes express assignment.
SaaS and API information sharing between companies
Two SaaS businesses integrating their platforms, or a company giving a vendor access to its API, typically creates a two-way flow of sensitive technical information. Each side may share API credentials, internal documentation, data schemas, rate limits and security architecture.
The right NDA shape depends on which way information is flowing:
| Scenario | Information flow | NDA to use |
|---|---|---|
| You share API documentation with a partner or customer | One-way — you disclose | One-Way NDA (disclosing party) |
| Full SaaS-to-SaaS integration (both sides share technical specs) | Both sides disclose | Mutual NDA |
| Tech partnership — roadmap, architecture and data sharing | Both sides disclose | Mutual NDA |
| Vendor assessment — vendor pitches their technical solution | Vendor discloses to you | One-Way NDA in the vendor's favour |
In practice most SaaS integration discussions become mutual disclosures quickly, even if the initial conversation was one-sided. Starting with a mutual NDA avoids the need to re-paper the arrangement once both sides are sharing back.
Software escrow and when it matters
Software escrow is an arrangement where a third-party agent holds a copy of source code and releases it to the licensee if the vendor ceases trading or fails to support the product. It is common in enterprise software deals where the customer has a critical dependency on software they do not own.
From an NDA perspective, escrow involves a deliberate disclosure to a third party. A well-drafted NDA for a software licensing or SaaS deal should address this explicitly:
- Permit the escrow deposit — the confidentiality clause must allow the vendor to lodge source code with the escrow agent.
- Bind the escrow agent — the agent should agree to hold the code on equivalent confidentiality terms.
- Define release conditions — the NDA should specify or cross-reference the triggers under which the agent may release the code to the licensee.
- Limit what the licensee may do with released code — typically internal use to maintain operations, not to compete, fork or redistribute.
If your software deal involves escrow, the Mutual NDA is a strong starting point — but you will also need a dedicated escrow agreement with the escrow agent. The NDA governs the initial disclosure; the escrow agreement governs what happens to the code thereafter. See the mutual vs one-way guide for the broader picture.
Mutual vs one-way NDA: which for tech?
The choice is about which way information is flowing, not about which side is larger or more cautious:
| Tech situation | NDA shape | Template |
|---|---|---|
| Agency pitch — agency shares methodology and credentials only | One-way (agency discloses) | One-Way NDA in the agency's favour; mutual if you also share your product |
| Tech partnership, API integration or joint development | Mutual — both sides share code, architecture and roadmap | Mutual NDA |
| Hiring a freelance developer | One-way in the client's favour — you share your codebase and business context | Freelancer NDA (handles IP assignment too) |
| Software acquisition or technical due diligence | Mutual — both parties share technical and financial detail | Mutual NDA |
| Sharing technical docs or a codebase with a customer | One-way — you disclose | One-Way NDA (disclosing) |
IR35 and freelancer NDAs: a note for tech clients
If you engage a freelance developer, the wording of the NDA you ask them to sign can affect your IR35 position. An NDA drafted in employment-style language — treating the contractor as 'staff', imposing unlimited personal-service obligations, or signing them to an employee NDA — is an unwanted signal in an outside-IR35 assessment.
Use a Freelancer NDA, not an employee NDA. It uses explicitly non-employment language, can contract with the freelancer's limited company rather than the individual, and handles IP cleanly. See the IR35 and freelancer NDAs guide for the full detail.
Which NDASafe template should I use?
| Your situation | Template to use |
|---|---|
| Hiring a freelance or contract developer | Freelancer NDA — IP assignment, IR35-aware language, handles individual or limited company |
| Tech partnership, SaaS integration or joint development | Mutual NDA — both parties protected, symmetric obligations |
| Sharing API documentation, architecture docs or a codebase | One-Way NDA (disclosing party) — you share, they receive |
| Countering an NDA the other side sent you | One-Way NDA (receiving party) — balanced UK-law counter-proposal |
The NDASafe Freelancer NDA and Mutual NDA cover the great majority of UK software and tech situations. Both are written for UK law and include IP provisions. £29 each or £79 for all eight, delivered as editable Word documents.