Virtual assistants regularly have access to information that, if disclosed, could damage your business: client lists, financial data, proprietary processes, pricing structures, unreleased product information, and personal data of clients and customers. A confidentiality agreement — also called a Non-Disclosure Agreement (NDA) — is the legal protection that defines what information must be kept confidential, how it can be used, and what happens if that obligation is breached. For any VA relationship involving sensitive information, this agreement is non-negotiable.
What a VA Confidentiality Agreement Protects
A well-drafted confidentiality agreement with a VA typically protects:
Business information:
- Client and customer lists
- Financial statements and performance data
- Pricing structures and profit margins
- Business strategies and plans
- Proprietary systems, processes, and methods
- Marketing strategies and campaign data
- Vendor relationships and contract terms
Client/customer information:
- Personal identifying information (names, addresses, contact information)
- Financial information (account details, transaction history)
- Medical or health information
- Any other information provided to you in confidence by your clients
Intellectual property:
- Trade secrets
- Unpublished content
- Software, code, and technical documentation
- Product designs and specifications
The Essential Elements of a VA NDA
1. Definition of Confidential Information
The agreement should clearly define what constitutes "Confidential Information." A broad definition is better than a narrow one:
"Confidential Information includes any and all information disclosed by the Company to the Contractor, whether orally, in writing, or in any other form, including but not limited to: business plans, financial data, client and customer information, pricing, marketing strategies, technology, and any other information designated as confidential or that a reasonable person would understand to be confidential given the nature of the disclosure."
2. Exclusions from Confidentiality
Standard agreements carve out information that the VA already knew, information that becomes publicly known through no fault of the VA, or information received from a third party without confidentiality obligation.
3. Obligations of the Receiving Party
The VA agrees to:
- Keep confidential information secret
- Not disclose it to third parties without written permission
- Use it only for the purpose of performing their services
- Take reasonable precautions to protect its secrecy
4. Duration of Confidentiality
How long must the VA keep information confidential? Common approaches:
- During and for [X] years after the engagement — a specific time limit (typically 2–5 years) after the contract ends
- Indefinitely for trade secrets — trade secrets often warrant perpetual protection
- During the engagement only — less protective but acceptable for lower-sensitivity information
5. Return or Destruction of Information
Upon termination, the VA should be required to:
- Return any company property or materials
- Delete all confidential information from their devices
- Certify in writing that this has been done (for high-sensitivity arrangements)
6. Remedies for Breach
Include a provision acknowledging that breach would cause irreparable harm and that you may seek injunctive relief (a court order) in addition to damages. This provision makes injunctions easier to obtain in an actual breach situation.
7. Non-Solicitation (Optional but Recommended)
Consider adding a non-solicitation provision that prevents the VA from directly soliciting your clients during and for a period after the engagement. This is distinct from a non-compete and is generally more enforceable.
Sample Language for Key Provisions
Confidentiality Obligation
"Contractor agrees to hold all Confidential Information in strict confidence and not to disclose Confidential Information to any third party without the prior written consent of Company. Contractor agrees to use Confidential Information solely for the purpose of performing services under this Agreement."
Work Product Ownership
"All work product, deliverables, materials, and intellectual property created by Contractor in connection with the services performed under this Agreement shall be considered works made for hire and shall be owned solely by Company. To the extent any such work product is not considered a work made for hire, Contractor hereby irrevocably assigns all right, title, and interest in such work product to Company."
Non-Solicitation
"During the term of this Agreement and for a period of twelve (12) months following its termination, Contractor agrees not to directly solicit any client or customer of Company whom Contractor became aware of through the performance of services hereunder."
Practical Implementation Tips
Get It Signed Before Access, Not After
The NDA should be signed before your VA receives access to any confidential information. Don't allow access first and then try to get a signature afterward — this weakens the agreement's protection.
Use an E-Signature Platform
DocuSign, HelloSign (now Dropbox Sign), or PandaDoc make it easy to get remote signatures quickly and maintain audit trails. Emailing a PDF for return signature is slower and creates less documentation.
Include the NDA in Your Standard Contractor Agreement
Rather than having a separate NDA, most advisors recommend including confidentiality provisions within your master contractor services agreement. This consolidates the legal relationship into a single document.
Keep Signed Copies Filed
Maintain signed copies of all contractor agreements with NDAs in a secure location. If you ever need to enforce the agreement, you'll need proof of execution.
Review Periodically
If your business grows and the nature of confidential information changes significantly, update your template. A confidentiality agreement that made sense when you had 5 clients may need updating when you have 500.
International Considerations
NDA enforceability varies by jurisdiction. For VAs in the Philippines, India, or Latin America, your NDA under US law is enforceable in US courts against US-based parties, but enforcing against an individual VA located abroad through local courts is often impractical. The primary value of the NDA for international VAs is behavioral — it creates a clear understanding of obligations and signals professionalism.
For more on legal considerations when working with international VAs, see our article on managing virtual assistants in different countries.
When to Involve an Attorney
For most standard VA relationships, a well-drafted template NDA is sufficient. Consider engaging an attorney when:
- Your VA will have access to highly sensitive trade secrets or proprietary technology
- You operate in a regulated industry (healthcare, financial services, legal)
- You have previously experienced confidential information breaches
- The VA will have access to personal data subject to specific regulations (HIPAA, GDPR)
Ready to Hire?
Protecting your business information is a basic responsibility of any business owner. Ready to hire a virtual assistant? Virtual Assistant VA connects you with trained, professional VAs who understand and respect confidentiality obligations — and supports you with the framework to protect your business information properly from day one.