Due Diligence Checklist Template

What's included

• Corporate documents (charter, bylaws, stockholder agreements, board minutes)
• Cap table and equity documentation (option grants, SAFE/note ledger, 409A)
• Financial statements and projections (P&L, balance sheet, cash flow, model)
• Tax documents (filings, sales tax, payroll tax, R&D credits)
• IP documents (assignments, registrations, OSS policy, trade secrets)
• HR documents (offer letters, IIAs, contractor agreements, ESOP records)
• Commercial documents (customer contracts, vendor contracts, MSAs)
• Technology documents (architecture, security posture, SOC 2 if applicable)
• Legal/regulatory items (pending litigation, compliance, data privacy)
• Each line item has a status column: Have / Need / N/A

How to use this template

1. 1. Run the checklist 60–90 days before you need the data room

   Most founders underestimate how long it takes to assemble the gaps. Run the checklist quarterly once you're approaching a raise — the items take 5 minutes each individually but the long tail (missed assignment agreements, lost board consents, undocumented IP from a contractor in 2022) takes weeks to chase down.

2. 2. Status each line: Have / Need / N/A

   Walk every line item and tag it. "Need" items become a task list with owners. "N/A" items get a one-sentence note explaining why they don't apply (e.g., "No outstanding litigation" or "Pre-revenue, no customer contracts") — investors notice when a category is empty without explanation.

3. 3. Build the folder structure in your data room

   Most data rooms mirror the checklist sections. Whether you use AppDeck, Dropbox, Google Drive, or a dedicated VDR, set up the folder structure once and add as you go. Investors who see a clean structure assume good housekeeping elsewhere.

4. 4. Get the IP assignment trail clean — this is the #1 gap

   Every contractor, every co-founder, every employee who wrote code or designed an asset needs a signed IP assignment. Founders who built with friends pre-incorporation often have unsigned trails from the early days. Clean this up before diligence — it's the #1 finding that delays closings.

5. 5. Update the checklist as deals evolve

   Series B diligence is more demanding than Series A; M&A diligence is more demanding than either. Treat this as a starting list. Add anything specific the lead investor or acquirer requests; remove anything genuinely not applicable to your company.

Who it's for

• Founders preparing for a Series A or later round
• Operators getting ready for an acquisition conversation
• Companies running their first formal diligence process
• CFOs cleaning up the data room before an investor visit

Frequently asked questions

When should I start preparing the data room?

60–90 days before you plan to send the deck. Diligence happens AFTER a term sheet, but if your data room is half-empty when investors start asking, the deal slows down dramatically. Treat data-room readiness as part of "raise prep," not "post-term-sheet sprint."

What's the difference between a data room and a due diligence checklist?

The checklist is the punch list of documents — what investors expect to find. The data room is the actual repository where you store and share them (folders + permissions + access tracking). The checklist tells you what to gather; the data room is where the gathered documents live.

Do I need a SOC 2 to close a Series A?

Not always. SOC 2 is increasingly common at Series A for enterprise SaaS companies, but it's not strictly required. What investors DO expect: a documented security posture, basic access controls, encryption at rest and in transit, vendor risk reviews. If you sell into regulated industries (financial services, healthcare), expectations are higher.

What's the riskiest section in due diligence?

IP and equity. IP assignments from contractors, co-founders who left without paperwork, and undocumented open-source usage. Equity: option grants without board approval, SAFEs without dated signatures, 83(b) elections that weren't filed in time. These two areas produce the most last-minute delays at closing.

How long does diligence usually take?

3–6 weeks for a clean Series A; 6–10 weeks if there are gaps. Late-stage and M&A diligence runs longer (8–16 weeks). The single biggest variable is how prepared the data room is going in. A well-prepared founder can close in 30 days; a scrambling founder can drag it to 90.