What we agree to keep confidential

Mutual Non-Disclosure Agreement

HASP Mutual Non-Disclosure Agreement Last updated · May 21, 2026

Overview

This is HASP's standard mutual non-disclosure agreement (the "MNDA"), used for pre-signup security reviews, evidence sharing, and other confidential conversations before a paid relationship begins. The Cover Page captures the per-engagement variables (counterparty name, signers, effective date) and the operative terms below govern.

The contractually binding MNDA is the version countersigned at execution — either in-product after signup, or as a PDF before signup. The template on this page is published so your legal and security teams can review the standard form ahead of time.

Parties, Purpose, and Term

  • Party 1: Hasp, Inc., a Delaware corporation.
  • Party 2: Counterparty, identified on the Cover Page at signing.
  • Purpose: Evaluating whether to enter into a business relationship between the parties.
  • MNDA Term: One (1) year from the Effective Date.
  • Term of Confidentiality: One (1) year from the Effective Date, plus indefinite protection for trade secrets while they remain trade secrets under applicable law.
  • Governing Law: Delaware. Jurisdiction: federal or state courts in New Castle, Delaware.

Confidential Information

"Confidential Information" means information one party ("Disclosing Party") discloses or makes available to the other ("Receiving Party") in connection with the Purpose, that either:

  • the Disclosing Party identifies as "confidential", "proprietary", or the like at the time of disclosure; or
  • should be reasonably understood as confidential due to its nature and the circumstances of disclosure.

The existence and status of the parties' discussions and the contents of the Cover Page are themselves Confidential Information. Technical and business information, product designs, roadmaps, requirements, pricing, security and compliance documentation, technology, inventions, and know-how are all explicitly in scope.

Use and Protection

The Receiving Party shall:

  • use Confidential Information solely for the Purpose;
  • not disclose Confidential Information to third parties without the Disclosing Party's prior written approval, except to employees, agents, advisors, contractors, and other representatives with a reasonable need to know — provided those representatives are bound by confidentiality obligations no less protective of the Disclosing Party than this MNDA, and the Receiving Party remains responsible for their compliance; and
  • protect Confidential Information using at least the same protections it uses for its own similar information, and in no event less than a reasonable standard of care.

Exceptions

The obligations in this MNDA do not apply to information the Receiving Party can demonstrate:

  • is or becomes publicly available through no fault of the Receiving Party;
  • it rightfully knew or possessed before receipt from the Disclosing Party without confidentiality restrictions;
  • it rightfully obtained from a third party without confidentiality restrictions; or
  • it independently developed without using or referencing the Confidential Information.

Disclosures Required by Law

The Receiving Party may disclose Confidential Information to the extent required by law, regulation, regulatory authority, subpoena, or court order — provided (to the extent legally permitted) it gives the Disclosing Party reasonable advance notice and reasonably cooperates, at the Disclosing Party's expense, with efforts to obtain confidential treatment.

Return or Destruction

On expiration or termination of the MNDA, or on earlier written request from the Disclosing Party, the Receiving Party will cease using Confidential Information, destroy or return all copies in its possession, and confirm compliance in writing if asked. Standard backup or record-retention copies, and copies retained as required by law, may be kept — but the MNDA continues to apply to them.

Governing Law

This MNDA is governed by the laws of the State of Delaware, without regard to conflict of laws provisions. Any suit, action, or proceeding must be brought in the federal or state courts located in New Castle, Delaware, and both parties irrevocably submit to the exclusive jurisdiction of those courts.

Frequently asked questions

How do I get an MNDA in place with HASP?

Email [email protected]. We'll countersign and return the MNDA once the request is reviewed. If you've already started a paid signup, the MNDA isn't necessary for the BAA or DPA to apply — those activate at signup automatically. The MNDA is primarily for pre-signup security reviews and evidence sharing.

What's the purpose and term?

The Purpose is evaluating whether to enter into a business relationship between the parties. The MNDA itself expires one (1) year after the Effective Date, and confidentiality obligations survive for one (1) year after that — with trade secrets protected for as long as they remain trade secrets under applicable law.

Does the MNDA cover SOC 2 reports, HITRUST attestations, and pen test results?

Yes. The MNDA is the standard gate for accessing HASP's SOC 2 Type II report, HITRUST attestation, penetration test summaries, and any other security evidence not already public on the Trust Center. Once the MNDA is in place, request the evidence via the same compliance address.

Can I redline it?

Stay close to the published form and procurement on both sides moves fast. If there's a specific provision that conflicts with your standard NDA, send us the markup at [email protected] and we'll review.

Is the MNDA recorded in the audit chain like the BAA is?

Once you've signed up and a HASP organization exists, in-product MNDA execution is recorded in the same integrity-chained audit log used for BAA execution. MNDAs signed before signup are stored as PDFs and surfaced in the Trust workspace once your organization is created.

Related

Need an MNDA? Email [email protected] and we'll countersign and return once the request is reviewed.