Due diligence checklist for startup fundraising rounds

by

Investors rarely say “no” because of one missing file. More often, they hesitate because the picture stays blurry: inconsistent metrics, unclear IP ownership, or contracts that raise new questions faster than you can answer them.

This due diligence checklist is designed for startup fundraising rounds in the United Kingdom, the United States, and Canada. You’ll get a structured list of documents, a suggested order of preparation, and tips for avoiding common diligence traps that slow down a term sheet or force painful last-minute cleanups.

Due diligence checklist: what investors are trying to verify

Fundraising diligence aims to confirm three things: (1) the company is legally sound, (2) the product and IP are protectable, and (3) the numbers match the story. Cyber and privacy posture also matter more than many founders expect. The Verizon Data Breach Investigations Report continues to emphasize the “human element” as a major driver of incidents, which is one reason investors ask about access controls and security practices early.

Preparation order (so you don’t waste time)

  1. Corporate and cap table hygiene: fix the foundation before sharing anything else.
  2. Financial reporting: align metrics definitions, then provide supporting detail.
  3. Commercial proof: customer contracts, pipeline, churn, and renewals.
  4. IP and product: ownership, licensing, security posture, roadmap.
  5. People and operations: employment docs, incentives, key policies.

Fundraising due diligence checklist (by folder)

1) Corporate, governance, and ownership

  • Certificate of incorporation and amendments
  • Shareholder agreements (if applicable)
  • Board consents, minutes, and key resolutions
  • Current cap table, option pool, warrants, SAFEs/convertibles
  • Material subsidiary structure and intercompany agreements

2) Finance and tax

  • P&L, balance sheet, cash flow (monthly/quarterly)
  • Bank statements and debt schedules
  • Revenue recognition policy (even if simple)
  • Tax filings and correspondence (where applicable)
  • Budget vs actuals, forecast model, assumptions notes

3) Commercial: customers, revenue, and pipeline

  • Top customer contracts, MSAs, SOWs, and amendments
  • Pricing, discount policy, and approvals
  • Churn/retention analysis and cohort tables
  • Pipeline report and sales process definition (CRM export if available)
  • Customer support SLAs and escalation policies

4) Product, technology, and IP

  • Architecture overview and dependency map
  • Open-source policy and key third-party libraries
  • IP assignments from founders, employees, and contractors
  • Patents/trademarks (if any) and filing status
  • Security policies, incident response plan, and access management summary

5) Legal, compliance, and risk

  • Standard customer and vendor templates
  • Material disputes, claims, or demand letters
  • Privacy policy and data processing terms (where relevant)
  • Insurance policies (cyber, D&O, professional liability)
  • Regulatory licences or registrations (if applicable)

6) Team and HR

  • Employee and contractor agreements
  • Compensation plan, bonus schemes, commission plans
  • Equity incentive plan documents and grant letters
  • Key-person dependencies and hiring plan

How to present the information (to reduce follow-up questions)

Investors move faster when your room is consistent. Use these packaging rules:

  • One source of truth for KPIs, with a definitions page (ARR, NRR, CAC, LTV).
  • Document naming conventions (YYYY-MM-DD + topic + version).
  • Redaction where appropriate, but never hide material terms.
  • A running Q&A log that captures answers and references documents.

Tooling: VDR or not?

Early rounds sometimes use Google Drive or Dropbox. Once multiple firms are involved, a VDR often saves time through permissions, audit logs, and structured Q&A. If you’re deciding, start with what a VDR is and map it to your risk and timeline.

FAQ

How much should we share before a term sheet?

Share enough to support conviction without overexposing sensitive details. Common practice is staged access: high-level metrics first, deeper contracts and security materials after serious intent.

What’s the single biggest diligence red flag?

Unclear ownership and assignments for IP, especially when contractors were involved and paperwork is missing.

Bottom line: a strong due diligence checklist is not about volume. It is about coherence, traceability, and reducing uncertainty when the investor is deciding whether to commit.