Back to blog
Cas d'usage

NDA + timestamping: the combo that actually protects your startup project

An NDA proves a confidentiality commitment. A timestamp proves prior existence of content. Here is why both pieces form an operational combo for a startup, and how to orchestrate it concretely before any sensitive exchange.

8 min read
NDA + timestamping: the combo that actually protects your startup project

Tomorrow you are introducing your project to an industrial partner. You have a clean deck, a working demo, a technical memo describing the architecture. And this thought that keeps coming back: what stops your counterpart from picking up your approach six months later, without you?

Many founders answer reflexively: an NDA. Others through hygiene: a timestamp. Very few think about combining the two. Yet it is the only setup that answers the two questions a judge will ask in case of dispute: what exactly did you communicate and when, and had your counterpart committed not to exploit it.

This article does not revisit the general debate on protecting ideas at the pitch stage (a separate blog post covers that). Here we focus exclusively on the operational workflow of the NDA + timestamping combo: when to use it, in which order, and which pieces to keep.

The honest reminder: an idea alone is not protectable

Under French law, an idea is not protected by copyright. The Intellectual Property Code protects the form of expression of a creation, not the abstract concept behind it. This is a classic of French and European copyright law.

In practice, if you describe your SaaS concept out loud over a coffee, nothing in the law prevents your counterpart from going home to build it. What is protected is what you have materialized: a document, a technical diagram, a prototype, code, a quantified strategic memo.

The NDA + timestamping combo therefore acts on two dimensions:

  • the object transmitted (the timestamp proves it existed before the communication),
  • the commitment of the recipient (the NDA creates an enforceable confidentiality obligation).

NDA: what it does, what it does not

A non-disclosure agreement is a contract by which one party commits not to disclose or exploit information received. Under French law, this commitment relies on general contract law and on article 1112-2 of the Civil Code, which expressly sanctions the use or disclosure without authorization of confidential information obtained during negotiations.

What an NDA does:

  • it creates a contractual obligation of confidentiality, whose breach engages the recipient's civil liability,
  • it defines what is confidential (definition clauses) and for how long,
  • it often provides sanctions (penalty clauses, liquidated damages).

What an NDA does not do:

  • it does not prove what you communicated exactly,
  • it does not establish that you originated the content shared,
  • it does not freeze the date of the content itself: it dates the commitment, not the material.
!
The classic trap

You have a signed NDA. Six months later, you discover a competing product that strangely resembles your project. Without a dated record of the content you actually transmitted, you have to demonstrate after the fact what was inside the deck V2 sent on March 14. Very quickly, it becomes your word against theirs.

Timestamping: what it does, what it does not

Electronic timestamping cryptographically freezes a file at a given instant. Concretely, the SHA-256 hash of the file is computed (a unique fingerprint of a few characters) and that fingerprint is anchored on an immutable register, such as the Bitcoin blockchain via OpenTimestamps.

What a timestamp does:

  • it proves that a specific file existed in this exact form on a given date,
  • it detects any later modification (the smallest change alters the hash),
  • it constitutes an independent piece of evidence, verifiable by a third party without asking you anything.

What a timestamp does not do:

  • it does not commit anyone other than yourself: the recipient remains legally free to exploit the content if nothing else prevents them,
  • it does not automatically prove that you are the original author (but combined with other pieces, it strengthens your position significantly),
  • it does not create a property right on the content.

Comparison table

QuestionNDA aloneTimestamp aloneNDA + timestamp combo
Can the recipient exploit the content?No (contractual commitment)Yes (nothing prevents them)No (commitment + proof)
What did the transmitted document contain?Not demonstratedDemonstrated (hash + file)Demonstrated
When was it transmitted?Signature date onlyTimestamp dateBoth, cross-referenced
Setup costVariable (lawyer drafting)A few minutesA few minutes + NDA
VC acceptance at pitch stageOften refusedNo third-party action requiredOften refused at pitch stage
Useful in data room / due diligenceYesYesIdeal

The concrete workflow before a sensitive exchange

  1. 1
    Freeze the final version of each document
    Export each deliverable into a stable format: PDF for the deck and the memo, ZIP for the code, PNG for mockups. Name each file explicitly (deck_projectX_v3_2026-05-20.pdf). This version is now the one that will be timestamped and shared.
  2. 2
    Timestamp every piece before any sending
    Compute the SHA-256 hash of each file and anchor it on an independent register (Bitcoin blockchain via OpenTimestamps for example). Keep the .ots receipt with the original file. This step must happen before any communication.
  3. 3
    Prepare the NDA suited to the exchange
    A well-drafted NDA defines precisely: what is confidential (the scope), for how long (the duration), and the sanctions in case of breach. List the relevant pieces in an annex (deck V3, technical memo, projections), ideally with their SHA-256 hashes.
  4. 4
    Have the NDA signed before communication
    The commitment must precede disclosure. If you send the deck by email before signature, you weaken your case. Use a timestamped electronic signature to materialize the commitment date in a verifiable way.
  5. 5
    Share the pieces and keep the proof pack
    Send your documents by tracked email or via a platform with delivery receipt. Archive together: signed NDA, timestamped files, .ots receipts, dated email exchanges. One PROOF/ folder per project or per contact is enough.
  6. 6
    Verify in case of doubt or dispute
    If you suspect unauthorized exploitation, recompute the hash of the transmitted file and compare it to the timestamp receipt. The match proves integrity; the NDA proves the commitment; together they build a coherent bundle.

Where this combo really applies

Let us be realistic. Investment culture has settled the matter: most VC funds refuse to sign an NDA for a first pitch. They see dozens of projects per week, sometimes on similar topics, and signing would expose their team to permanent conflicts of interest. Insisting even sends a negative signal about the founder's maturity.

The NDA + timestamping combo therefore makes most sense later in the funnel:

  • in a data room or due diligence, where you share detailed financial and technical materials,
  • with industrial or commercial partners asking for access to your IP,
  • with technical prospects (large accounts in evaluation) requiring specifications,
  • with external service providers (developers, designers, consultants) working on your product,
  • in M&A discussions or strategic partnerships.

For first VC pitches, the realistic approach remains: no NDA, but systematic timestamping of the deliverables you share. You cannot force the other party's commitment, but you can at least prove the prior existence of what you transmitted.

Limits and nuances to integrate

A few points that neither an NDA, nor a timestamp, nor the combo solve:

  • The NDA does not create a property right on the idea. It sanctions a breach of commitment, not an abstract "appropriation" of the concept.
  • The timestamp says nothing about authorship. It says "this file existed in this form on this date". If someone else proves an earlier timestamp of the same content, your prior existence claim falls apart.
  • Enforcing an NDA is expensive. Even with a solid case, contract litigation requires time, a lawyer, and cash. The threat of a formal notice is often more dissuasive than the litigation itself.
  • Timestamping does not replace a patent. For a new and inventive technical invention, the patent remains the appropriate tool. The NDA + timestamping combo mainly covers strategic non-patentable content (deck, methodology, know-how, proprietary code).
i
The combo is a bundle of evidence

No isolated piece is sufficient on its own. A court reasons on a coherent bundle of evidence: signed NDA + timestamp of the transmitted content + dated email + traces of suspected exploitation + technical comparison. The denser and more coherent the bundle, the stronger the demonstration.

Where does LegalStamp fit in?

LegalStamp handles the timestamping part of the combo. Concretely, you upload your file, the SHA-256 hash is computed locally in your browser (the file never leaves your machine), then the hash is anchored on the Bitcoin blockchain via OpenTimestamps. You receive an independently verifiable receipt to keep with your original file.

LegalStamp is a non-qualified electronic timestamping service under eIDAS. It does not benefit from the presumption of reliability reserved for Qualified Trust Service Providers (QTSP). However, article 41(1) of the eIDAS regulation prohibits denying legal effect to an electronic timestamp solely on the ground that it is non-qualified. Combined with a properly drafted NDA and your contextual exchanges, the timestamp delivers its full evidentiary value.

For the NDA part, have a template suited to your activity drafted by a lawyer — it will be reusable across dozens of exchanges and amortized from the first serious negotiation.

Try the workflow for free

LegalStamp's free tier allows 3 timestamps per month, with no credit card or complex sign-up. Enough to test the combo on your first sensitive deliverables before a partner exchange or a data room. Try for free →

FAQ

No. An NDA creates a contractual confidentiality obligation, but it does not establish that you were indeed the originator of the content shared, nor on which precise date. Without a dated record of what was transmitted, proving a breach becomes a fragile reconstruction exercise.
No. A timestamp proves that a specific file existed on a given date. It does not create any obligation for the recipient not to exploit the content. Without a contractual commitment, you prove the file's prior existence but not the fault of whoever may have reused it.
Timestamp the content before any transmission, have the NDA signed before actual communication, then share. You then hold two dated pieces: prior existence of the content (timestamp before sending) and the written confidentiality commitment (NDA before disclosure).
For a first pitch, most VC funds refuse to sign an NDA. The NDA + timestamping combo applies mainly to later stages: data room, due diligence, technical document sharing, or non-VC counterparts such as partners, enterprise prospects or service providers.
No. Under French law, an idea alone is not protected. What is protected is its materialization into a document. The combo therefore protects the written content of your project (deck, memo, mockup, code), not the abstract idea behind the project.
Keep everything: signed NDA, timestamped files with their receipts, dated email exchanges, screenshots of the suspected competitor. Have the file validated by an IP or contract litigation lawyer before any formal notice.
A patent protects a new and inventive technical invention; an INPI filing (Soleau envelope, trademark) creates an administrative record with an official body. Electronic timestamping is faster, cheaper, and suited to deliverables frequently updated. The tools do not cover the same needs and can complement each other.

Conclusion

The NDA and the timestamp answer two different questions. The first commits your counterpart; the second proves what you transmitted and when. Taken in isolation, each leaves a blind spot the other fills exactly. Taken together, they form a coherent bundle a judge knows how to read.

For an early-stage startup, this combo is not meant to apply to every exchange. But as soon as you enter an advanced discussion — data room, due diligence, technical partnership, service provider integration — it becomes a hygiene routine that is easy to set up and hard to fault in case of dispute.

Disclaimer: this article is provided for informational and educational purposes only. It does not constitute legal advice. For drafting an NDA tailored to your activity or for a litigation file, have your approach validated by a lawyer specialized in intellectual property or contract law.

Jeremy

Jeremy

Fondateur de LegalStamp, passionne par la blockchain et la protection des creations.

Share:

Related articles

Ready to protect your creations?

Create your first proof of priority for free in less than 30 seconds.