<!-- Source: https://melinasecurity.com/knowledge/faq/nda-before-scoping/  License: CC BY 4.0 with attribution to Melina Security  Last-updated: 2026-06-12 -->

# Do we need an NDA before discussing scope with you?

**slug:** `faq-nda-before-scoping` · **URL:** `/knowledge/faq/nda-before-scoping/` · **reviewer:** Tatiana

### Short answer

We default to working under a mutual NDA from the first scoping call. If your team has a standard NDA template, we sign yours. If you don't have one, we provide our standard mutual NDA. There is no charge for scoping discussions or for the NDA review.

### What our standard NDA covers

Our standard mutual NDA covers technical, business, and personnel information shared during scoping discussions, engagement execution, and post-engagement support. It is mutual: protections apply equally to both parties. It includes:

- Confidentiality term: 5 years from disclosure for general technical and business information; perpetual for trade secrets clearly marked as such
- Permitted disclosure: to professional advisors (legal, accounting) under their own confidentiality obligations
- Return-or-destroy obligations at engagement end
- No grant of intellectual-property licenses through information sharing
- Jurisdiction: Hong Kong arbitration is our default; we adapt to client preference where required by client jurisdiction

We sign client-template NDAs without modification in the great majority of cases. Where a client template includes terms that conflict with our professional obligations (mandatory reporting, technical-finding ownership transfer, perpetual unilateral confidentiality without reciprocity), we discuss those specific clauses before signing.

### The case for moving fast on the NDA

A signed NDA in place before the first technical conversation lets the client share the actual system architecture, source-code layout, and incident history that drive accurate scoping. Scoping engagements that operate under "let's be vague until the contract" tend to under-scope the actual technical surface, which produces engagement-execution friction that benefits no one.

### Related

- [Rules of Engagement](/trust/rules-of-engagement/)
- [Security & Data Handling](/trust/security-data-handling/)
- [Engagement models — overview](/engagement-models/)

---

End of faq-batch-3/article.md (5 FAQ pages).