When considering the sale of an e-commerce business, often, some of the most valuable assets being sold are the target’s trade secrets. These may involve confidential customer/user account lists, vendor and supplier lists, advertising methods, shipping and customer service models, and more. As part of the process of courting and finding buyers, many parties may need — or claim to need — to have information about the target’s trade secrets. Such parties may include potential buyers, financiers, investors, and others. However, companies looking to be acquired must vigorously protect their trade secrets throughout the sales process. Here are some pro tips.

Why must trade secrets be protected?

Trade secrets must be protected for at least two interconnected reasons. First, as noted, trade secrets are often a significant proportion of the value of an e-commerce business. Without protecting those trade secrets, they can be lost to a competitor, either outright stolen or lost through loss of the legal status of being trade secrets. This, naturally, diminishes the value — the sale price — of the target e-commerce business.

Second, to sustain their legal protections as trade secrets, owners of trade secrets must take reasonable steps to maintain the secrecy of the trade secrets. These steps might include things like keeping the trade secrets under lock and key, limiting who has access to the trade secrets, requiring anyone with access to sign confidentiality and non-disclosure agreements, etc. These steps must be maintained throughout any bargaining and exploration of a merger and/or acquisition. Failure to maintain efforts to keep the secrecy of the trade secrets can result in the trade secrets no longer having protected status. There are cases, for example, where various trade secrets were disclosed during marketing/investor presentations. The end result was that, since the information was disclosed, the information was freely available for use by competitors.

What tools should be used?

Non-disclosure and confidentiality agreements (“NDACA”) are the most common tools used to protect the secrecy of trade secrets during the exploration of a merger and/or acquisition. These NDACAs must, of course, be carefully crafted to ensure that secrecy is maintained. Provisions should include the following:

• Limitation on who may see the data/information designated as trade secrets — it is best to specifically identify persons by name
• Requirement that persons designated to see confidential data/information be required to sign the NDACA
• Provisions specifically identifying the trade secrets
• Dividing disclosures into stages — that is, the most sensitive trade secrets are only disclosed after certain stages in the transaction have been reached (such as after a Letter of Intent is signed, after due process begins, or when financing is being sought)
• Consider dividing allowed access into different personnel for different categories of trade secret information (such as financial, marketing, IT systems, etc.)
• Ensuring that the obligations to maintain non-disclosure and confidentiality continue long after the deal is consummated or fails to consummate
• Requiring seller’s written permission to expand disclosures beyond those listed (such as to potential lenders, third-party investors, etc.
• And more

Aside from NDACAs, other tools that should be considered concern the physical protection of trade secret data and information. For example, the data could be presented in paper format only and only for in-person reviews at a particular location. This may be impractical. However, similar sorts of protections can be used for electronic format data.

Trade Secret Law: The Legal Framework Sellers Must Understand

Protecting trade secrets during an M&A process is not merely a matter of good business judgment — it is a legal obligation with significant consequences for failure. The Defend Trade Secrets Act (“DTSA”), 18 U.S.C. §§ 1836 et seq., enacted in 2016, creates a federal civil cause of action for trade secret misappropriation and significantly strengthened the legal tools available to trade secret owners. Understanding the DTSA framework helps e-commerce sellers understand both what protections they have and what they must do to preserve them.

What Qualifies as a Trade Secret

Under the DTSA (and its state law counterpart, the Uniform Trade Secrets Act, adopted by most states), a trade secret is information that (1) derives independent economic value from not being generally known to or readily ascertainable by others, and (2) is the subject of reasonable measures to maintain its secrecy. Both elements are required. Information with genuine commercial value — a proprietary customer algorithm, a supplier pricing model, a conversion optimization formula — that the owner has made no effort to protect may not qualify as a legally protectable trade secret.

For e-commerce businesses, common trade secrets include: customer lists with purchase history and behavioral data; supplier identities and negotiated pricing terms; proprietary fulfillment algorithms or logistics models; advertising copy testing results and customer acquisition cost data; and product sourcing relationships. The value of these assets is often not reflected on the balance sheet, making them easy to undervalue in negotiations — and easy to lose if not protected during the sale process.

The DTSA’s Protections During M&A

The DTSA provides several powerful remedies for trade secret misappropriation that are particularly relevant in the M&A context:

• Injunctive relief. Courts can issue ex parte (without notice to the defendant) seizure orders to prevent the dissemination of stolen trade secrets. This is critical in the M&A context because trade secrets, once disclosed, cannot be un-disclosed. An injunction preserving the status quo while litigation proceeds is often the most important initial remedy.
• Damages. The DTSA allows recovery of actual losses caused by the misappropriation, as well as unjust enrichment damages representing the benefit the misappropriator obtained. If actual damages are inadequately measured by these two amounts, courts may award damages measured as a reasonable royalty. For willful and malicious misappropriation, exemplary damages up to twice the award are available, along with attorneys’ fees.
• State law claims. DTSA claims can be asserted alongside state trade secret claims (typically under state versions of the UTSA), breach of NDA claims, and breach of fiduciary duty claims. Multiple overlapping claims create leverage and increase potential recovery.

Structuring the Due Diligence Process to Protect Trade Secrets

The disclosure process in an M&A transaction should be structured as a staged reveal. The practical framework is:

• Stage 1 (pre-LOI): Provide only the information necessary for the buyer to make a preliminary valuation decision. This typically means financial summaries, business overview information, and traffic/revenue metrics — without revealing the specific vendors, customer identities, or proprietary methodologies that make those numbers possible.
• Stage 2 (post-LOI, pre-close): With a signed LOI (including appropriate exclusivity and no-shop provisions) and an executed NDCA, provide fuller due diligence access through a secure virtual data room. Access should be logged, watermarked documents should be used where feasible, and document download permissions should be controlled.
• Stage 3 (closing): The most sensitive operational trade secrets — supplier contacts, proprietary algorithms, ad account data — should be transferred only at or after closing, not before, with clear contractual mechanisms for rollback if closing fails.

When the Deal Falls Through

Failed M&A processes are not uncommon, and they create specific trade secret risk. Buyers who do not proceed may nonetheless retain detailed knowledge of the seller’s business operations, supplier relationships, and customer acquisition strategies. The NDCA must include strong provisions — including return or destruction requirements for all disclosed materials, survival of confidentiality obligations for a specified period (typically three to five years), and clear liquidated damages provisions for breach — to address this scenario. The DTSA’s civil seizure remedy and injunctive relief provisions provide additional legal tools if a buyer misuses information disclosed during a failed due diligence process.

Selling an e-commerce business is a complex transaction with significant legal risks on multiple fronts. Contact the E-Commerce and Business attorneys at Revision Legal or visit our e-commerce practice page to protect your most valuable assets throughout the sale process.

Contact The E-commerce and Business Attorneys At Revision Legal

For more information, contact the experienced e-commerce and Business Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.