Skip to main content
@VCBeastmediaNewsletter
VC Beast

Due Diligence

Due Diligence Checklist & Guide for Startups and VCs

The complete due diligence process explained — what it means, every checklist item organized by category, and how both founders and investors can navigate it efficiently.

What Is Due Diligence? Definition, Meaning, and Etymology

Due diligence is the comprehensive investigation and analysis that a prospective investor conducts before committing capital to a company. In venture capital, due diligence (commonly abbreviated DD) is the process through which a VC fund evaluates a startup's business, finances, legal standing, technology, team, and market opportunity before finalizing an investment. The term originates from the Securities Act of 1933, where broker-dealers were required to exercise 'due diligence' in investigating securities they sold to the public — essentially, the degree of care a reasonable person would take before entering into a transaction. The Latin roots break down to 'due' (owed, proper) and 'diligence' (careful attention), so it literally means 'the careful attention that is owed.' In modern venture capital, due diligence serves multiple purposes. For investors, it validates (or invalidates) the claims a founder makes during fundraising, surfaces hidden risks that could destroy the investment, and provides the factual foundation for the investment committee memo. For founders, due diligence is the process of proving your company is what you say it is — that the revenue is real, the IP is owned, the cap table is clean, and the market opportunity is as large as your pitch deck claims. The scope of due diligence scales with the investment size and stage: a $100K angel check might involve a few hours of verification, while a $50M Series C requires weeks of forensic analysis across financial, legal, technical, and commercial dimensions. According to DocSend data from 2025, the average due diligence process for a Series A investment takes 3.5 weeks and involves reviewing 45-80 documents. Regardless of stage, the purpose remains the same — reducing uncertainty so that the investor can make an informed decision about risk and reward.

  • Due diligence means the careful investigation an investor conducts before committing capital to verify claims and surface risks
  • The term originates from the Securities Act of 1933 requiring broker-dealers to investigate securities before sale
  • In VC, DD validates a startup's business model, finances, legal standing, technology, team, and market opportunity
  • Scope scales with check size: a few hours for angel checks, weeks for institutional rounds
  • Average Series A DD takes 3.5 weeks and involves reviewing 45-80 documents
  • Serves both sides: investors reduce risk while founders prove credibility and build trust

Types of Due Diligence in Venture Capital

Due diligence in venture capital is not a single monolithic process — it breaks down into distinct categories, each examining a different facet of the target company. Understanding these categories helps both founders prepare comprehensive materials and investors ensure they are not leaving blind spots. Financial due diligence examines the company's revenue, expenses, burn rate, cash flow, projections, and accounting practices to verify that reported metrics are accurate and the financial model is sound. Legal due diligence reviews corporate structure, capitalization, contracts, IP ownership, regulatory compliance, pending litigation, and employment agreements to ensure there are no legal landmines. Technical due diligence evaluates the product's architecture, codebase quality, scalability, security posture, and technical debt — this is especially critical for software companies where the product is the primary asset. Commercial due diligence assesses the market opportunity, competitive landscape, customer relationships, go-to-market strategy, and unit economics to validate that the business can grow as projected. Operational due diligence looks at the company's internal processes, team structure, hiring pipeline, vendor relationships, and infrastructure to evaluate whether the organization can execute on its plan. Intellectual property due diligence specifically examines patents, trademarks, copyrights, trade secrets, and IP assignment agreements to confirm the company actually owns its key assets. HR due diligence reviews employment contracts, compensation structures, key person risk, cultural factors, and any employment-related liabilities. Not every deal requires deep investigation across all seven categories — the emphasis shifts depending on stage, sector, and the specific risks of the business. A biotech investment demands rigorous IP due diligence, while a marketplace business requires deeper commercial DD on network effects and unit economics.

  • Financial DD: revenue verification, burn rate, projections, accounting practices, bank statement review
  • Legal DD: corporate structure, cap table, contracts, IP ownership, litigation, regulatory compliance
  • Technical DD: codebase quality, architecture, scalability, security, technical debt assessment
  • Commercial DD: market size, competitive landscape, customer references, unit economics, go-to-market
  • Operational DD: team structure, processes, hiring pipeline, vendor relationships, infrastructure
  • IP DD: patents, trademarks, copyrights, trade secrets, assignment agreements, freedom-to-operate
  • HR DD: employment contracts, compensation, key person risk, culture assessment, employment liabilities
  • Emphasis varies by sector: biotech demands IP focus, marketplaces need commercial depth, fintech needs regulatory review

The VC Due Diligence Process: Step by Step

The due diligence process follows a predictable arc from initial screening through final investment committee approval. Understanding this flow helps founders anticipate what is coming and prepare accordingly, while helping newer investors establish a repeatable and thorough evaluation framework. Step 1 is the preliminary screen, which happens before formal DD begins — the VC reviews the pitch deck, has initial meetings with the founder, and decides whether the opportunity warrants deeper investigation. If the answer is yes, the VC issues a term sheet, which is a non-binding outline of the proposed investment terms. Step 2 is the data room request: immediately after a term sheet is signed, the lead investor sends the founder a due diligence request list (DDRL) — a comprehensive document specifying every piece of information and every document the investor needs to review. Step 3 is the data room population phase, where the founder and their team compile and upload all requested materials into a virtual data room (VDR) or shared folder. Step 4 is the parallel review phase, where the investor's team (and often outside counsel and accountants) simultaneously reviews financial, legal, technical, and commercial materials. This is the most time-intensive phase and typically involves multiple rounds of follow-up questions through a structured Q&A process. Step 5 is reference checks — the investor speaks with customers, former employees, co-investors, and industry experts to gather qualitative insights that documents alone cannot provide. Step 6 is the investment committee presentation, where the deal team presents their findings, risk assessment, and recommendation to the fund's investment committee (IC). Step 7 is final negotiation, where any issues surfaced during DD may result in adjustments to deal terms, additional protective provisions, or specific conditions that must be met before closing. Step 8 is closing, where legal documents are finalized, funds are wired, and the investment is complete.

  • Step 1: Preliminary screen — pitch review, founder meetings, initial conviction before issuing term sheet
  • Step 2: Data room request — investor sends a formal DD request list specifying all required documents
  • Step 3: Data room population — founder compiles and uploads materials to a VDR or shared folder
  • Step 4: Parallel review — financial, legal, technical, and commercial materials reviewed simultaneously
  • Step 5: Reference checks — calls with customers, former employees, co-investors, and domain experts
  • Step 6: Investment committee presentation — deal team presents findings and risk assessment to IC
  • Step 7: Final negotiation — DD findings may adjust deal terms, add protections, or set closing conditions
  • Step 8: Closing — legal documents finalized, funds wired, investment complete

Due Diligence Checklist for Startups: What Founders Should Prepare

If you are a founder about to enter due diligence, the single best thing you can do is prepare your materials before a term sheet arrives. Companies that have a well-organized data room ready to go on day one signal operational competence and dramatically accelerate the timeline — while disorganized data rooms create delay that can kill deals. According to Carta data from 2025, deals where the data room was pre-populated before DD began closed 40% faster than those where founders scrambled to assemble materials after the term sheet. Below is a comprehensive checklist organized by category. You do not necessarily need every item on this list for a seed round, but by Series A, most of these documents should exist and be accessible. The checklist covers corporate documents, financial materials, legal agreements, intellectual property, team and HR documents, product and technology information, and customer and commercial data. Start by creating a master folder structure in your VDR or shared drive that mirrors these categories, then systematically fill in each item. Flag any items that do not exist or are incomplete — it is far better to proactively tell an investor 'we have not formalized our employee handbook yet' than to have them discover the gap during review. Investors expect early-stage companies to have some gaps; what they do not forgive is dishonesty or concealment. Every item below has been validated against real VC due diligence request lists from top-tier firms including Sequoia, Andreessen Horowitz, Bessemer, and Accel.

  • Corporate: Certificate of Incorporation (and all amendments), bylaws, board meeting minutes, stockholder consents, state registrations
  • Corporate: Organizational chart showing all entities, subsidiaries, and jurisdictions of incorporation
  • Corporate: Cap table with full detail — every share class, option grant, SAFE, convertible note, and warrant
  • Financial: Last 3 years of financial statements (or since inception), including income statement, balance sheet, cash flow
  • Financial: Monthly revenue and expense breakdown for the last 12-24 months with actuals vs. budget comparison
  • Financial: Current financial model with 3-year projections including key assumptions documented
  • Financial: Bank statements for the last 12 months for all company accounts
  • Financial: Accounts receivable and accounts payable aging reports
  • Financial: Tax returns (federal and state) for all filed years plus any pending tax matters
  • Legal: All prior financing documents — stock purchase agreements, SAFEs, convertible notes, side letters
  • Legal: Material contracts — customer agreements (top 10 by revenue), vendor contracts, partnership agreements
  • Legal: Any pending, threatened, or settled litigation, arbitration, or regulatory proceedings
  • Legal: Insurance policies — D&O, E&O, general liability, cyber liability, key person
  • IP: Patent applications and grants, trademark registrations, copyright registrations
  • IP: IP assignment agreements for all founders, employees, and contractors — critical gap for many startups
  • IP: Open-source software audit — list of all OSS dependencies and their licenses
  • Team: Employment agreements for all employees, including any non-compete or non-solicitation clauses
  • Team: Contractor agreements (1099) with IP assignment provisions
  • Team: Employee handbook, equity incentive plan documents, 409A valuation reports
  • Team: Org chart with reporting lines, key person identification, and any planned hires

Due Diligence Checklist for VCs Evaluating Startups

Investors need their own checklist to ensure consistent and thorough evaluation across every deal. Unlike the founder's checklist, which focuses on document preparation, the investor's checklist emphasizes verification, analysis, and risk assessment. A structured approach prevents the common failure mode where an investor falls in love with a founder's story and skips critical verification steps. Every experienced VC has at least one painful story of a deal where they shortcut DD and later discovered a material issue that could have been caught. The checklist below represents best practices from institutional VC funds and can be adapted for earlier stages by reducing the depth of each item rather than skipping categories entirely. Before starting formal DD, establish your kill criteria — the specific findings that would cause you to walk away from the deal regardless of other factors. Common kill criteria include: founder dishonesty about any material fact, revenue fabrication, undisclosed litigation above a certain threshold, IP not assigned to the company, regulatory risk that could shut down the business, and cap table issues that cannot be resolved. Having explicit kill criteria before you start prevents the sunk-cost fallacy from keeping you in a deal that should be abandoned. Assign responsibility for each DD work stream to a specific team member and set a target completion date for each phase. Use a shared tracker (a simple spreadsheet works fine) to monitor progress across all work streams and ensure nothing falls through the cracks.

  • Verification: Cross-reference reported ARR against bank statements, Stripe dashboard, or accounting system exports
  • Verification: Confirm cap table accuracy using Carta viewer access or independent legal review of all financing docs
  • Verification: Run Middesk business verification to confirm corporate existence, good standing, and absence of liens
  • Verification: Confirm all IP is properly assigned to the company (not individuals) via written assignment agreements
  • Market analysis: Validate TAM/SAM/SOM claims using independent sources (AlphaSense, Gartner, Statista, Census data)
  • Market analysis: Map competitive landscape — identify 5-10 direct and indirect competitors, assess differentiation
  • Market analysis: Evaluate customer concentration risk — no single customer should represent more than 20% of revenue
  • Financial analysis: Rebuild the financial model independently to stress-test growth and burn assumptions
  • Financial analysis: Calculate unit economics from raw data — CAC, LTV, payback period, gross margin by cohort
  • Financial analysis: Assess cash runway under base case and downside scenarios
  • Legal review: Have outside counsel review all prior financing documents for unusual terms or hidden obligations
  • Legal review: Check for any change-of-control provisions in customer contracts that could be triggered by investment
  • Legal review: Review employment agreements for adequate IP assignment, non-compete, and confidentiality provisions
  • Technical assessment: Conduct architecture review — scalability, security, single points of failure, technical debt
  • Technical assessment: Review deployment practices, monitoring, incident response, and uptime history
  • Reference checks: Call 5+ customers including at least 2 the founder did not suggest (find them independently)
  • Reference checks: Call 2-3 former employees to understand culture, leadership quality, and operational reality
  • Reference checks: Call co-investors from prior rounds to assess their experience and intention to follow on

Financial Due Diligence Deep Dive

Financial due diligence is where most deals either gain confidence or fall apart. The core objective is answering three questions: Are the reported numbers accurate? Is the business model economically viable? Can the company achieve its projections? Start with revenue verification, which is the single most important financial DD task. Request read-only access to the company's primary revenue system — Stripe dashboard for SaaS companies, Shopify analytics for e-commerce, or bank statements as a universal backstop. Compare the numbers in the pitch deck to the numbers in the system. Even a 10% discrepancy between reported and actual revenue is a serious red flag that demands explanation. Beyond top-line revenue, analyze revenue quality: What percentage is recurring versus one-time? What is the gross revenue retention (GRR) and net revenue retention (NRR)? Is there significant customer concentration where losing one or two accounts could materially impact revenue? Examine expense structure and burn rate by reviewing 12-24 months of bank statements and accounting data. Categorize expenses into fixed (rent, salaries, tools) and variable (marketing, commissions, hosting that scales with usage) to understand operating leverage. Calculate the burn multiple (net burn divided by net new ARR) — a burn multiple above 2x at Series A or above 1.5x at Series B suggests inefficient growth. Review the company's financial projections by rebuilding the model from assumptions up. Test whether the growth assumptions are consistent with historical performance, competitive benchmarks, and available market data. Check the hiring plan embedded in the projections — many startups project aggressive revenue growth without proportionally increasing headcount in sales, customer success, or engineering, which signals the projections are aspirational rather than grounded. Finally, review tax compliance: confirm all federal and state taxes are filed and current, check for any tax liens, and verify that 409A valuations have been conducted at appropriate intervals (typically annually or after material events).

  • Revenue verification: Request Stripe, QuickBooks, or bank statement access — never rely solely on founder-reported numbers
  • Revenue quality: Analyze recurring vs. one-time, GRR/NRR, cohort retention curves, and customer concentration
  • Burn analysis: Categorize fixed vs. variable expenses, calculate burn multiple, assess operating leverage
  • Projection stress test: Rebuild the model from assumptions, compare growth rates to historical actuals and benchmarks
  • Unit economics: Calculate CAC, LTV, payback period, and gross margin from raw data — not from the founder's deck
  • Cash management: Review cash runway under base, best, and worst case scenarios with different fundraising timelines
  • Tax compliance: Confirm all filings are current, check for liens, verify 409A valuation history
  • Accounts receivable: Age the receivables — if over 30% are 90+ days old, revenue quality is suspect

Legal Due Diligence Deep Dive

Legal due diligence protects the investor from inheriting undisclosed liabilities and ensures the company's corporate house is in order. Most VC funds use outside legal counsel to conduct the legal DD review, but every investor should understand what counsel is looking for and what the critical findings mean. Start with the corporate formation documents: the Certificate of Incorporation (or Articles of Organization for LLCs) and all amendments. Verify the company is in good standing in its state of incorporation and any states where it is qualified to do business. Review the authorized share structure — how many shares of each class are authorized, issued, and outstanding. A surprisingly common issue is companies that have issued more shares than are authorized in their charter, which requires a filing to fix before closing. Next, review the capitalization table in detail. The cap table should reconcile perfectly with the corporate documents — every share issuance should trace back to a board approval and a signed stock purchase agreement, option agreement, SAFE, or convertible note. Common cap table problems include: undocumented share transfers, option grants that exceed the authorized pool, SAFEs with conflicting terms, missing 83(b) election filings for founders who received restricted stock, and side letters that grant specific investors special rights that other investors do not know about. Review all material contracts, paying special attention to: customer contracts with change-of-control provisions (which could allow customers to terminate after the investment), exclusive dealing arrangements that limit the company's strategic flexibility, vendor contracts with long-term commitments or penalty clauses, and any related-party transactions between the company and its founders, officers, or their affiliates. Examine the company's regulatory compliance posture, which varies dramatically by sector. A fintech company requires licenses and regulatory approvals that can take months to obtain; a healthcare company may need HIPAA compliance documentation; a company handling European customer data needs GDPR compliance evidence. Finally, check for any pending or threatened litigation by reviewing correspondence with opposing counsel, demand letters, and regulatory notices. Even small claims can signal larger problems if they involve former co-founders, employees alleging equity disputes, or customers claiming fraud.

  • Corporate formation: Verify good standing, authorized vs. issued shares, and that all amendments are properly filed
  • Cap table reconciliation: Every issuance must trace to board approval and signed agreements — flag any gaps
  • 83(b) elections: Confirm founders filed 83(b) elections within 30 days of restricted stock grants — missing filings create major tax issues
  • Material contracts: Review customer, vendor, and partner agreements for change-of-control, exclusivity, and penalty clauses
  • Related-party transactions: Identify any deals between the company and insiders — these require board approval and disclosure
  • Regulatory compliance: Assess licenses, permits, data privacy (GDPR/CCPA), and sector-specific requirements
  • Litigation review: Check for pending suits, demand letters, regulatory investigations, and former co-founder disputes
  • IP ownership chain: Confirm all IP assignments are signed and that no founder retained personal ownership of company IP
Sponsored
AArchstone

You launched a fund. Now actually run it.

Built by GPs, for GPs. One platform for LP reporting, capital calls, portfolio tracking, and fund accounting — $297/mo instead of $1,500.

LP portalCapital calls$297/moNo AUM fees
Start your free trial

Technical Due Diligence for Software Companies

Technical due diligence evaluates whether the company's product and engineering capabilities can support the growth trajectory implied by the investment thesis. For software startups, the technology is often the primary asset, making technical DD critical to the investment decision. The evaluation typically covers five areas: architecture and scalability, code quality and practices, security posture, team capability, and technical debt. Architecture review examines whether the system is designed to handle 10x or 100x the current load without a fundamental rewrite. Look for modern patterns like microservices or well-structured monoliths, appropriate use of cloud infrastructure (AWS, GCP, Azure), database choices that match the data model and query patterns, and caching and CDN strategies. Red flags include: a single monolithic database that handles everything, no horizontal scaling capability, hard-coded configuration values, and architecture that was clearly designed for a different product than the one being sold today. Code quality assessment does not require reading every line — instead, focus on engineering practices. Does the team use version control effectively (branching strategy, code reviews, CI/CD pipelines)? Is there automated testing, and what is the test coverage? Are there coding standards and documentation practices? Review the deployment pipeline: how frequently does the team deploy, and how long does it take to go from merged code to production? Companies deploying multiple times per day with automated rollback capabilities are significantly less risky than those doing manual monthly releases. Security posture evaluation is increasingly important as data breaches become more costly and regulatory penalties increase. Check for: encryption at rest and in transit, authentication and authorization patterns, vulnerability scanning and penetration testing history, incident response plan, SOC 2 compliance (or progress toward it), and data handling practices for sensitive information. For the team assessment, evaluate the engineering org's structure, hiring velocity, and key person risk. If the CTO is the only person who understands the core architecture, that is a material risk. Review the open-source dependency landscape — modern software applications often include hundreds of OSS dependencies, and licenses like GPL can create obligations that conflict with the company's business model.

  • Architecture: Can the system handle 10-100x current load? Are there single points of failure or scaling bottlenecks?
  • Code practices: Version control, code reviews, CI/CD pipelines, automated testing, deployment frequency
  • Security: Encryption, auth patterns, vulnerability scanning, SOC 2 status, incident response plan
  • Technical debt: Estimated effort to remediate known issues, presence of legacy systems, migration plans
  • Team assessment: Key person risk, engineering org structure, hiring pipeline, bus factor for critical systems
  • Open-source audit: License compliance (GPL, AGPL, MIT, Apache), dependency currency, known vulnerabilities
  • Infrastructure: Cloud provider setup, disaster recovery, backup strategy, monitoring and alerting
  • Product roadmap feasibility: Are the planned features achievable with the current team and architecture?

Due Diligence Timeline: How Long Does It Take?

The duration of due diligence varies significantly by stage, deal complexity, and how prepared the company is. Understanding typical timelines helps both founders plan their fundraising process and investors set expectations with their deal teams and investment committees. At the pre-seed and seed stage, due diligence is lightweight and fast. Most angel investors and seed funds complete their review in 1-2 weeks. The process focuses on founder background checks, basic corporate verification, cap table review, and a high-level assessment of the market and product. There are fewer documents to review, and the investment decision is primarily driven by conviction about the team and market rather than detailed financial analysis. For a Series A investment ($5-15M), expect 3-5 weeks of formal DD after the term sheet is signed. This is where the process becomes institutional: outside counsel reviews corporate and financing documents, the investor team conducts detailed financial analysis, customer reference calls are made, and there may be a technical assessment. The timeline extends if the company's data room is disorganized, if there are issues that require remediation (like missing IP assignments), or if the investor needs to consult with domain experts. Series B investments ($15-50M) typically require 4-8 weeks. At this stage, investors often commission a Quality of Earnings (QoE) report from an independent accounting firm ($25K-$75K cost, 3-5 weeks to complete), which is the most common timeline bottleneck. The QoE provides independent verification of revenue, expenses, and key metrics. Legal review is more extensive because there are more prior rounds, more contracts, and more complexity in the cap table. Growth equity and pre-IPO rounds ($50M+) can take 8-12 weeks or longer. These deals involve full financial audits, deep regulatory analysis, comprehensive legal review across multiple jurisdictions, technical due diligence with code audits, and extensive management interviews. The timeline often extends further if the company operates in multiple countries, has complex corporate structures, or is in a heavily regulated industry. The single biggest factor in DD timeline is founder preparation. Companies with a pre-populated, well-organized data room can compress timelines by 30-50%. The second biggest factor is responsiveness to follow-up questions — every day of delay on a Q&A response pushes the closing out by at least a day, and extended delays can cause investors to lose momentum and confidence.

  • Pre-seed/Seed: 1-2 weeks — lightweight, focused on founder verification and basic corporate checks
  • Series A: 3-5 weeks — institutional process with outside counsel, financial analysis, and reference checks
  • Series B: 4-8 weeks — QoE report is often the bottleneck (3-5 weeks alone), deeper legal and financial review
  • Growth/Pre-IPO: 8-12 weeks — full audits, multi-jurisdiction review, technical code audits, extensive management interviews
  • Pre-populated data rooms compress timelines by 30-50% compared to scrambling after the term sheet
  • Fastest path to close: have your data room ready before you start fundraising, respond to Q&A within 24 hours
  • Common delays: missing IP assignment agreements, disorganized financials, unresolved cap table issues, slow Q&A responses

Red Flags in Due Diligence

Experienced investors develop pattern recognition for red flags during due diligence — signals that something is materially wrong with the business, the team, or the opportunity. Some red flags are absolute deal-killers, while others are yellow flags that warrant deeper investigation but are not necessarily fatal. Understanding these patterns helps founders avoid inadvertently triggering them and helps investors maintain discipline when excitement about a deal might otherwise cloud judgment. The most serious red flag is dishonesty. If a founder misrepresents revenue, customer count, or any material metric — even by a small amount — walk away. A founder who exaggerates in the fundraising process will exaggerate in board meetings and investor updates. Revenue manipulation is surprisingly common: look for channel stuffing (pulling forward future revenue into the current period), counting signed contracts as recognized revenue, inflating MRR by including one-time fees or professional services, or reporting gross transaction volume as revenue when the company only earns a take rate. Cap table problems are another major red flag category. If the cap table does not reconcile with the corporate documents, there could be undisclosed investors, unauthorized share issuances, or oral promises of equity that were never formalized. Missing 83(b) election filings for founders are a significant tax liability that the company may need to address. SAFEs with conflicting valuation caps or terms suggest disorganized or hurried fundraising. Founder-related red flags include: a pattern of co-founder departures (especially if the departed founders retained equity and are uncooperative), founder disputes about equity splits, a history of lawsuits or regulatory actions against the founder personally, and significant undisclosed outside business activities. Customer-related red flags include extreme concentration (one customer representing more than 30% of revenue), high churn rates that the founder has not disclosed, customer contracts with unusual termination provisions, and a pipeline that consists primarily of LOIs and verbal commitments rather than signed contracts. Technical red flags include: no version control or code review process, the entire codebase written by a single developer who has left the company, significant open-source license violations, and security vulnerabilities with no remediation plan.

  • Dishonesty: Any misrepresentation of revenue, metrics, or material facts — absolute deal-killer
  • Revenue manipulation: Channel stuffing, counting signed-but-unrecognized contracts, inflating MRR with one-time fees
  • Cap table issues: Documents that do not reconcile, undisclosed SAFEs, missing 83(b) elections, oral equity promises
  • Founder red flags: Pattern of co-founder departures, equity disputes, undisclosed lawsuits, excessive outside activities
  • Customer concentration: Single customer above 30% of revenue, high undisclosed churn, pipeline of only verbal commitments
  • Technical red flags: No version control, single-developer codebase, OSS license violations, unaddressed security gaps
  • Legal red flags: Pending litigation the founder did not disclose, IP not assigned to the company, regulatory non-compliance
  • Operational red flags: Key executives with no employment agreements, no D&O insurance, related-party transactions without board approval

How to Prepare for Due Diligence as a Founder

Preparing for due diligence is not a last-minute exercise — the best founders build DD-ready practices into their operations from day one, so that when an investor sends a request list, everything is already organized and accessible. This approach does more than save time; it signals operational maturity and builds investor confidence at exactly the moment when trust matters most. Start by establishing a permanent virtual data room (VDR) for your company, even if you are not currently fundraising. Services like Ansarada, DocSend, or even a well-structured Google Drive folder work fine at the early stages. Organize it using the standard DD categories: corporate, financial, legal, IP, team, product, and customer. Make it a habit to file documents in the VDR as they are created rather than trying to compile everything retroactively. On the financial side, maintain clean books from the start. Use a real accounting system (QuickBooks, Xero, or Pilot) rather than spreadsheets. Reconcile bank accounts monthly. Close your books within 15 days of month-end. Maintain a rolling 12-month actuals-vs-budget comparison. These practices take minimal time each month but save enormous effort during DD and give you better operational visibility as a founder. Ensure your corporate governance is clean: hold annual board meetings (even if it is just you), document major decisions with board resolutions or written consents, maintain an up-to-date cap table, and ensure all equity issuances are properly authorized and documented. One of the most common DD findings is that a company issued stock options without proper board approval — a problem that is easy to prevent but expensive to fix retroactively. On the IP front, ensure that every person who has written code, designed products, or created content for your company has signed an IP assignment agreement. This includes founders, employees, and contractors. The single most common legal DD finding across all stages is incomplete IP assignment — and it can delay or kill a deal because no investor wants to fund a company that does not clearly own its core technology. Prepare a DD readiness checklist and review it quarterly. Treat it like a pre-flight check: if everything is in order, the actual DD process becomes a formality rather than a scramble.

  • Set up a permanent data room organized by DD category — file documents as they are created, not retroactively
  • Maintain clean financials: real accounting software, monthly reconciliation, books closed within 15 days of month-end
  • Hold regular board meetings with documented minutes and resolutions — even at the earliest stages
  • Ensure every founder, employee, and contractor has signed IP assignment agreements — the number one DD finding
  • Keep your cap table current and reconciled with corporate documents after every equity event
  • Maintain an updated corporate org chart, insurance policy summary, and contract register
  • Review DD readiness quarterly using a checklist — fix gaps proactively rather than scrambling during fundraising
  • Pre-draft a company overview memo covering business model, key metrics, team, market, and known risks

Setting Up a Due Diligence Data Room

The data room is the central repository where all due diligence materials live during the fundraising process. A well-organized data room accelerates DD timelines, reduces investor anxiety, and prevents the death-by-a-thousand-emails problem where documents are scattered across inboxes and chat threads. For seed and Series A companies, a structured Google Drive or DocSend data room is usually sufficient. For Series B and beyond, consider a purpose-built virtual data room (VDR) like Ansarada or Datasite that provides granular access controls, audit trails, Q&A workflows, and watermarking. Regardless of the platform, the organizational structure should follow a standard hierarchy that investors expect. Create top-level folders for each DD category: Corporate, Financial, Legal, Intellectual Property, Team and HR, Product and Technology, and Customers and Commercial. Within each folder, use a consistent naming convention that includes the document date and a descriptive name (for example, '2025-Q4-Income-Statement.pdf' rather than 'financials-v3-final-FINAL.xlsx'). Access control is critical. Not every investor or advisor should see every document. Set up permission tiers: Level 1 (broad access) includes the pitch deck, company overview, and high-level financials; Level 2 (after term sheet) includes detailed financials, customer data, and legal documents; Level 3 (for lead investor and counsel only) includes employment agreements with compensation details, pending litigation documents, and sensitive customer contracts. Track who accesses what and when — this audit trail protects you legally and gives you intelligence about which investors are seriously engaged. For the best data room software options, see our detailed comparison. The Q&A process is where many DD interactions break down. Establish a single channel for all DD questions — either the VDR's built-in Q&A feature or a shared spreadsheet — and commit to responding within 24-48 hours. Assign a single person on your team (usually the founder or CFO) to triage and route questions. Delayed or evasive answers to DD questions are one of the fastest ways to kill investor confidence.

  • Use Google Drive or DocSend for seed/Series A; Ansarada or Datasite for Series B+ with more complex requirements
  • Standard folder structure: Corporate, Financial, Legal, IP, Team/HR, Product/Technology, Customers/Commercial
  • Naming convention: Date + descriptive name (e.g., '2025-Q4-Balance-Sheet.pdf') — no 'v3-final-FINAL' chaos
  • Permission tiers: Level 1 for broad access, Level 2 after term sheet, Level 3 for lead investor counsel only
  • Track all access with audit trails — know who viewed what and when for legal protection and engagement intelligence
  • Centralize Q&A in one channel (VDR feature or shared tracker) with a 24-48 hour response commitment
  • Assign one person to triage DD questions — typically founder or CFO — to ensure consistent and timely responses
  • Pre-populate the data room before fundraising begins — this alone compresses DD timelines by 30-50%

Due Diligence for Different Funding Stages

The scope and intensity of due diligence should scale proportionally with the check size, company maturity, and risk profile of the investment. Applying Series C rigor to a pre-seed deal wastes time and money, while applying seed-stage shortcuts to a growth equity investment invites disaster. At the pre-seed stage ($100K-$500K checks), DD is minimal and founder-centric. The primary risk is team risk — can these founders build what they say they will build? Verify basic corporate existence (a Middesk report for $10), confirm the cap table is clean and there are no co-founder disputes, check that IP assignment agreements are in place, and conduct 3-5 reference calls on the founders. Skip the QoE report, skip the deep legal review, skip the technical audit. Total DD cost: under $500. Total time: 1-2 weeks. At the seed stage ($500K-$2M checks), add financial verification. Request 6-12 months of bank statements and compare them to reported revenue. Review the cap table in detail including all SAFEs and convertible notes. Verify that the company is properly incorporated in Delaware (or wherever it claims) and in good standing. Conduct 5+ reference calls including at least two customers. Begin to assess the market opportunity using publicly available data. Total DD cost: $500-$2,000. Total time: 2-3 weeks. Series A ($3-15M checks) is where DD becomes institutional. Engage outside counsel to review all corporate and financing documents. Conduct a detailed financial analysis including unit economics verification. Complete 8-10 reference calls with customers, former employees, and domain experts. Evaluate the technical architecture and team. Review all material contracts and IP ownership. Total DD cost: $5,000-$15,000 (legal fees are the primary cost). Total time: 3-5 weeks. Series B ($15-50M checks) adds the Quality of Earnings report, deeper competitive analysis using tools like AlphaSense and PitchBook, formal technical due diligence with external consultants, comprehensive legal review across all contracts and regulatory requirements, and extensive management interviews. Total DD cost: $40,000-$100,000+. Total time: 4-8 weeks. Growth equity and pre-IPO ($50M+ checks) requires the full institutional treatment: complete financial audit (not just a QoE), multi-jurisdiction legal review, technical code audit, regulatory risk assessment, ESG evaluation, management assessment, and often a market study by an independent research firm. Total DD cost: $100,000-$500,000+. Total time: 8-12+ weeks.

  • Pre-seed ($100K-$500K): Founder references, Middesk verification, cap table check, IP assignment confirmation — under $500, 1-2 weeks
  • Seed ($500K-$2M): Add bank statement verification, detailed cap table review, 5+ references, market assessment — $500-$2K, 2-3 weeks
  • Series A ($3-$15M): Outside counsel, financial analysis, 8-10 references, technical review, IP audit — $5K-$15K, 3-5 weeks
  • Series B ($15-$50M): QoE report, competitive analysis, technical consultants, comprehensive legal review — $40K-$100K+, 4-8 weeks
  • Growth/Pre-IPO ($50M+): Full audit, multi-jurisdiction legal, code audit, regulatory assessment, market study — $100K-$500K+, 8-12+ weeks
  • Common mistake: Applying early-stage shortcuts to later-stage deals or institutional rigor to seed investments
  • The cost of DD should never exceed 1-2% of the check size — if it does, reassess the scope

Frequently Asked Questions

What does due diligence mean in venture capital?

Due diligence in venture capital refers to the comprehensive investigation an investor conducts before making an investment in a startup. It covers financial verification (is the revenue real?), legal review (is the corporate structure sound?), technical assessment (does the product work?), commercial analysis (is the market opportunity real?), and team evaluation (can these founders execute?). The term comes from the Securities Act of 1933 and literally means 'the careful attention that is owed.' In practice, it is the process of verifying everything a founder claims during fundraising and surfacing hidden risks that could destroy the investment.

How long does due diligence take for a startup fundraise?

Due diligence timelines vary by stage. Pre-seed and seed deals typically complete DD in 1-2 weeks with a lightweight process. Series A takes 3-5 weeks with institutional review including outside counsel. Series B takes 4-8 weeks, often bottlenecked by a Quality of Earnings report (3-5 weeks alone). Growth equity and pre-IPO rounds can take 8-12 weeks or longer. The single biggest factor in timeline is founder preparation — companies with pre-populated, well-organized data rooms close 30-50% faster than those assembling materials after the term sheet.

What documents do VCs request during due diligence?

A typical VC due diligence request list includes: Certificate of Incorporation and bylaws, cap table with full option grant detail, last 2-3 years of financial statements, monthly revenue breakdown, bank statements, tax returns, all prior financing documents (SAFEs, convertible notes, stock purchase agreements), material customer and vendor contracts, IP assignment agreements for all employees and contractors, employment agreements, patent and trademark filings, insurance policies, and any pending or threatened litigation. The exact list varies by stage — seed investors request fewer items while growth investors require comprehensive documentation across all categories.

What are the biggest red flags in due diligence?

The most serious red flags are: revenue misrepresentation (any discrepancy between reported and verified numbers), IP not assigned to the company (founders or contractors retained personal ownership), cap table discrepancies that do not reconcile with corporate documents, undisclosed litigation or regulatory proceedings, extreme customer concentration (one customer above 30% of revenue), patterns of co-founder departures, missing 83(b) election filings for restricted stock, and a founder who is evasive or slow to provide requested materials. Any form of dishonesty — even about seemingly minor facts — is an absolute deal-killer for experienced investors.

How should a founder prepare for due diligence?

Start building DD-ready practices from day one rather than scrambling when a term sheet arrives. Set up a permanent data room organized by category (corporate, financial, legal, IP, team, product, customers). Maintain clean books with monthly reconciliation. Ensure every person who has created IP for the company has signed an assignment agreement. Keep your cap table current and reconciled with corporate documents. Hold regular board meetings with documented minutes. Review a DD readiness checklist quarterly. Companies with pre-populated data rooms close 30-50% faster, and the organizational discipline signals operational maturity to investors.

How much does due diligence cost?

DD costs scale with round size. Pre-seed and seed: under $500 (Middesk report, basic legal review). Series A: $5,000-$15,000 (primarily outside counsel fees). Series B: $40,000-$100,000+ (Quality of Earnings report is $25K-$75K alone, plus legal and technical review). Growth equity and pre-IPO: $100,000-$500,000+ (full audit, multi-jurisdiction legal, code audit, market study). As a rule of thumb, DD costs should not exceed 1-2% of the check size. For investors, the cost of thorough DD is always cheaper than the cost of one preventable bad investment.

What is a Quality of Earnings (QoE) report?

A Quality of Earnings report is an independent financial analysis conducted by an accounting firm (typically costing $25K-$75K and taking 3-5 weeks) that verifies a company's reported revenue, expenses, and key financial metrics. It goes beyond a standard audit to analyze revenue quality (recurring vs. one-time), customer concentration, normalized EBITDA, working capital trends, and the sustainability of reported growth rates. QoE reports are standard for Series B and above and are often the timeline bottleneck in the DD process. They are commissioned by the investor but often paid for as a deal expense.

What is a due diligence data room?

A due diligence data room (also called a virtual data room or VDR) is the secure repository where a company stores all documents that investors need to review during the DD process. At the seed stage, a well-organized Google Drive or DocSend folder is sufficient. For Series B and beyond, purpose-built VDR platforms like Ansarada or Datasite provide granular permission controls, audit trails, automated Q&A workflows, and watermarking. The data room should be organized by category (corporate, financial, legal, IP, team, product, customers) with consistent file naming conventions and tiered access permissions.