Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
If you’re building a startup or running a small business, you’ll almost certainly share valuable information with someone outside your core team at some point.
Maybe it’s a contractor helping you build your product, a supplier quoting on a new component, a freelancer working on marketing, or a potential investor asking to see your numbers.
That’s where adding a confidentiality statement can feel like the easiest solution: add a few lines at the bottom of an email, paste something into a proposal, and hope it “protects” what you’re sharing.
But here’s the catch: a confidentiality statement can help set expectations, but it’s not always enough on its own. If you want real protection, you need to understand when a confidentiality statement works, when it doesn’t, and what to include so it actually supports your business.
This guide breaks it down in plain English, with a practical approach for Australian startups and small businesses.
What Is A Confidentiality Statement (And Is It Legally Binding In Australia)?
A confidentiality statement is a short clause or notice that says information being shared is confidential and shouldn’t be used or disclosed without permission.
You’ll usually see a confidentiality statement:
- at the bottom of an email (email disclaimer style)
- on a quote, proposal, or pitch deck
- in a slide footer during a presentation
- on internal documents (like strategy documents or customer lists)
In Australia, whether a confidentiality statement is legally binding depends on context.
Many confidentiality statements are not drafted as a full contract. That means they might not tick all the boxes that typically make an agreement enforceable (like clear offer and acceptance, consideration, and certainty). If you’re curious about what generally makes an agreement enforceable, it’s worth understanding what makes a contract legally binding.
That doesn’t mean a confidentiality statement is useless. It can still be valuable because it:
- puts the recipient on notice that the information is confidential
- helps demonstrate your intent to keep information confidential (which can matter in disputes)
- supports broader confidentiality obligations in an existing agreement
- reduces “I didn’t realise it was confidential” arguments later
However, if you’re sharing sensitive information that could damage your business if leaked, you’ll usually want a proper Non-Disclosure Agreement (NDA) rather than relying on an email footer alone.
When Should You Use A Confidentiality Statement Vs An NDA?
Think of a confidentiality statement as a “lightweight” tool. It’s quick to use and can set the tone. An NDA is the “heavyweight” tool: it’s designed to be enforceable and tailored to the situation.
When A Confidentiality Statement Is Often Enough
A confidentiality statement may be appropriate where:
- you’re sharing low-to-medium sensitivity information (for example, a high-level overview of your services)
- there’s an existing contract in place that already includes confidentiality terms
- you’re communicating with customers and want to reinforce that your internal methods, templates, or pricing logic aren’t for redistribution
- you want an extra layer of deterrence in routine communications
For example, if you have a signed services agreement with a contractor that includes confidentiality clauses, adding a confidentiality statement to emails can reinforce the expectation without needing a new agreement each time.
When You Should Use An NDA Instead (Or As Well)
You should strongly consider an NDA when:
- you’re sharing product roadmaps, source code, technical documentation, or trade secrets
- you’re disclosing pricing models, margins, supplier terms, or financial projections
- you’re discussing partnerships, joint ventures, or acquisition opportunities
- you’re pitching to someone who might also be a competitor (even indirectly)
- you need clear remedies if information is misused (for example, contractual rights that may support steps like seeking an injunction or claiming loss, depending on the circumstances)
If you’re at the stage of sharing sensitive information to secure funding, you’ll likely also want your broader company foundations in good shape (for example, having a clear Shareholders Agreement if you have co-founders, or a suitable Company Constitution if you’re operating as a company).
As a practical rule: if you would lose money, customers, or competitive advantage if the information got out, treat it as NDA-level.
What To Include In A Confidentiality Statement (Checklist For Small Businesses)
A good confidentiality statement is clear, specific, and easy to understand. If it’s too vague (“this email is confidential”), it can be easy to ignore and hard to rely on later.
Here’s what you’ll generally want to include in your confidentiality statement.
1. Identify That The Information Is Confidential
Spell out that the content is confidential. If possible, refer to the communication itself (email, attachment, proposal, deck) so it’s obvious what’s covered.
- Example concept: “This email and any attachments are confidential…”
2. Limit Use To A Specific Purpose
Confidentiality isn’t just about not sharing. It’s also about not using the information inappropriately.
For startups, purpose-limiting language is especially helpful where you’re disclosing information for evaluation.
- Example concept: “It may only be used for the purpose of evaluating [the project/proposal/relationship]…”
3. Prohibit Disclosure And Copying
Make it clear the recipient shouldn’t forward, copy, publish, or disclose the information to others.
- Example concept: “You must not disclose or reproduce this information without our prior written consent.”
4. Include “Unintended Recipient” Instructions
This is common in email confidentiality statements and can be useful if an email is sent to the wrong person.
- Example concept: “If you received this message in error, please notify us and delete it.”
5. Keep It Short (So People Actually Read It)
A confidentiality statement isn’t the place for a full legal agreement. If it’s long, recipients will ignore it.
If you need detailed terms (definitions, exclusions, timeframes, remedies), use an NDA.
6. Consider Confidentiality Plus Privacy (If Personal Information Is Included)
If your communications include personal information (for example, customer data, employee data, or health information), confidentiality intersects with privacy obligations.
Many small businesses need a clear Privacy Policy if they collect personal information online, and internal practices should match what you say you do with that data.
A confidentiality statement can’t replace privacy compliance, but it can help reinforce that personal information shouldn’t be shared beyond authorised people.
How To Use A Confidentiality Statement In Real Life (Without Over-Relying On It)
For founders and business owners, the key is using a confidentiality statement as part of a broader “information protection system”, not as a substitute for proper contracts.
Use It In The Right Places
Common, practical places to use a confidentiality statement include:
- Email footer: for everyday communications that may include commercial information
- Quotes and proposals: especially if they include pricing structures, delivery methods, or unique processes (and yes, it’s also worth understanding whether a quote is legally binding so you don’t accidentally create obligations you didn’t intend)
- Pitch decks: particularly early-stage decks being shared widely
- Internal documents: policies, playbooks, templates, strategy documents
Pair It With The Right Contract At The Right Time
Here’s a common pattern that works well for small businesses:
- Early conversations: keep disclosures high-level and use a confidentiality statement on materials
- Before sharing sensitive details: have the other party sign an NDA
- Before work starts: put a proper services agreement in place that includes confidentiality and IP ownership clauses
For example, if you’re engaging a contractor to build your app or do development work, a proper contractor agreement is usually the correct place to deal with confidentiality, deliverables, and ownership of what they create.
Be Consistent With Your Business Processes
Courts and regulators tend to look at your behaviour when assessing whether something is truly confidential.
So, make sure you’re backing up your confidentiality statement with common-sense protections, like:
- restricting access internally (need-to-know basis)
- using password protection for sensitive documents
- marking key documents “Confidential”
- using version control and audit trails where appropriate
- training staff on confidentiality expectations
If you have employees, confidentiality can also be built into a properly drafted Employment Contract and supported by workplace policies.
Common Mistakes Small Businesses Make With Confidentiality Statements
Confidentiality statements are often copied and pasted without much thought. That’s where issues creep in.
Assuming An Email Footer “Automatically” Creates A Contract
Putting a confidentiality statement at the bottom of an email doesn’t automatically mean the recipient has agreed to it (especially if it’s sent after the communication has already started).
If you need enforceable obligations, get an NDA signed early, ideally before disclosure.
Being Too Vague About What’s Confidential
“This email is confidential” is a start, but it may not be strong enough if the dispute is about a specific idea, a specific dataset, or a specific method.
If you regularly share sensitive categories of information (like pricing formulas or customer lists), consider using more precise language in contracts and NDAs so there’s less room for argument later.
Not Protecting Intellectual Property (IP) Alongside Confidentiality
Confidentiality helps prevent disclosure, but it doesn’t always solve ownership issues.
For example, if a contractor creates code, designs, or content for you, you generally want clear IP assignment terms in writing. Otherwise, you can end up paying for work that you don’t fully own (or can’t reuse freely).
This is one reason NDAs and confidentiality clauses are often paired with service agreements and IP provisions.
Sharing Too Much, Too Early
Founders are understandably excited to talk about their ideas. But if you share your “secret sauce” before you have proper agreements in place, it can be difficult to put the toothpaste back in the tube.
As a general approach:
- share high-level info first
- use an NDA before sharing anything truly sensitive
- move key conversations into written agreements as the relationship progresses
Using A Confidentiality Statement Instead Of Proper Website Legal Documents
If you run an online business, your risks often come from what happens on your website: how customers use it, how you handle refunds, what you say about your products, and how you collect data.
An email confidentiality statement won’t cover that. In many cases, you’ll need proper website terms and consumer-facing documents, especially if you sell online.
If you’re offering goods or services to consumers, you should also make sure you understand your obligations under the Australian Consumer Law (ACL), including warranties and refund rights. For example, issues around warranties often come up in practice, and it’s helpful to understand consumer warranty expectations so your business policies don’t create compliance problems.
Key Takeaways
- A confidentiality statement is a short notice that sets expectations that information is confidential and should not be used or shared without permission.
- A confidentiality statement can be helpful, but it isn’t always a substitute for a properly drafted and signed NDA or confidentiality clause in a contract.
- For higher-risk disclosures (like financials, product roadmaps, customer lists, or technical details), you should usually use a Non-Disclosure Agreement before sharing.
- A strong confidentiality statement should be clear about what’s confidential, how it can be used, and what the recipient must do if they received it by mistake.
- Confidentiality works best when backed up by business processes (access controls, document marking) and the right legal documents (contracts, NDAs, privacy documents).
This article provides general information only and does not constitute legal advice. If you’d like help putting together the right confidentiality statement or confidentiality clauses for your startup or small business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
