Compliance Assessment Tool 路 Trust & Legal

Mutual Non-Disclosure Agreement

Last updated: 2026-05-15 路 Classification: Public

Mutual Non-Disclosure Agreement 路 template v1.0 路 effective 2026-05-15. To execute, fill in the Recipient details and the parties' signature blocks, then both parties sign. We accept DocuSign / HelloSign / SignRequest / wet-ink-scan equivalents.

This Mutual Non-Disclosure Agreement (this "NDA") is entered into as of the Effective Date below between:

CAT and Recipient may each be referred to as a "Party" and together as the "Parties."

1. Purpose

The Parties wish to evaluate a potential business relationship under which CAT may provide its compliance-as-a-service platform to Recipient (the "Purpose"). In connection with the Purpose, each Party may disclose to the other certain non-public information.

2. Definition of Confidential Information

"Confidential Information" means any information disclosed by one Party (the "Discloser") to the other (the "Recipient" of that disclosure) that is identified as confidential at the time of disclosure or that, given its nature and the circumstances of disclosure, a reasonable person would understand to be confidential. Confidential Information includes, without limitation: security documentation (including CAT's Information Security Policy, Incident Response Plan, Business Continuity Plan, and pre-filled vendor questionnaires), executed third-party agreements (including the signed OpenAI Data Processing Addendum referenced at /legal/openai-dpa), contract templates and term sheets, product roadmap discussions, pricing, customer lists, source-code architecture, and any other non-public technical or business information.

Confidential Information does not include information that the Recipient can demonstrate: (a) was publicly known through no fault of the Recipient; (b) was already in the Recipient's possession without obligation of confidentiality before disclosure; (c) was independently developed by the Recipient without use of or reference to the Discloser's Confidential Information; or (d) was rightfully obtained from a third party not under a confidentiality obligation to the Discloser.

3. Use & protection

Recipient will (a) use Confidential Information solely for the Purpose; (b) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information of like kind, and in no event less than reasonable care; (c) restrict access to its employees, contractors, and professional advisors who have a need to know for the Purpose and who are bound by written confidentiality obligations no less protective than this NDA; and (d) not reverse engineer, decompile, or attempt to derive the underlying ideas of any software or product disclosed.

4. Compelled disclosure

If Recipient is legally compelled to disclose Confidential Information, it will, to the extent legally permitted, give the Discloser prompt written notice so the Discloser may seek a protective order. Recipient will disclose only the minimum necessary to comply with the legal requirement.

5. No grant of rights

No license or other right in any Confidential Information is granted by this NDA, express or implied. All Confidential Information remains the property of the Discloser.

5a. Residuals

Notwithstanding anything to the contrary, either Party may use Residuals (general knowledge, skills, ideas, concepts, know-how, or techniques retained in the unaided memory of an individual who has had authorized access to the other Party's Confidential Information) for any purpose, provided that this Section does not grant any license under either Party's patents or copyrights, and does not authorize use of any specific trade secret, written Confidential Information, or personal data of any data subject.

6. Term & return

This NDA is effective on the Effective Date and continues for two (2) years thereafter. Confidentiality obligations survive termination and continue for three (3) years after termination, except that obligations regarding trade secrets continue for as long as they remain trade secrets under applicable law. On the Discloser's written request, the Recipient will return or destroy Confidential Information within thirty (30) days, except that Recipient may retain copies as required by law or its routine backup procedures (which copies remain subject to this NDA).

7. No obligation

Nothing in this NDA obligates either Party to enter into any further agreement or transaction. Either Party may at any time decline to proceed with the Purpose without liability.

8. Remedies

The Parties acknowledge that money damages may be inadequate for a breach of this NDA and the non-breaching Party is entitled to seek equitable relief in addition to any other remedies available at law or in equity.

9. Governing law & disputes

This NDA is governed by the laws of the State of Delaware, without regard to conflict-of-laws rules. The Parties consent to exclusive jurisdiction in the state and federal courts located in Wilmington, Delaware.

10. Authority & representations

Each signatory represents and warrants that (a) it has the authority to bind the Party it represents to this NDA, (b) execution and performance of this NDA do not conflict with any other agreement or law, and (c) no consent from any third party is required.

11. Compelled processing of personal data

If Confidential Information includes personal data subject to GDPR, UK GDPR, CCPA, or similar laws, the Recipient will (i) process it only to evaluate the Purpose, (ii) implement reasonable technical and organizational measures to protect it, and (iii) on completion of the Purpose, securely destroy or return it. This NDA is not a Data Processing Agreement; the Parties will execute a separate DPA before any production processing.

12. Electronic signatures & counterparts

This NDA may be executed in counterparts and by electronic signature (DocuSign, HelloSign / Dropbox Sign, Adobe Sign, or equivalent) or by a click-through acceptance at /legal/access. Each counterpart and electronic record is an original.

13. General

This NDA is the entire agreement between the Parties on its subject matter and supersedes any prior understandings. Modifications must be in writing (electronic acceptable) and signed by both Parties. Neither Party may assign this NDA without the other's written consent, except in connection with a merger, acquisition, or sale of all or substantially all assets. If any provision is held unenforceable, the rest remains in effect; the unenforceable provision will be modified to the minimum extent necessary to make it enforceable. Failure or delay in enforcing a right is not a waiver. This NDA does not create any rights for any person other than the Parties.


IN WITNESS WHEREOF, the Parties have executed this NDA as of the Effective Date.

Compliance Assessment Tool, LLC

By: __________________________
Name: Chris Larson
Title: Founder
Date: __________
[Recipient Legal Name]

By: __________________________
Name: __________________________
Title: __________________________
Date: __________

Quick electronic acceptance

For exploratory conversations where a full wet-ink NDA is overkill, we accept a click-through acceptance of the same terms at /legal/access. The click-through is logged with the accepter's name, email, company, and timestamp, and is sufficient to unlock our confidential documents bundle for review purposes.