State of M&A Data Rooms — Q2 2026 Read the report →
Peony LogoPeony

Is a Price List a Trade Secret? (And How Sharing It Carelessly Can Kill the Protection)

Co-founder at Peony. Former M&A at Nomura, early-stage VC at Backed VC, and growth-equity / secondaries investor at Target Global. I write about investors, fundraising, and deal advisors from the deal-side perspective I spent years in.

Is a Price List a Trade Secret? (And How Sharing It Carelessly Can Kill the Protection)

Last updated: July 2026

Quick answer: A price list can be a trade secret, but it is not automatically one. Under generic US doctrine — the federal Defend Trade Secrets Act and state UTSA-style laws — pricing qualifies only if it (1) derives independent economic value from not being generally known, and (2) is protected by reasonable measures to keep it secret. The catch is that your sharing practices decide the second test. Years of emailing an unmarked, unrestricted PDF to hundreds of accounts is exactly what a defendant uses to argue you never treated it as a secret — you cannot claim as confidential what you broadcast. An NDA helps but is necessary, not sufficient: a promise with no controls behind it reads weak. What actually establishes reasonable measures is a checklist that doubles as a sharing workflow — need-to-know access (visitor groups), confidential marking plus viewer-identity watermarks, an access gate (NDA and verified email), per-viewer access logs as evidence you took measures, and revocation when relationships end. This post is general information, not legal advice.

I'm Sean Yu, co-founder of Peony. I spend my days on the deal side of documents, and the single most common question I get from distributors and manufacturers is some version of this one: a competitor seems to have our pricing — is our price list even legally protected, and did we lose that protection by how we've been sending it out? It is a fair question, and the honest answer surprises people: pricing can be a trade secret, but whether yours is depends less on the law in the abstract and more on the operational habits you have built around sharing it.

I run Peony, a data room company serving 5,900+ customers, so I have a horse in this race — but I want to be upfront about what a tool can and cannot do here. Nothing you buy makes your price list a trade secret. What good document control can do is help you implement the reasonable measures the law asks for, and produce the audit trail that proves you took them. The legal conclusion stays with a court and your counsel. Everything below is general information about how US trade-secret doctrine tends to work, not legal advice — I am not a lawyer, and you should confirm your specific situation with one.

What is this post about, and where does the sharing how-to live?

This post answers a legal-protectability question: is your pricing a trade secret, and how do your sharing practices affect that. It is the legal-wedge companion to a separate, hands-on guide.

If what you actually need is the operational playbook — how to send price lists and catalogs to trade accounts securely, tier by tier, without them leaking or going stale — that lives in the hub post, how to share price lists and product catalogs securely. That guide is the workflow: per-account isolation, live-update links, revoke on revision day, engagement tracking. This post is the why it matters legally: whether pricing is protectable at all, and how the same controls that make sharing clean also happen to be the reasonable measures that keep the protection alive. If your business is regulated — pharmaceutical distribution, medical devices, chemicals — where confidentiality is a legal necessity rather than a preference, the flagship case is in the data room for pharmaceutical distribution. Read this for the doctrine; read the hub for the steps.


Is a price list a trade secret, or just "confidential" business information?

A price list can be a trade secret, but it is not one by default, and confusing the two is where most owners go wrong. Under the federal Defend Trade Secrets Act (DTSA) and the state Uniform Trade Secrets Act (UTSA) versions that most states have adopted, information qualifies as a trade secret only when two conditions are both met. Courts have generally held to this two-part frame:

  1. It derives independent economic value from not being generally known. The information has to be valuable because it is secret. A master tiered price list, the cost basis underneath it, and the discount matrix that governs who gets what all clear this bar comfortably — that structure is worth money precisely because your competitors do not have it. It lets them undercut you line by line if they see it.
  2. Its owner takes reasonable measures under the circumstances to keep it secret. Value alone is not enough. You have to actually behave as though the information is a secret. This is the prong your sharing practices control, and it is the one most distributors quietly fail.

Two nuances matter before we go further. First, "confidential" is not a legal category that does any work on its own — calling something confidential, even in a footer, does not make it a trade secret if the two prongs above are not satisfied. Second, the protectable asset is usually the master structure, not an individual quote. A single account already knows its own price; that specific number, in that account's hands, is not much of a secret. The confidential asset is the whole ladder — every tier, the cost basis, the discount logic — because seeing all of it is what gives a competitor an edge. Keep that distinction in mind, because it also tells you what to protect most fiercely.

This is general information about how the doctrine is commonly framed, not legal advice, and the specifics vary by state and by facts. But the shape is consistent: a price list is a candidate for protection, and the deciding factor is almost always the reasonable-measures prong.

Can unrestricted mass distribution destroy trade secret protection?

Yes — and this is the part that keeps distributors up at night, correctly. The reasonable-measures prong is not a box you check once; it is an ongoing assessment of how you actually handle the information. And the fastest way to fail it is to broadcast the very thing you are calling secret.

Picture the common fact pattern. A distributor keeps its master price list in a spreadsheet, exports it to PDF each quarter, and emails it — unmarked, no NDA, no access control, no tracking — to every one of its 400 trade accounts, plus prospects who ask, plus the reps' personal contacts. Do that for a few years and you have handed a future defendant a clean argument: you did not take reasonable measures, because you distributed this to hundreds of people with no restrictions at all — and information you spread that freely was not really being treated as a secret. Courts have generally been receptive to that reasoning. You cannot claim as confidential what you broadcast.

Notice the two distinct ways broadcasting hurts you. It undercuts the reasonable-measures prong (you did not act to keep it secret), and, if the distribution is wide enough that the information becomes genuinely common knowledge in the market, it can even erode the value-from-secrecy prong (there is no secret left to protect). Most real situations sit short of that second, fatal extreme — but they land squarely in the first. The looseness weakens your position even when it does not end it.

This is why the "we've been emailing it around for years" question is the emotional core of this whole topic, and it deserves an honest answer rather than a scare or a shrug. I will give it its own section below.

We may have already blown it — is our protection gone?

Probably weakened, not necessarily gone — and what you do next genuinely matters. This is the most anxious question I hear, so let me be as straight as I can while staying inside general doctrine.

Here is the honest read. Years of unrestricted mass-emailing is a real liability. It can weigh heavily against you if protection is ever tested, because it cuts directly at the reasonable-measures prong. Anyone telling you it is harmless is not being truthful. But two things pull the other way, and they are both worth understanding:

  • Reasonable measures are assessed under the circumstances, and going-forward conduct counts. Courts have generally looked at whether the owner treats the information as a secret, not only at whether every past act was perfect. Starting to restrict, mark, and track access now — and documenting the date you changed your practices — can help re-establish that you regard the pricing as confidential. It is not a magic reset, but the trend of your conduct is part of the picture.
  • "Widely emailed" is not the same as "generally known." If what is actually circulating is fragments — one account's quote here, a rough sense of your list there — your underlying master structure, cost basis, and discount logic may still hold value from not being generally known, even though you were careless with distribution. The value-from-secrecy prong turns on what is genuinely public, not on how sloppy you were.

So the practical move if you suspect you have been too loose is straightforward: stop broadcasting today, put the controls in place, write down when you tightened up, and ask counsel how that change is likely to be viewed in your jurisdiction. Do not conclude it is hopeless and keep emailing the PDF — that only deepens the hole. And do not assume you are automatically fine either. This is exactly the kind of fact-specific judgment a lawyer should make on your actual situation; everything here is general information, not legal advice.

Is an NDA enough on its own to protect our pricing?

No — an NDA is necessary but not sufficient, and treating it as the whole answer is one of the most common mistakes I see. An NDA or confidentiality agreement is genuinely valuable: it is strong evidence of your intent to keep pricing secret, it creates a contractual obligation you can enforce, and you should absolutely have one. But an NDA is a promise, and the reasonable-measures prong asks about your conduct, not just your paperwork.

Play it out. You have every account sign an NDA — and then you email the master list, unmarked and untracked, to anyone who asks. A court weighing reasonable measures now sees a promise flatly contradicted by how you actually behave. The signature says "this is secret"; the broadcast says "not really." That gap is precisely what a defendant will point to. The NDA earns its weight when it sits on top of real enforcement, not in place of it.

Which brings us to the false binary I hear constantly: NDA, or mark it confidential, or lock down who can see it — which one protects the price list? The framing is wrong. It is not a choice among three; it is three layers of one thing:

  • The NDA is the legal promise — the gate.
  • The confidential marking is the notice that the promise attaches to this specific document.
  • Locking down access is the enforcement that makes the first two credible — the walls.

A gate with no walls encloses nothing. Any single layer alone reads weak and leaves an obvious gap. Courts weigh reasonable measures as a whole, so the strongest posture stacks all three. And here is the practical payoff that almost nobody selling legal fear ever mentions: stacking those layers is not three separate chores — it is a single sharing workflow. That is the section worth reading twice.

What are the reasonable measures — the checklist that doubles as a workflow?

This is the wedge nobody sells. Legal blogs describe the problem in detail and then leave you to figure out the mechanism. So here is the concrete reasonable-measures checklist for a confidential price list — and the thing to notice is that every item is also just a step in sharing the list well. The protection and the workflow are the same actions.

The reasonable-measures ladder for a confidential price list: mark it, restrict it to need-to-know, gate it, log every viewer, and be able to revoke — the checklist that doubles as evidence.

1. Restrict to need-to-know. Only accounts and reps who genuinely must see pricing should get it — not the whole market, not every prospect, not the reps' personal contact lists. In practice this means segmenting access so each account sees only its own tier and never the full ladder. A tool like Peony's visitor groups puts each account into exactly one tier group, so a Tier C reseller cannot open Tier A's numbers because they were never granted the file. Structural isolation is the cleanest form of need-to-know restriction — and, as a bonus, it kills the cross-tier discount disputes that start when one account glimpses another's pricing.

2. Mark it confidential — on every page. A footer legend on each page stating that the document is confidential and proprietary, provided for the named recipient's internal use only, and may not be disclosed or forwarded. Marking alone is weak, but marking that rides on top of the other controls carries real weight. Pair it with viewer-identity watermarks that burn the recipient's email and a timestamp into every page, so the confidential notice is inseparable from a record of exactly who was looking.

3. Gate access before viewing. Do not send an open PDF that opens for anyone who has the file. Put an access gate in front: a verified email at minimum, and an NDA gate where the stakes warrant it, so that opening the price list is an identifiable, deliberate, logged act rather than an anonymous download. The gate is where the NDA promise becomes an enforced precondition instead of a piece of paper in a drawer.

4. Log every viewer — this is your evidence. Share the list as an access-controlled link, not an attachment, and keep a per-viewer record of who opened what and when. Access logs and page-level analytics do double duty: operationally they tell your reps which accounts have seen the new pricing, and legally they are contemporaneous evidence that you restricted and monitored access — one of the reasonable measures a court weighs. This log is the single most valuable artifact you can hand your counsel behind a trade-secret position, and it only exists if you were capturing it before you needed it.

5. Be able to revoke. When an account relationship ends, a rep leaves, or a price changes mid-quarter, you need to cut off access — not send a please-delete email and hope. Revocation turns off a link so the next attempt to open it simply fails. The ability to withdraw access is itself part of behaving as though the information is a secret you control.

Run down that list and you have implemented the reasonable-measures prong and built a clean, trackable sharing operation in the same motion. That is the whole thesis of this post: the checklist that protects you legally is the checklist that makes sharing work. You do not have to choose between "lock it down" and "actually get pricing to your accounts." A data room like Peony — used by 5,900+ customers — collapses both into a send-a-link workflow, and you can start on the free plan and move up to Business at $30/admin/month or Data Room at $52/admin/month, with your trade buyers free on the other side of the link.

To be clear about the honest limit: turning these controls on does not by itself make your pricing a trade secret, and it cannot manufacture the value-from-secrecy prong if your information is genuinely public. What it does is let you implement the reasonable measures and produce the evidence that you took them. The legal conclusion still belongs to a court and your lawyer. But the reasonable-measures prong is the one you actually control — so control it.

How do we prove we took reasonable steps if it ever comes to that?

You prove it with contemporaneous records, which is why the logging step above is not optional. If protection is ever tested, the question a court asks is not "did you intend to keep it secret?" but "what did you actually do?" Intent is cheap; evidence is not. The distributors who are in a strong position are the ones who can produce, on demand:

  • An access record showing the price list was shared only with named, verified recipients — not broadcast — with a per-viewer log of who opened it and when.
  • Proof of marking, because every page carried a confidential legend and a viewer-identity watermark.
  • The gate, showing that opening the file required a verified email or an accepted NDA.
  • A revocation history, showing you cut off access when relationships ended.
  • A documented change date, if you tightened your practices — evidence that you moved to treat the information as a secret and when.

Every one of those is a byproduct of using controlled sharing instead of email attachments. The page-analytics audit trail alone answers most of the "what did you do" question, and identity watermarks tie any leaked page back to its source. The uncomfortable truth is that you cannot generate this evidence retroactively — an emailed PDF from two years ago leaves no trail. This is general information, not legal advice, but the pattern is consistent: the businesses that can defend their pricing are the ones who built the record before the dispute, not after.

A competitor got our price list — what do we do right now?

Move deliberately, preserve everything, and do not fire off a cease-and-desist yourself. When a leak surfaces — a competitor is suddenly undercutting you line by line, a former sales rep resurfaces at a rival with suspiciously specific pricing — the instinct is to react fast and loud. Resist it. Here is the sequence that protects you rather than exposing you:

  1. Preserve evidence. Do not delete, alter, or "clean up" anything. Freeze the relevant files, links, emails, and communications. If litigation ever happens, spoliation — destroying evidence — can hurt you badly, even if you were the victim.
  2. Pull your access logs. This is where the earlier work pays off. Your per-viewer access logs show who opened the list and when, and identity watermarks turn an anonymous leak into an attributable one, because a leaked page literally carries the name of the account it came from. Without those, a leak is a mystery; with them, you often have a named source.
  3. Revoke access for the suspected source and anyone who no longer needs it. Use revocation to cut the link immediately, so the exposure stops widening while you figure out next steps.
  4. Call counsel before you send anything or accuse anyone. The legal path depends heavily on the facts and your jurisdiction, and a premature threat — or an accusation you cannot support — can weaken your position or create liability of its own. Let a lawyer shape the response.

Notice that steps 2 and 3 are only available to you if you were sharing under controls before the leak. That is the real argument for document-control tooling: not that it prevents every leak — nothing does — but that it converts a leak from an unattributable, unstoppable event into one you can trace, contain, and act on with evidence in hand. The watermark and the log are worth the most on the worst day, and they cannot be added after the fact. This is general information, not legal advice; talk to counsel about your specific situation.

What does protecting a price list actually cost — and do we need a lawyer?

Most of the reasonable-measures stack is a cheap tooling decision you handle yourself; the legal judgment is the narrow, valuable part you pay a lawyer for. It helps to separate the two, because people conflate "protect our pricing" with "hire litigators," and that mistake leads them to do nothing.

The controls — need-to-know access, per-page marking, viewer watermarks, access logs, revocation — are software, not a litigation budget. On Peony they are priced per admin seat, not per recipient: Free at $0, Business at $30/admin/month, and Data Room at $52/admin/month, with trade buyers free on the other side of the link. That last point matters at scale: 300 trade accounts cost you the same as 30, because you only pay for your handful of internal seats. You do not need a lawyer to turn these on, and doing so is inexpensive relative to what a single leaked list can cost you in undercut margin or discount disputes.

The legal judgment is where counsel earns the fee, and it is genuinely worth it for the pieces a tool cannot touch: reviewing your NDA and confidentiality language, assessing whether your specific information is likely protectable in your state, and advising you if a leak actually happens. That judgment is fact-specific and outside any product's scope — including Peony's. So the honest division of labor is: do the reasonable-measures implementation yourself with cheap tooling, and buy legal judgment for the questions that turn on doctrine and facts.

For low-stakes situations, plain marking and a simple NDA may be all the measure you need, and I would not push a full control stack on a business that does not have real confidentiality exposure. But if your pricing genuinely encodes your margin and competitors would love to have it, the seat price of controlled sharing is trivial against the downside — and it is the same spend that makes your everyday sharing cleaner. This is general information, not legal advice.


Frequently asked questions

Is a price list a trade secret?

It can be, but it is not automatically one. Under generic US trade-secret doctrine (the DTSA and state UTSA-style statutes), information qualifies only if two things are true: it derives independent economic value from not being generally known, and its owner takes reasonable measures to keep it secret. A master tiered price list, cost structure, or discount matrix can clear both tests — the margin it encodes has real value precisely because competitors do not have it. But a price sheet you email unrestricted to hundreds of accounts, unmarked and untracked, fails the second test: you cannot claim as secret what you broadcast. So the honest answer is that pricing can be a protectable trade secret, and whether yours is turns largely on how you share it. This is general information, not legal advice — confirm your position with counsel in your jurisdiction.

What actually makes a price list a protectable trade secret — versus just "confidential" business information?

Two things, and calling it confidential is neither of them. Courts have generally held that a trade secret must derive independent economic value from not being generally known, and that its owner must take reasonable measures under the circumstances to keep it secret. Labeling a document confidential in your own head, or even in a footer, does not satisfy the second prong on its own — the measures have to be real. The confidential asset is usually the master tiered list, cost basis, or discount ladder, not a single quote a customer already knows for their own account. What moves a price list from loosely confidential to protectable is the stack of actual controls around it: need-to-know access, marking, an audit trail of who saw it, and the ability to cut access off. Those measures are what a court weighs, and what a data room lets you implement and evidence.

We've been emailing our price list to hundreds of accounts unrestricted for years — did we blow our trade secret protection?

You have weakened your position, but you have not necessarily ended it. Years of mass-emailing an unmarked, unrestricted PDF is exactly the fact pattern a defendant uses to argue you never took reasonable measures — or that the pricing was not really secret. That can weigh heavily against you. But courts assess reasonable measures under the circumstances, and going-forward conduct matters: starting to restrict, mark, and track access now, and documenting the change, can help re-establish that you treat the information as a secret. It is not automatic, and past looseness is a real liability. The practical move is to stop broadcasting today, put controls in place, keep a record of when you tightened up, and ask counsel how the change is likely to be viewed in your jurisdiction. This is general information, not legal advice.

If our pricing already seems to be all over the industry, is it too late to start protecting it?

Not necessarily, and the answer turns on whether the information is genuinely generally known or merely widely shared by you. There is a real difference: if your exact master ladder is truly common knowledge across the market, the secrecy-value prong may be hard to satisfy. But if what is actually circulating is fragments — one account's quote, a rough sense of your list — the underlying tiered structure, cost basis, and discount logic can still hold value from not being generally known. The reasonable-measures prong is assessed going forward, so restricting access now still counts. The mistake is to conclude it is hopeless and keep broadcasting, which only deepens the problem. Start restricting, document the shift, and let counsel assess how generally known your specific information really is. Widely emailed is not the same as generally known.

How do we share a price list without losing trade secret protection?

You stop distributing loose copies and share it under controls that double as reasonable-measures evidence. In practice that means five things layered together. Restrict access to a need-to-know list so only accounts and reps who must see pricing get it. Mark every page confidential and stamp it with a viewer-identity watermark. Gate opening behind a verified email and, where warranted, an NDA. Log every open per viewer, so you have a record of who accessed what and when. And keep the ability to revoke access when a relationship ends. Those are precisely the controls courts look to when weighing whether you took reasonable measures — and they are the exact controls a data room applies. The sharing workflow and the legal protection become the same set of actions, which is the whole point. This is general information, not legal advice.

How do we mark a price list as confidential — and what confidentiality language should go on it?

Mark it on every page, not just the cover, so no single sheet travels stripped of its notice. A workable legend states that the document contains confidential and proprietary pricing information, is provided for the named recipient's internal use only, may not be disclosed or forwarded, and remains your property. Keep it short and put it in the footer of each page. Marking alone is necessary but not sufficient — a legend on a PDF you then email to anyone who asks does little on its own. It carries real weight when it rides on top of actual access control and tracking. Dynamic watermarks strengthen the marking further by burning the viewer's identity and a timestamp into each page, so the confidential notice is inseparable from a record of who was looking. I am not a lawyer, and specific language is worth a quick review with counsel; the point is that the mark has to sit inside a stack of real measures.

How do we restrict pricing to need-to-know and give each account only its own tier without exposing the others?

You segment access so each account is walled into its own tier and never sees another's, which is both a business win and a reasonable-measures win. Instead of one master spreadsheet with every tier in adjacent columns — where any recipient who scrolls sees the whole ladder — you create a group per tier and assign each account to exactly one, so that group sees only its own price sheet. In Peony this is the visitor-groups feature: per-group access, its own NDA gate, and pre-qualification before entry. A Tier C reseller literally cannot open Tier A's numbers because they were never granted the file. That structural isolation is exactly the need-to-know restriction the reasonable-measures test looks for, and it kills the cross-tier discount disputes that start when one account glimpses another's pricing. Isolation, not redaction, is what holds up.

Is an NDA enough to protect our pricing, or do we need to do more?

An NDA is necessary but not sufficient. It is strong evidence of your intent to keep pricing secret, and you should have one — but on its own it is a promise, not a control. If you sign an NDA and then email the master list to anyone who asks, unmarked and untracked, a court weighing reasonable measures sees a promise contradicted by your actual conduct. The NDA earns its weight when it sits on top of real enforcement: need-to-know access, per-page marking, viewer-identity watermarks, an audit trail of who opened the file, and the ability to revoke. Think of the NDA as the gate and those controls as the walls — a gate with no walls does not enclose anything. Peony lets you require the NDA before viewing and then layer the access, marking, logging, and revocation behind it. This is general information, not legal advice.

NDA vs. marking it confidential vs. actually locking down who can see it — which one actually protects our price list?

This is the false binary that trips most owners up: the answer is not one of the three, it is all three, layered. The NDA is the legal promise. The confidential marking is the notice that the promise applies to this specific document. Locking down who can see it is the actual enforcement that makes the first two credible. Any one alone reads weak — an NDA with no access control, a legend on a broadcast PDF, or tight access with no confidentiality terms each leave an obvious gap a defendant can point to. Courts weigh reasonable measures as a whole, so the strongest posture stacks them: NDA gate, per-page marking with viewer watermarks, need-to-know access, and per-viewer logs. Stop asking which one to pick and implement the stack — which, not coincidentally, is a single sharing workflow in a data room rather than three separate chores.

How do we track and prove who accessed our price list, so we can show we took reasonable steps?

You share the list as an access-controlled link and read the per-viewer logs, which turn an invisible send into a documented one. Emailed attachments give you nothing — no record of who opened the file, when, or whether they forwarded it. An access-controlled link logs each open with the viewer's email and timestamp, and page-level analytics go further, showing which pages each account read. That record does double duty: operationally it tells your reps who has seen the new pricing, and legally it is contemporaneous evidence that you restricted access and monitored it — one of the reasonable measures a court weighs. In Peony, page-analytics produce that per-viewer audit trail automatically, and dynamic watermarks tie any leaked page back to the account it came from. The log is the thing counsel wants behind a trade-secret position, and it only exists if you built it before you needed it.

A competitor (or former sales rep) got our price list — what do we do right now?

Move deliberately and do not fire off a cease-and-desist yourself. First, preserve evidence — do not delete or alter anything, and freeze the relevant files and communications. Second, pull your access logs to see who opened the list and when; per-viewer logs plus identity watermarks are what turn an anonymous leak into an attributable one, because a leaked page carries the name of the account it came from. Third, revoke access for the suspected source and anyone who no longer needs it. Fourth, call counsel before you send anything or accuse anyone — the legal path depends on facts and your jurisdiction, and a premature threat can hurt you. This is exactly why document-control tooling matters before a leak, not after: the logs and watermarks you want as evidence only exist if they were running when the leak happened. This is general information, not legal advice.

What does it cost to protect a price list this way, and do we need a lawyer or can we do it ourselves?

Most of the reasonable-measures stack is something you implement yourself, cheaply; the legal judgment is where a lawyer earns their fee. The controls — need-to-know access, per-page marking, viewer watermarks, access logs, revocation — are a tooling decision, not a litigation budget. Peony is priced per admin seat, not per recipient: Free at $0, Business at $30 per admin per month, and Data Room at $52 per admin per month, with trade buyers free on the other side of the link, so 300 accounts cost the same as 30. You do not need a lawyer to turn those controls on. You do want counsel to review your NDA language, confirm whether your specific information is likely protectable, and advise if a leak actually happens — that judgment is outside any tool's scope. Weigh the seat price against one leaked list or one round of discount disputes, and the tooling side pays for itself. This is general information, not legal advice.


This article is general information about how US trade-secret doctrine is commonly framed, not legal advice, and it does not create an attorney-client relationship. Trade-secret law varies by jurisdiction and turns on specific facts — consult qualified counsel about your situation. Peony is a document-control platform that helps you implement reasonable-measures controls and produce an access audit trail; it is not a law firm and does not by itself make any information a trade secret. For the operational sharing playbook, see how to share price lists and product catalogs securely; for regulated distribution, see the data room for pharmaceutical distribution; and for the broader control framework, see the document-sharing compliance guide.