Confidentiality
Agreement.Signed at the start of any engagement that touches sensitive information — which is most of them. Covers what counts as confidential, how long the obligation survives the engagement, and the carve-outs for already-public, already-known, or independently-developed information.
The information-handling baseline for every engagement.
Two parties.
One symmetricobligation.
The agreement binds Bespoke Business Development and the Client named in the Master Services Agreement to the same standard. There is no asymmetry — the firm and the client owe each other the same level of care over the other's confidential information.
- Disclosing Party
- Whoever shares the informationEither party. In practice, both parties disclose during an engagement.
- Receiving Party
- Whoever receives itEither party. Same standard of care regardless of which side received it.
- Affiliates & Personnel
- Bound through the receiving partyThe receiving party is responsible for binding its own people to the same terms.
The definition,
plainlystated.
Confidential Information is anything one party shares with the other in connection with the engagement that a reasonable person would treat as confidential — whether or not it is marked "confidential," and whether or not it was shared in writing. The marking helps; the substance controls.
- Business information
- Plans, strategies, financialsOperating plans, growth targets, financial figures, customer lists, pipeline data.
- Technical information
- IP, code, designs, methodologyPre-existing IP, source code, design files, internal frameworks, methodology.
- Personnel information
- Team data, compensationOrg structures, compensation bands, performance information, hiring plans.
- Engagement work product
- Drafts, decisions, deliverablesWork-in-progress, recommendations under discussion, decisions made and not made.
- Third-party data
- Where carried in trustPersonal data, supplier terms, customer details disclosed under the discloser's own NDAs.
- Anything reasonable
- The substance, not the markingIf a reasonable person would treat it as confidential, it is — marked or not.
What the
receiving partymust do.
Four obligations attach to confidential information once received. They run from disclosure through three years after the engagement closes; trade secrets stay bound until they lawfully enter the public domain through no fault of the receiving party.
Treat the information at least as well as you treat your own confidential information of similar sensitivity.
Reasonable care. No public disclosure. No casual mention to people outside the engagement. The standard is "as you would treat your own," with a floor of reasonable industry practice. Whichever is higher.
Confidential information is used to deliver the engagement — for nothing else.
Not for competitive intelligence on the discloser's competitors. Not for training third-party AI systems. Not for portfolio or marketing use beyond the carve-outs in the MSA. The purpose constraint is bright-line.
Inside the receiving party, share only with the people who need it to do the work.
People who need access include engagement staff, named subcontractors under the Contractor Agreement, and external counsel under professional duty. People who do not need access do not get it. Each person granted access is bound to the same terms.
Reasonable technical and organizational measures.
Encryption in transit and at rest. Access controls with MFA. Audit logs. Vendor review for sub-processors. Incident response with 72-hour notification when something does go wrong. The standard is reasonable, not perfect.
When confidential
information maybe shared further.
Three circumstances permit disclosure beyond the engagement team. In each case, the receiving party is responsible for binding the onward recipient to the same standard and notifying the discloser where notification is permitted.
Engagement personnel & advisors
Employees, named subcontractors, and external counsel who need access to deliver the engagement. Each is bound to confidentiality through their own agreement with the receiving party.
Compelled disclosure
By court order, subpoena, or regulator with proper authority. Where legally permitted, the receiving party notifies the discloser promptly so the discloser may seek a protective order or quash motion.
With written consent
The discloser may consent in writing to a specific further disclosure — to a journalist, to an analyst, to a co-marketing partner. Consent is specific to the disclosure described; it does not generalize.
Information
that isnever bound.
Four categories of information are excluded from the definition of Confidential Information from the start — not by negotiation, but by their nature. The burden of proving the carve-out applies sits with the receiving party.
- Already public
- Without breachInformation already in the public domain through no act or omission of the receiving party.
- Already known
- Demonstrable prior knowledgeInformation the receiving party already had, demonstrable by contemporaneous records.
- Independently developed
- Without referenceInformation independently developed without reference to the disclosed information, demonstrable.
- Rightfully received
- From a third party without obligationInformation received from a third party who had the right to disclose without a confidentiality obligation.
How long
the obligationlives.
Three years from the close of the engagement, with trade secrets held in confidence for as long as they qualify as trade secrets under applicable law. The obligation survives termination of the MSA, expiry of the SOW, and the closing of the engagement.
- Standard term
- 3 years post-engagementFrom the engagement close date as recorded in the firm's records.
- Trade secrets
- IndefiniteUntil they lawfully enter the public domain through no fault of the receiving party.
- Personal data
- Per applicable lawGDPR, CCPA, and equivalents may impose longer obligations on personal data. Privacy Policy controls.
What happens
to the dataafter close.
On the close of the engagement, the receiving party either returns the discloser's confidential information or destroys it — at the discloser's option. Working copies in backups that cannot be selectively deleted remain bound by Clause 03 until the backup cycle erases them naturally.
Within 30 days of the discloser's written request, the receiving party returns or destroys.
Method specified by the discloser: secure transfer, certified destruction, or a hybrid. The receiving party provides a written confirmation of completion. Backups are bound until they expire naturally on the published backup-retention cycle.
Engagement records may be retained for the firm's record-keeping windows.
The firm may retain copies of engagement records under its standard 7-year window for tax and professional records. Those copies remain bound by this agreement; they are not used for any purpose other than record-keeping and lawful compulsion.
What happens
if the agreementis broken.
A breach of confidentiality may cause harm that money damages alone cannot remedy. The agreement therefore allows the non-breaching party to seek equitable relief — typically an injunction — in addition to monetary damages, without proving the inadequacy of money damages.
- Equitable relief
- Available without proving inadequacyInjunctions, specific performance, court-ordered destruction.
- Monetary damages
- Subject to MSA capPer the cap in the MSA (typically 12-month fees), unless gross negligence or willful misconduct.
- Carve-outs from cap
- Willful, fraudulent, grossGross negligence, willful misconduct, fraud — uncapped, fully recoverable.
The standard
clausesat the foot.
Governing law, venue, amendment, assignment, severability, integration, notices. The provisions below are mutual; deviations apply only where the MSA explicitly substitutes them.
- Governing Law
- State of FloridaWithout regard to conflict of laws. International overlays per MSA.
- Venue
- Miami-Dade CountyOr per the MSA. Disputes route through the Legal Dept's Dispute Resolution chapter.
- Amendment
- Writing & signatureBoth parties must sign. Verbal amendments do not bind.
- Assignment
- Written consentNeither party may assign without the other's written consent.
- Severability
- StandardInvalid provisions are severed; remainder stays in force.
- Integration
- Entire agreement clauseSupersedes prior verbal or written understandings on the same subject.
Request the
ConfidentialityAgreement.
Fill in the form below to request a signed copy of the firm's standard Confidentiality Agreement. The Legal Department reviews submissions in the order received; an executable PDF will be sent to the email you provide within two business days, with any engagement-specific amendments noted in a cover email.
Submissions are reviewed by Legal in the order received.
Standard turnaround is two business days. Engagement-specific amendments (jurisdiction overlays, scope-of-information adjustments, defined-term substitutions) extend the window by 1–3 additional business days while Legal drafts the amended clause set. Submissions are bound by the Privacy Policy.
Questions before
or aftersigning.
Questions about the wording, requests for engagement-specific amendments, and disputes route to legal@bespoke-business.com. Operational questions — getting a signed copy, scheduling a signing call, coordinating witnesses — route to the same inbox; the routing happens on the firm's side.
Legal & engagementrouting.
Wording questions, amendments, disputes, requests for prior versions. Acknowledged within 48 hours; substantive replies within 5 business days.
legal@bespoke-business.com →- NDA
- NDA Template →Pre-engagement NDA · narrower scope
- Terms
- Terms of Service →Commercial terms · pairs with CA
- Privacy
- Privacy Policy →Personal-data handling
- Sales
- Free ConsultationTo begin the engagement
Signed before
the workstarts.
The Confidentiality Agreement is the baseline signed at the start of every engagement that touches sensitive information. Engagement-specific amendments — jurisdiction, scope, defined terms — are handled in the cover email when the signed PDF arrives.