Ultimate Due Diligence Checklist for Startup Acquisitions

Buying a startup is like dating someone new - exciting but risky if you don’t know what’s under the surface. This checklist will help you look under the hood before signing that big check. We focus on tech and money stuff since that’s what makes or breaks most deals.

1. Show Me The Money: Financial Health Check

Revenue Breakdown

• Where’s the money coming from?
  • List all ways the startup makes money (subscriptions, one-time sales, etc.)
  • Check if they depend too much on a few big customers (like that friend who only has one job skill)
  • Compare steady income vs. one-time sales (steady is better, just like dating)
  • Make sure they’re not playing accounting tricks with revenue
  • Look at their pricing - is it genius or madness?

Growth Numbers

• Is this rocket taking off or fizzling out?
  • Look at 3-5 years of sales numbers (are they growing or just good at excuses?)
  • Check how much they spend to get each customer (if they’re spending $1000 to acquire a $100 customer, that’s like buying a $5 coffee with a $50 bill)
  • Figure out how much each customer is worth long-term
  • See if they’re getting more or less profitable over time

Cash Situation

• How fast are they burning money?
  • Calculate monthly burn rate (how quickly they’re going through cash)
  • Figure out how long until they run out of money (runway)
  • Look for weird spending patterns (did they suddenly buy Teslas for everyone?)
  • See how much they spend on R&D (too little = no innovation, too much = money pit)

Debt and Ownership

• Who owns what and who’s owed what?
  • Review all investments and their terms
  • Check who owns what percentage (cap table)
  • Look for special investor rights that might cause problems
  • Check for stock options that haven’t been cashed in yet
  • Make sure they’ve followed the rules on previous investments

Market Position

• Can they dominate or just participate?
  • Calculate total market size and their slice of it
  • Check if they have room to grow
  • See if their prices make sense compared to competitors
  • Look for unique advantages that protect them from copycats
  • Check if their product gets better as more people use it (like social networks)

2. Tech Stuff: Is It Built Right?

Core Technology

• Is their tech solid or a house of cards?
  • Check if their system is modern or dinosaur-age
  • Look at how they store and handle data
  • Review their APIs (the connectors to other systems)
  • See if they can handle crashes without total meltdowns
  • Check how they move data around their systems

Code Quality

• Is their code beautiful or a horror show?
  • Run code quality checks (like spell-check but for code)
  • See if they commented their code or left it mysterious
  • Check how much of their code is actually tested
  • Look for ancient code that needs updating (tech debt)
  • Check if they’re using outdated libraries (like running Windows 95 in 2025)
  • See if their code is reusable or a tangled mess

Development Practices

• How do they ship code?
  • Check their build and release process
  • See how they test their code before shipping
  • Look at how often they release updates (once a year = bad)
  • See if test environments match production (if not, expect surprises)
  • Check how they monitor for problems
  • Review their downtime history (do they break things every Tuesday?)

Cloud & Infrastructure

• How’s their tech backbone?
  • Map which cloud providers they use
  • Check if they’re using modern infrastructure approaches
  • See if they’re wasting money on cloud resources
  • Check if they can handle sudden traffic spikes
  • Look for backup systems if one data center goes down
  • Review their disaster recovery plans (or lack thereof)

Documentation

• If the team disappears tomorrow, can others figure it out?
  • Look for system diagrams and explanations
  • Check API documentation
  • See if they have emergency playbooks
  • Check for knowledge transfer materials
  • Look for configuration documentation

3. Intellectual Property: Who Owns What?

IP Ownership

• Do they actually own their stuff?
  • Verify they own all their code
  • Check patents (applied for and granted)
  • Confirm they own their brand names and web domains
  • Look at copyright registrations
  • Check how they protect trade secrets

Open Source Check

• Are they following open source rules?
  • List all open source components they use
  • Check the license types (some require sharing your code too!)
  • Look for compliance with “viral” licenses
  • Make sure they give credit where required
  • Check for potential IP contamination

Third-Party Dependencies

• What outside tech are they hooked on?
  • List all external libraries and frameworks
  • Check all API dependencies
  • See how hard it would be to switch providers
  • Review license terms for paid components
  • Check if they keep dependencies updated (outdated = security risks)

Data Assets

• What data do they have and who can use it?
  • List all data they own or use
  • Verify they have rights to use this data
  • Review any data licensing deals
  • Check data quality and accuracy
  • See if data could be used to make money
  • Identify personal information they store (privacy risk)

4. Product Check: Is It Any Good?

Product Completeness

• Is the product finished or half-baked?
  • Compare plans vs. what’s actually built
  • See how they stack up against competitors
  • Review product guides and documentation
  • Check which features people actually use
  • Look for experimental features that might break

Performance

• Is it fast or frustrating?
  • Check response times (slow = unhappy users)
  • See how many users they can handle at once
  • Look at scalability test results
  • Review how they test for performance
  • Check what tools they use to monitor speed

User Experience

• Is it a joy or a pain to use?
  • Check if the design is consistent or a mess
  • See if it’s accessible to people with disabilities
  • Look at user journeys and conversion rates
  • Check if it works on all browsers and mobile devices
  • See if it’s ready for global users (languages, currencies)

Analytics

• Do they know how people use their product?
  • Review engagement metrics
  • Check feature adoption rates
  • Look at conversion funnels (where do users give up?)
  • See how they test new features
  • Check how much of the product has tracking

Customer Happiness

• Do users love it or tolerate it?
  • Check Net Promoter Scores (would users recommend it?)
  • Look at support tickets (common complaints)
  • Review feature requests (what’s missing?)
  • Check churn rates (how many users leave)
  • See how easy it is for new users to get started

5. Security & Compliance: Will This Get Us Sued?

Security Setup

• How secure is their fortress?
  • Check login security and password rules
  • Review permission systems (who can access what)
  • Check encryption practices (in transit and storage)
  • Look at network security design
  • See how they manage security keys
  • Check security monitoring systems

Vulnerability Management

• How do they handle security holes?
  • Review penetration testing results
  • Check how they scan for vulnerabilities
  • See how they manage security in external code
  • Review security incident history
  • Check if they have bug bounty programs

Compliance

• Are they following the rules?
  • Check GDPR compliance (European privacy law)
  • Review California privacy law compliance
  • Look at industry-specific regulations (healthcare, finance)
  • Check privacy impact assessments
  • See how they handle international data
  • Review audit logs and compliance reporting

Business Continuity

• What happens when things break?
  • Check backup strategies and testing
  • Review recovery time targets
  • See if they test failover systems
  • Check business continuity plans
  • Review incident response procedures

6. Team Assessment: Who Are You Buying?

Team Makeup

• Who’s on the bus?
  • Map skills across the team
  • Identify “bus factor” risks (if one person gets hit by a bus…)
  • Check engineering team structure
  • Assess technical leadership
  • Review hiring practices

Development Culture

• How do they work?
  • Check code review practices
  • Review Agile implementation (or chaos)
  • See how they handle tech debt
  • Check knowledge sharing practices
  • Review innovation processes

Team Performance

• Do they deliver or make excuses?
  • Review development speed trends
  • Check bug rates and fix times
  • Look at deployment frequency
  • Review on-call rotation and incident handling
  • Check technical documentation habits

Team Stability

• Will everyone quit after the deal?
  • Review engineer turnover rates
  • Check equity distribution and vesting
  • See if pay is competitive
  • Review employment agreements
  • Check employee satisfaction surveys

7. Market Position: Can They Win?

Market Analysis

• Is this market hot or not?
  • Check total market size and growth rate
  • See how much market share they have
  • Review competitive positioning
  • Analyze customer acquisition channels
  • Check for market saturation signs

Competition

• Who’s trying to eat their lunch?
  • Map direct and indirect competitors
  • Compare features and capabilities
  • Check pricing versus competition
  • Identify technical advantages
  • Review competitor funding and resources

Competitive Advantages

• What’s their special sauce?
  • Check for network effects
  • Assess switching costs for customers
  • Review platform economics
  • Look for data advantages
  • Check for unique algorithms or tech

Growth Opportunities

• Where can they expand?
  • Check geographic expansion potential
  • Review adjacent market opportunities
  • Assess upsell possibilities
  • Analyze product extension options
  • Evaluate ecosystem potential

8. Legal Stuff: Contracts & Commitments

Customer Contracts

• Any contract landmines?
  • Review service agreements
  • Check for change-of-control clauses (deal-breakers!)
  • Look at service level agreements
  • Check renewal terms and cancellation policies
  • Review revenue recognition implications

Vendor Agreements

• What suppliers are they tied to?
  • Map critical vendor dependencies
  • Review contract terms and renewal dates
  • Check for change-of-control provisions
  • Look at pricing and volume commitments
  • Evaluate vendor performance

Employee Contracts

• Are employees locked in or flight risks?
  • Review employment agreements for key people
  • Check non-compete clauses
  • Verify IP assignment clauses
  • Look at work-for-hire provisions
  • Review confidentiality protections

Legal Issues

• Any legal time bombs?
  • Check for ongoing lawsuits
  • Review IP dispute history
  • Look at customer disputes
  • Check employee complaints
  • Review regulatory investigations

9. Post-Deal Planning: What Happens After “I Do”

Tech Integration

• Will the systems play nice together?
  • Check tech stack compatibility
  • Identify integration challenges
  • Assess data migration complexity
  • Review API compatibility
  • Draft an integration roadmap

Team Integration

• Will the cultures blend or clash?
  • Check culture compatibility
  • Identify retention risks
  • Compare development methods
  • Review communication tools and styles
  • Plan knowledge transfer approach

Product Integration

• How will the products come together?
  • Check for product overlap
  • Prioritize feature integration
  • Plan branding changes
  • Develop customer communication plan
  • Prepare for transition hiccups

Financial Benefits

• Where’s the money in this deal?
  • Identify cost-saving opportunities
  • Check revenue growth potential
  • Look for technology reuse possibilities
  • Calculate integration costs
  • Create post-acquisition financial model

10. Innovation Check: Are They Future-Proof?

R&D Pipeline

• What’s cooking in the lab?
  • Review current R&D projects
  • Check research methods
  • Look at prototypes and concepts
  • Review pending patents
  • Check R&D budget and resources

Future Tech Plans

• Where are they headed?
  • Check tech roadmap vs. market trends
  • Review plans for emerging technologies
  • Look at tech debt fixing plans
  • Check architecture evolution plans
  • Review AI/ML strategy

Experimental Tech

• Are they innovating or watching from the sidelines?
  • Check experimental tech explorations
  • Review blockchain/Web3 initiatives
  • Look at AI/ML development
  • Check AR/VR initiatives
  • Review IoT strategy if relevant

11. Economic Impact: Will This Deal Pay Off?

Financial Forecasts

• Are their projections fantasy or reality?
  • Review revenue forecasts and assumptions
  • Check cost structure as they scale
  • Look at gross margin trends
  • Review customer acquisition cost projections
  • Check lifetime value calculations

Expansion Economics

• Can they grow profitably?
  • Check economics of geographic expansion
  • Review unit economics by segment
  • Look at pricing strategy
  • Review partnership economics
  • Check customer cohort performance

Investment Needs

• How much more money will they need?
  • Check ongoing R&D costs
  • Review infrastructure scaling costs
  • Look at sales and marketing needs
  • Check for deferred tech investments
  • Review security compliance costs

Economic Risks

• What could blow up the business model?
  • Check customer concentration risks
  • Review supplier dependency risks
  • Look for market saturation signs
  • Check competitive pricing pressure
  • Review regulatory cost risks

12. Technical Debt: What Needs Fixing?

Architecture Issues

• Any structural problems?
  • Identify architectural bottlenecks
  • Check scalability limits
  • Look for monolithic components needing work
  • Review infrastructure modernization needs
  • Check microservices transition requirements

Code Issues

• How messy is the code?
  • Find poor code quality areas
  • Check test coverage gaps
  • Look for missing documentation
  • Check for outdated technology
  • Review refactoring needs

Process Problems

• Is their workflow efficient?
  • Check build pipeline limitations
  • Review manual testing requirements
  • Look for deployment bottlenecks
  • Check for manual operational processes
  • Review monitoring gaps

Real-World Examples

Financial Warning Signs

Like when Twitter (now X) was acquired and buyers discovered their advertising revenue was much more volatile than reported. Surprise!

Tech Stack Horror Story

Remember when a major bank acquired a fintech startup only to discover their entire system was built on an outdated framework with zero documentation? The CTO’s explanation: “We were moving too fast to write things down.” Six months later, they had to rebuild from scratch.

IP Nightmare

One acquiring company found out post-deal that the startup’s “proprietary AI algorithm” was actually copied from an open-source project with a GPL license, forcing them to open-source their own code or face lawsuits.

Security Facepalm

A healthcare startup being acquired claimed HIPAA compliance on their pitch deck. During due diligence, the buyer discovered patient data was stored in plain text on developers’ laptops. Oops!

The “Bus Factor” Disaster

A startup with an amazing product was acquired for $50M, only for the acquirer to discover all the code was written by one developer who quit immediately after the deal closed. The code was brilliant but completely undocumented—like trying to read hieroglyphics without a Rosetta Stone.

Conclusion

Buying a startup without proper due diligence is like marrying someone after the first date – exciting but potentially disastrous. This checklist helps you look beyond the flashy demo and impressive pitch deck to see what you’re really getting.

Remember, due diligence isn’t just about finding problems – it’s about understanding what you’re buying, discovering hidden gems, and planning how to make 1+1=3 after the deal closes.

The best acquisitions happen when both sides fully understand what they’re getting into. Use this checklist to make sure you’re one of the success stories, not a cautionary tale at the next tech conference!

Cheers,

Sim