There are some basic elements that your policy has to contain. Of course, it should be about what you do with the information that your client gives you.
You can write something around these lines: "Information collected by you or you company will only be used by yourself or by your company." and confirm that this information will not be sold/distributed/disclosed to any other business or third-party or partner, etc.
Also, make sure to include in which cases you would actually breach this non-disclosure agreement. ex: request from a government agency or if you need to disclose "x" information to provide a certain service.