compliance

Non-Solicitation and Non-Disclosure Policy

A Non-Solicitation and Non-Disclosure Policy template that sets clear rules for protecting confidential information and limiting customer or employee solicitation during and after employment.

Fill it now — Free Get Started

Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Saas · Professional Services · Manufacturing · Staffing And Recruiting · Healthcare

9:41

HR Policies

1 Purpose

2 Scope

3 Definitions

4 Policy Statement

5 Procedure

6 Roles & Responsibilities

7 Exceptions and Jurisdiction-Specifi...

8 Compliance and Discipline

9 Review and Revision

Overview

This Non-Solicitation and Non-Disclosure Policy template sets a company standard for protecting confidential information and limiting improper solicitation of customers, prospects, vendors, and employees. It is designed for employers that want a repeatable policy they can attach to onboarding, manager training, and offboarding workflows.

Use it when employees handle trade secrets, pricing, customer relationships, sales leads, internal strategy, or personnel information. The template helps define what information is confidential, what conduct is prohibited during employment, what obligations continue after separation, and how employees should return or delete company materials. It also includes a procedure for reporting concerns, requesting exceptions, and documenting discipline.

Do not use this as a one-size-fits-all restraint on worker mobility. Some states limit non-solicitation language, require narrow drafting, or treat certain post-employment restrictions differently. It is also not a substitute for a standalone trade secret program, data security policy, or jurisdiction-specific employment agreement. If your workforce includes California employees or other regulated jurisdictions, the carve-out section should be reviewed before adoption. The template is most useful when the company needs clear, enforceable rules that match actual access to sensitive information and customer relationships.

Standards & compliance context

The confidentiality portion should align with trade secret and confidentiality protections under federal and state law, including the Defend Trade Secrets Act where applicable.
The policy should not interfere with NLRA Section 7 rights, including protected concerted activity, wage discussions, or other lawful employee communications.
Any discipline process should be applied consistently and without discrimination under Title VII, ADA, ADEA, and related EEOC enforcement principles.
If the policy touches employee data or personnel files, limit access and retention practices to what is necessary under privacy laws such as GDPR or CCPA where applicable.
California employees: review non-solicitation language carefully because state law can limit post-employment restraint provisions and related enforcement.
State-specific carve-outs should be added for jurisdictions with unique employment rules, and the policy should be checked against local counsel before rollout.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Purpose

Explains why the policy exists and what business risks it is meant to reduce.

The purpose of this policy is to protect the Company’s legitimate business interests, including confidential information, trade secrets, customer relationships, and employee relationships, while preserving employee rights under applicable law. This policy is intended to be applied in a manner consistent with the **NLRA Section 7**, the **FLSA**, the **EEOC** laws, and any applicable state restrictive covenant statutes.

Scope

Identifies which workers, locations, and relationships are covered by the policy.

This policy applies to all employees, officers, managers, supervisors, contractors, interns, and temporary workers who receive access to Company information or relationships. It applies during employment and, where expressly stated, after employment ends. **California employees:** any non-solicitation or post-employment restriction must be reviewed for compliance with California law, including **Business and Professions Code § 16600** and related authorities. **New York employees:** any whistleblower-related reporting rights remain protected under **NY Labor Law § 740**. **All jurisdictions:** nothing in this policy may be interpreted to interfere with rights protected by law.

Definitions

Sets the meaning of key terms so employees and managers apply the policy consistently.

For purposes of this policy: - **Confidential Information** includes non-public financial, operational, technical, customer, vendor, pricing, marketing, security, and personnel information. - **Non-Solicitation** means targeted efforts to divert customers, vendors, or employees away from the Company. - **Protected Activity** includes discussions or actions protected by the NLRA, wage discussions, reporting unlawful conduct, requesting leave, or seeking a reasonable accommodation. - **Reasonable Accommodation** and **interactive process** have the meanings provided under the ADA and applicable state law.

Policy Statement

States the company’s core rules on solicitation, confidentiality, and post-employment obligations.

Employees must protect Company Confidential Information and may not use or disclose it except for legitimate business purposes and as authorized by the Company. Employees must not remove, copy, transmit, photograph, upload, or store Confidential Information outside approved systems unless required for job duties and approved by the Company. Employees may not solicit Company customers, prospective customers, vendors, or employees for a competing business or for personal gain using Company information, except where such restrictions are prohibited by law or would interfere with protected employee rights. This policy does not prohibit lawful, protected communications about wages, hours, working conditions, union activity, safety concerns, discrimination, harassment, or other rights protected by law.

Procedure

Shows the exact steps for handling disclosures, exceptions, departures, and suspected violations.

1. **Before access is granted:** Managers must limit access to Confidential Information on a need-to-know basis and ensure employees receive policy training and acknowledgement. 2. **During employment:** Employees must use approved systems, follow data handling rules, and immediately report suspected unauthorized disclosure, loss, or misuse to HR or the Compliance Officer. 3. **Before separation:** Employees must return laptops, badges, documents, storage devices, keys, and all Company property; delete Company data from personal devices as directed; and certify return of materials if requested. 4. **After separation:** Former employees may not retain or use Confidential Information and must not solicit customers or employees where enforceable by law and where a valid post-employment restriction exists. 5. **Escalation:** HR and Legal will review suspected violations, preserve evidence, and determine whether a documented warning, access restriction, PIP, or other corrective action is appropriate.

Roles & Responsibilities

Assigns ownership for approvals, training, enforcement, and recordkeeping.

**Employees:** protect Confidential Information, comply with access restrictions, and report concerns promptly. **Managers:** ensure team members understand the policy, limit unnecessary access, and escalate suspected violations. **HR:** maintain acknowledgements, coordinate training, and support separation procedures. **Legal / Compliance:** review restrictive covenant language, jurisdiction-specific carve-outs, and any proposed enforcement action. **IT / Security:** implement access controls, logging, device return, and data preservation measures.

Exceptions and Jurisdiction-Specific Carve-Outs

Flags where local law or business needs require narrower drafting or different treatment.

**Protected rights:** Nothing in this policy prohibits employees from engaging in protected concerted activity under the **NLRA**, discussing wages or working conditions, reporting concerns to government agencies, participating in investigations, or exercising rights under the **FLSA**, **EEOC** laws, **FMLA**, **ADA**, or applicable whistleblower laws. **California employees:** post-employment non-solicitation and similar restrictive covenants may be unenforceable; any enforcement must be reviewed under California law. **Massachusetts, Washington, and other states with restrictive covenant laws:** enforceability, notice, consideration, and duration requirements may apply and must be reviewed before use. **Personal devices and personal accounts:** limited review or deletion steps may be required only to the extent permitted by law and Company policy, with privacy and data-protection obligations considered.

Compliance and Discipline

Explains how violations are investigated, documented, and escalated.

Violations of this policy may result in corrective action up to and including termination of employment, subject to applicable law and any required investigation. The Company may also seek injunctive relief, return of property, or other lawful remedies for misuse of Confidential Information. Discipline decisions must be based on documented facts, applied consistently, and must not retaliate against protected activity or protected leave requests.

Review and Revision

Sets the cadence for updates so the policy stays aligned with law and business practice.

This policy will be reviewed at least annually and whenever there are material changes in law, business operations, data handling practices, or jurisdiction-specific restrictive covenant requirements. Revisions must be approved by HR, Legal, and executive leadership before publication.

How to use this template

1. Fill in the policy holder name, effective_date, version, review_frequency, applicable_jurisdictions, and applicable_roles before publishing the policy.
2. Define the categories of confidential information your business actually uses, including customer lists, pricing, source code, compensation data, and internal plans.
3. Assign HR, Legal, and IT responsibilities for onboarding acknowledgments, access control, offboarding collection, and exception approvals.
4. Train managers and employees on what counts as solicitation, what must not be disclosed, and how to report suspected misuse or a breach.
5. Apply the discipline section consistently by documenting violations, issuing documented warnings where appropriate, and escalating repeat issues through the normal corrective-action process.
6. Review the policy annually and after any state-law change, acquisition, reorganization, or major change in sales, recruiting, or data handling practices.

Best practices

Define confidential information by category and business use, not by vague labels like “all company information.”
Separate customer solicitation rules from ordinary customer service so employees know what conduct is actually prohibited.
Require employees to return or delete company files, notes, and copies at separation, including material stored on personal devices or cloud accounts.
Use a written exception process so Legal or HR can approve narrow carve-outs instead of relying on informal manager permission.
Tie the policy to onboarding acknowledgments and offboarding checklists so the obligations are actually tracked.
Document suspected violations promptly and preserve relevant emails, messages, and access logs before making a discipline decision.
Review state-specific enforceability before applying the same non-solicitation language to every location.

What this template typically catches

Issues teams running this template most often surface in practice:

Confidential information is defined so broadly that employees cannot tell what is actually protected.

The policy bans solicitation but does not explain whether passive outreach, social media contact, or general advertising is covered.

There is no clear return, deletion, or access-revocation step at termination.

Managers apply exceptions inconsistently, creating uneven enforcement and documentation gaps.

The policy is used in states where the non-solicitation language may be unenforceable or needs narrowing.

Discipline is mentioned but not tied to a documented warning, investigation, or escalation path.

The policy does not preserve NLRA-protected employee communications or other lawful conduct.

Common use cases

SaaS Sales Team Confidentiality Controls

A software company uses this template to protect pricing, pipeline, customer lists, and product roadmap details. It also sets clear limits on post-employment customer solicitation for account executives who had direct client relationships.

Recruiting and Talent Acquisition Policy Rollout

A staffing firm adapts the policy for recruiters who handle candidate databases, client contacts, and compensation information. The template helps define what can be shared internally and what must remain confidential after a recruiter leaves.

Manufacturing Trade Secret Protection

A manufacturer uses the policy to protect formulas, process documents, vendor pricing, and production methods. The non-disclosure section supports a broader trade secret program without relying on ad hoc manager instructions.

Multi-State Offboarding Standard

An employer with remote workers uses the template to standardize exit steps for returning devices, deleting files, and confirming continuing confidentiality obligations. The jurisdiction section helps the company flag state-specific limits before finalizing the separation checklist.

Frequently asked questions

What does this policy template cover?

This template covers two related areas: non-solicitation rules and non-disclosure obligations. It defines what counts as confidential information, when employees may not solicit customers or coworkers, and what must be returned or deleted at separation. It also includes a procedure for handling requests, exceptions, and discipline.

Who should use this policy?

Use it for employees, managers, contractors, and other workers who may access customer lists, pricing, trade secrets, or internal business information. It is especially useful for sales, recruiting, operations, and leadership roles. The scope can be narrowed or expanded depending on access level and jurisdiction.

How often should this policy be reviewed?

Review it at least annually and whenever your company changes its data handling, sales model, or workforce structure. It should also be updated after legal changes that affect non-solicitation or confidentiality rules in specific states. Annual review helps keep the policy aligned with current law and actual business practices.

Does this template address state law differences?

Yes, the carve-out section is designed to flag jurisdiction-specific limits, especially where state law restricts non-solicitation or employee mobility provisions. California, for example, requires careful review of post-employment restraint language, and other states may have notice or enforceability rules. The template should be customized by counsel before rollout in multiple jurisdictions.

What are the most common mistakes with this kind of policy?

Common mistakes include defining confidential information too broadly, failing to separate customer solicitation from ordinary relationship management, and omitting a clear return-or-delete procedure at termination. Another frequent issue is using one national rule without checking state-specific enforceability. Employers also forget to explain who approves exceptions and how violations are documented.

How does this differ from an ad hoc confidentiality agreement?

An ad hoc agreement usually focuses on a single hire or transaction, while this policy creates a repeatable company standard. It tells employees what is prohibited, who handles questions, and what happens if there is a suspected breach. That makes enforcement more consistent across departments and locations.

Can this template be customized for contractors and remote workers?

Yes, the scope can be adapted for contractors, interns, remote employees, and hybrid teams. You can add device-return steps, access revocation timing, and rules for personal devices or cloud storage. If contractors work across states or countries, the jurisdiction section should be reviewed carefully before use.

What should be integrated with this policy during rollout?

It should be paired with onboarding acknowledgments, offboarding checklists, access-control procedures, and document retention rules. Many employers also connect it to confidentiality training, sales conduct rules, and IT security controls. Those integrations make the policy enforceable instead of just informational.

Related templates

Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Hr Policy

Code of Conduct

A Code of Conduct policy that defines expected behavior, reporting channels, and discipline for v...

Forms

Employee Onboarding Form

Employee Onboarding Form for collecting new hire details, tax references, direct deposit, emergen...

Inspections

Forklift Daily Pre-Shift Inspection

Forklift Daily Pre-Shift Inspection template for recording pre-use checks, defects, and out-of-se...

Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...

Workspace

Customer Onboarding

Customer Onboarding workspace template for guiding a new customer from kickoff through launch and...

Ready to use this template?

Get started with MangoApps and use Non-Solicitation and Non-Disclosure Policy with your team — pricing built for small business.

Get Started Customize with AI