Alexis Palmer, Senior Managing Counsel at Snyk, spends most of her week on the other side’s paper. The NDA is the highest-volume agreement that crosses her desk, the kind of review a lean team runs a hundred times a quarter. When a colleague asked how she had freed up so much of her week, Palmer pointed to what changed once the routine review stopped eating her time:
“I don’t use that time to do more NDAs, I use it for higher-level work or things I find more interesting.”
What bought back her week was a written NDA review playbook: a set of standard positions an in-house counsel applies to every non-disclosure agreement, run with the same legal AI prompt each time, so the work moves faster and lands the same way no matter who on the team picks it up. A checklist tells you what to look at. A playbook goes one step further: it tells you the position to take on each thing you find, where your fallback sits, and where you walk away.
That structure is what makes the review shareable. Palmer built saved positions so the work survives her calendar:
“Having saved prompts means anyone on my team can run the same review I would. If I’m on PTO, I know they’ll get a similar result and apply their own judgment from there.”
Below is a complete, copy-ready NDA review playbook for in-house teams: how to triage the agreement, the decision that frames everything, the clauses that carry the risk, and your preferred, fallback, and walk-away position on each one.
What an NDA Review Playbook Is
An NDA review playbook is a written set of standard positions an in-house legal team takes on every non-disclosure agreement, organized clause by clause so each reviewer applies the same line. For each clause, the playbook records three positions: the preferred language you ask for first, the fallback you can live with to keep a deal moving, and the walk-away that triggers senior sign-off or a hard no.
Those three positions are what separate a playbook from a checklist. A checklist surfaces the clause; the playbook decides it. The payoff shows up on volume. NDAs are the most repeated agreement in-house teams handle, so encoding the positions once lets a junior reviewer, a legal-ops manager, or a sales operations lead run the first pass and escalate only the terms that earn a second look.
A working NDA playbook covers four things:
Triage: mutual or one-way, your paper or theirs, and what the deal involves
The clauses that carry the risk, each with a preferred, fallback, and walk-away position
The red flags that show up on a counterparty’s template
The escalation rule that says which terms a reviewer can clear alone
Before You Redline: Triage the NDA
Decide how hard to look before you start reading. Most NDAs are low-risk and belong on the fast path; a few carry real exposure and deserve a careful pass. Three questions set the depth.
Mutual or one-way? A mutual NDA binds both sides; a one-way (unilateral) NDA binds only the receiving party. Match the obligations to the direction the information moves before anything else.
Your paper or theirs? On your template, you are confirming your standard terms held. On the counterparty’s template, the work shifts to catching the terms they wrote in their favor.
What is the deal? A mutual NDA to explore a vendor relationship is a five-minute review. An NDA wrapped around a data-sharing arrangement, a potential acquisition, or access to source code carries the kind of confidential information that justifies real scrutiny.
Set a review depth and a turnaround from those answers, then run the playbook below.
Start With the Decision That Frames Everything: Mutual or One-Way
Whether the NDA is mutual or one-way changes how every other clause reads, so settle it first. The rule is simple: the obligations should match the direction the information moves.
If both sides will exchange confidential information, push for a mutual NDA. A mutual agreement gives you symmetric protection and, in practice, speeds negotiation, because the counterparty has to live under the same terms it proposes. If information moves in one direction only, a one-way NDA is appropriate, with the receiving party carrying the obligations.
The trap is a one-way NDA on the counterparty’s paper that puts the obligations on you while information flows both ways. When that happens, the fastest fix is to ask for the mutual version of the same document rather than redlining a lopsided one clause by clause.
The NDA Review Playbook, Clause by Clause
This is the core of the playbook: the clauses that decide who is protected, for how long, and what happens on a breach. The table sets your three positions on each one. The sections below it carry the reasoning and the drafting traps the table cannot.
Clause | Preferred | Fallback | Walk-Away |
|---|---|---|---|
Definition of Confidential Information | Information marked confidential, or that a reasonable person would treat as confidential, tied to the purpose | All non-public information disclosed, with the standard exclusions intact | “Any and all information” with no exclusions and no purpose limit |
Purpose and Permitted Use | Use limited to the specific transaction or relationship named | Use limited to the business relationship between the parties | No purpose limit, or a license to use your information in the counterparty’s own products |
Standard Exclusions | All four: already known, independently developed, publicly available, rightfully received from a third party | The four exclusions with a reasonable documentation standard | Missing exclusions, or an impossible burden to prove them |
Term of the Obligation | 2 to 5 years for commercial information; indefinite for trade secrets | A fixed term of 3 to 5 years across the board | A perpetual obligation on all information, or a term that expires before the information loses value |
Required Disclosure | Permitted when legally compelled, with prompt notice and cooperation to seek protection | Permitted when compelled, with notice where lawful | No carve-out for legally compelled disclosure |
Return or Destroy | Return or destroy on request, with a carve-out for one archival copy and routine backups under continuing confidentiality | Return or destroy on termination, archival carve-out intact | Certified destruction of all copies, including backups, on short notice |
Residuals | No residuals clause | Residuals limited to unaided memory, excluding trade secrets and deliberate memorization | A broad residuals clause covering anything the counterparty’s people remember |
Remedies | Injunctive relief without a bond, actual damages, each side bearing its own fees | Injunctive relief plus actual damages | Liquidated or punitive damages, or one-sided fee-shifting |
Governing Law and Jurisdiction | Your home state’s law and courts | A neutral jurisdiction with developed trade-secret law | A forum with no connection to either party or hostile to enforcement |
Here is the table in motion on the clause counterparties fight over most. Say their NDA defines confidential information as everything disclosed, with no limit. Your preferred position asks to cover information that is marked or that a reasonable person would treat as confidential. Your fallback accepts all non-public information disclosed, provided the four exclusions stay in. You walk away if they strip the exclusions out. Three positions, one clause, settled before you reach the negotiation.
To see the same move on a live agreement, watch a GC AI solutions lead run a Playbook end to end, sorting each clause into a pass, a fallback, or a flag:
Definition, Purpose, and Exclusions
The definition of confidential information is where most NDA risk is won or lost. A definition that reaches “any and all information” sounds protective and is hard to enforce, because a court cannot tell what was meant to be secret. Tie the definition to information that is marked, or that a reasonable person would treat as confidential, and to the purpose the parties named. The Defend Trade Secrets Act gives separate protection to genuine trade secrets, so a tight definition loses you nothing.
The purpose clause carries weight: it caps what the receiving party may do with your information. “Solely to evaluate the potential transaction” keeps the counterparty from folding your data into its own product roadmap. Pin down who may see the information, too: limit access to employees and advisors with a need to know, each bound by confidentiality terms at least as strict as the NDA’s. The four standard exclusions, information already known, independently developed, publicly available, or rightfully received from a third party, are what keep the obligation reasonable. An NDA missing them asks the receiving party to treat public facts as secrets.
Term and Return
Two clocks run in an NDA, and they are easy to confuse. The term of the agreement is how long new disclosures get covered; the term of the obligation, sometimes called the survival period, is how long confidentiality lasts after disclosure. For ordinary commercial information, a two-to-five-year obligation is market. Trade secrets are the exception: they keep their protection as long as they stay secret, so the playbook keeps an indefinite obligation for trade secrets even as the fixed term runs out on everything else.
On return or destroy, the practical fallback is a carve-out. Modern teams cannot purge every backup tape on demand, so ask to retain one archival copy and routine system backups under continuing confidentiality. A clause demanding certified destruction of all copies, backups included, on short notice is one most companies cannot sign in good faith.
Residuals, the Clause to Read Twice
The residuals clause is the one most likely to slip through. It lets the receiving party use information its employees retain in their unaided memory, which sounds harmless and can swallow the entire agreement. The playbook position is to strike it. Where a counterparty insists, the fallback is a narrow version: unaided memory only, with trade secrets and any deliberate memorization carved out. A residuals clause that covers anything a person remembers gives back most of what the NDA was meant to protect.
Remedies and Governing Law
Confidential information, once disclosed, cannot be recalled, so injunctive relief belongs in every NDA: the right to ask a court to stop a breach before the damage spreads. Preferred language makes that relief available without posting a bond. Watch the damages provision for liquidated or punitive figures, which read as penalties and invite their own fights; actual damages plus injunctive relief is the cleaner position. For governing law, your home state is the default. A neutral, predictable jurisdiction with developed trade-secret law is a reasonable fallback, and a forum with no connection to either party is a flag.
NDA Red Flags on the Counterparty’s Paper
When you are reviewing the other side’s template, scan for the patterns that move risk onto you. These show up often enough to belong in every reviewer’s head.
A hidden restrictive covenant. Non-compete, non-solicit, or exclusivity language buried inside an NDA. These belong in their own negotiated agreement, and some are unenforceable where they sit. California voids most non-competes outright, so a non-compete smuggled into an NDA with a California nexus is both a red flag and a tell about the counterparty’s drafting.
Asymmetric affiliate coverage. Their affiliates get the protection; your affiliates carry the obligations. The coverage should run both ways.
A perpetual term on all information. Reasonable for trade secrets, overreaching for everything else.
A one-sided indemnity or fee-shifting clause that only bites one party.
IP assignment language. An NDA’s job is to protect information. Feedback or improvements language that hands the counterparty rights to your ideas belongs in a different agreement.
A missing exclusions section, which turns the definition of confidential information into a trap.
Tiffany Lee, General Counsel and Corporate Secretary at Liquid Death, uses GC AI to push the playbook out to the team that signs the most NDAs:
“I’ll ask it to create a short training on NDAs for sales, theme it like a candy shop or a jungle adventure. People reference those trainings later, and GC AI helps me build them quickly.”
The point of catching these on the counterparty’s paper is that the hardest issue to spot is the clause that should be there and is missing. A written playbook is what surfaces the gap, because it tells the reviewer what to expect before they open the document.
The Downloadable NDA Playbook Template
The fastest way to use this playbook is to copy the table and the positions above into a working template your team runs on every NDA. A good template does three things a memory of the rules cannot: it standardizes what each position means across reviewers, it gives a junior teammate or a sales-ops partner a structured first pass, and it sets the escalation rule that decides which terms reach a senior lawyer.
That escalation rule is the workhorse. Define which positions a reviewer can clear alone (a mutual NDA on your paper with the standard exclusions), which need a second look (a perpetual term, a residuals clause, anything on the walk-away column), and who signs off when a deal needs an exception. Encode it once, and the routine NDA clears in minutes while the unusual one still gets the judgment it needs.
How GC AI Runs Your NDA Review Playbook
A legal AI platform built for in-house counsel turns the playbook from a document you remember to open into a review that runs on every NDA the same way. GC AI includes a pre-built NDA playbook and lets teams encode their own.
GC AI’s CEO and co-founder, Cecilia Ziniti, was a general counsel three times (Anki, Bloomtech, and Replit), and an in-house counsel at Amazon and Cruise. Ziniti built GC AI to solve the problems she encountered firsthand as an in-house lawyer, and the NDA is the canonical one: the review every lean team wants off its desk and run consistently.
With Playbooks, GC AI’s rules-based review surface, the platform applies your standard positions to each NDA, with pre-built playbooks for NDAs, DPAs, and MSAs, plus Easy Playbooks to encode your own preferred, fallback, and walk-away language.
Exact Quote ties every flag to the precise language in the source agreement with character-level citation, so a reviewer can trace a residuals flag or a missing-exclusions gap back to the exact language that triggered it.
Because GC AI for Word runs inside Microsoft Word, the redline, the issue spotting, and the drafted replacement clause happen where the NDA already lives.
The reliability question matters for legal work, and GC AI publishes its own evidence. On the In-House Legal Bench, GC AI’s May 2026 evaluation across 100 in-house tasks with more than 1,200 attorney-developed criteria, the results were:
GC AI: 86.8%
ChatGPT: 79.8%
Claude: 68.4%
Gemini: 57.5%
On security, GC AI is SOC 2 Type II and SOC 3 certified, GDPR compliant, with zero data retention agreements with OpenAI and Anthropic, and AES-256 encryption. More than 1,800 legal teams across 53 countries use GC AI as of June 2026, including the legal teams at Columbia Sportswear, Jasper, Arc’teryx, Eventbrite, Trust and Will, and Tipalti, plus 80 or more public companies.
For the broader review process around the NDA, the contract review checklist for in-house teams covers the seven stages that apply to any agreement, and the guide to AI contract review for in-house counsel covers the wider category.
For specific agreement types, see the SaaS agreement checklist and the vendor agreement review workflow.
The Best AI for Reviewing NDAs and MSAs In-House
A playbook only compounds when something runs it on every agreement that crosses the desk, so the buying question follows fast: which AI should review your NDAs and MSAs? Sort the field by what each tool is built around.
GC AI is built around the full in-house week. It ships pre-built playbooks for NDAs, MSAs, and DPAs, encodes your own preferred, fallback, and walk-away positions through Easy Playbooks, ties every flag to the source language with Exact Quote, and redlines inside Microsoft Word, with research, drafting, and matter memory in the same workspace. Published pricing and a 14-day trial mean a team can start a pilot the same day.
Ivo is built around contract intelligence for enterprise legal teams: redlining in Microsoft Word and Google Docs, with benchmarking against your prior negotiated agreements. Pricing is demo-gated, with no free trial, as of June 2026.
LegalOn is built around ready-made review, with attorney-authored playbooks out of the box, an advantage for a team that has no written positions yet. Plans are quote-led as of July 2026.
Ironclad is built around the contract lifecycle. Its Jurist AI reviews against playbooks as one stage of intake, approvals, signatures, and a repository, which makes it a CLM purchase with review included.
Spellbook is built around drafting: a copilot for individual lawyers negotiating on their own paper in Word.
Luminance is built around portfolio scale: contract analysis and negotiation automation for large enterprises with international volume.
Whichever names make your shortlist, run the same pilot. Pull ten live agreements from your queue, five third-party NDAs and five MSAs, and give each finalist this playbook with your positions filled in. Blind-score the redlines on missed issues, unnecessary edits, accuracy of the replacement language, and minutes of lawyer cleanup. Buy the tool whose redline needs the least correction; a long list of flags is easy to generate, and a redline you can send is the test.
A general-purpose chatbot is the wrong primary reviewer for this work, whatever the model underneath. What separates the tools above is whether the system applies your playbook the same way on the hundredth NDA as on the first, preserves Word formatting, produces tracked changes a lawyer can audit, and cites the language behind each flag. The In-House Legal Bench scores above measure GC AI against general-purpose AI; the contract-review tools named here were not part of that benchmark. Human review stays the final sign-off in every setup.
The three-position method also carries past the NDA. An MSA playbook runs the same way with a longer clause list: limitation of liability, indemnification, IP ownership, payment terms, and termination each take a preferred, fallback, and walk-away position. GC AI ships a pre-built MSA playbook alongside the NDA one, and the guide to AI for MSA review covers that agreement clause by clause.
Start With Your Next NDA
The best way to test an NDA review playbook is to run it on the next agreement in your queue. Take the NDA you would have reviewed by hand, run it against your preferred, fallback, and walk-away positions, and watch a structured pass clear it in a fraction of the time.
The AI contract redlining software carries your standard markup into Word automatically, and the broader guide to in-house counsel AI software covers what to buy first.
Teams that adopt GC AI reclaim an average of 14 hours per person per week, according to GC AI’s December 2025 ROI study of more than 100 active customers. With nearly half of corporate legal budgets going to outside counsel per ACC benchmarking, faster in-house NDA review is where lean teams reclaim both hours and budget. You can also learn the underlying technique in GC AI’s free legal AI classes taught by former general counsels, including Building Playbooks in GC AI and Using Playbooks in GC AI, which walk through encoding the preferred, fallback, and walk-away positions your whole team can reuse.








